IDC Names Securiti a Worldwide Leader in Data PrivacyView
This article provides an overview of the Guidelines that will help companies to design and implement adequate cookie consent banners and ensure compliance with the consent requirements as per Brazil’s General Data Protection Law (the “LGPD”). It is important to note that where personal user data is collected without lawful grounds, the same shall constitute a violation of the users’ rights under the LGPD.
For your ease, we have divided the overview of the Guidelines into the following key sections:
Under the LGPD, consent is considered to be required for the use of non-essential cookies. Such consent must be freely given, informed and unambiguous. This requires organizations to ensure the following:
The ANPD encourages a layered information format for the cookie consent banner:
Both the ‘Accept All Cookies’ and ‘Reject All Cookies’ options must be equally prominent and accessible for the user. Consent-based cookies and non-essential cookies should be disabled by default.
Legitimate interests of the data controller can be considered an appropriate legal basis for the processing of data of non-sensitive nature, only if the rights and freedoms of data subjects do not prevail over the legitimate interests of the controller. The controller’s interests shall only be considered legitimate if they are in compliance with the applicable legal and regulatory requirements. When relying on legitimate interest as the basis of data processing, the controller should adopt appropriate technical and organizational measures to ensure secure processing and transparency for data subjects.
In any situation of relying upon legitimate interests as a legal basis for data processing, the data controller must ensure that the fundamental rights and freedoms of data subjects do not prevail over its legitimate interests. The controller should ensure that the data subject could anticipate such use of their data, at the time of collection thereof, based on the information provided by the controller. Also, the data subject has the right to object to the processing based on the legitimate interests of the data controller, in case of non-compliance with the requirements of the LGPD, and in such instances, the data controller must stop the data processing.
The collection of information through cookies can be considered as processing of personal data and therefore, is under the protection of the LGPD. Regardless of the types of cookies used, organizations must ensure that they adhere to key data protection principles, including the following:
Data subjects’ rights fulfillment: in the context of cookies, the data subject has the right to revoke consent at any time that is granted for the use of non-essential cookies. The data subject also has the right to access their personal information collected through cookies.
Our experts at Securiti continue to closely monitor any legal developments in order to help you prepare for compliance. Securiti’s Cookie Consent Management Solution helps you comply with Brazil’s cookie guidance by ensuring:
Ask for a DEMO to understand how we can help you comply with global data privacy laws.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
300 Santana Row
San Jose, CA 95128