IDC Names Securiti a Worldwide Leader in Data Privacy


LGPD & Cookies: What Do You Need To Know?

Published November 10, 2023

Listen to the content

When a person logs on to a website, the server assigns them a distinctive, user-specific identity. This identity is stored on the mobile or computer on which the browser is running. In case the user enters the website again, the browser sends cookie information to the server, allowing the website to remember the user.

In other words, cookies function as a kind of memory of the internet running through protocols that provide data flow. As sneaky as they can be, they were not created with malicious intent in mind. In 1994, Netscape Communications was developing an e-commerce application, and computer programmer Lou Montulli coined an idea which would hold great value to the e-commerce sector.

By remembering the information in the user's shopping cart, organizations can benefit from better user experience, and this is where cookies were used for the first time. With cookie consent becoming front and center, it is important for company websites that drop cookies or use other online tracking technologies to comply with various consent requirements.

Many websites use tracking tools such as cookies, pixels, and tags for advertising, data collection, and marketing campaigns. To comply with LGPD regulations, it is your responsibility to inform users and obtain their consent for the use of each of these technologies.

In order to stay compliant, organizations need to have a cookie banner in place to obtain explicit, freely given consent to obtain these cookies. Failure to do so can lead to non-compliance amongst various data privacy laws.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


In this article we will specifically address cookie consent under the LGPD and what organizations need to be careful about.

Tracking technologies such as cookies, pixels, and tags are commonly used by websites for marketing campaigns and data collection. To comply with LGPD cookie regulations, website owners must take responsibility for informing users and obtaining their consent for the use of these technologies.

The new data protection law of Brazil known as the LGPD (Lei Geral de Proteção de Dados Pessoais) will provide a comprehensive and overall regulatory framework which offers individuals with a set of rights which can be exercised. This is a huge upgrade from previous sectoral federal laws that offered partial protection. The LGPD is greatly influenced by the EU’s GDPR.

The LGPD contains sixty-five articles and was passed in August, 2018, sanctioned by President Bolsonaro in July 2019. The enforcement date for the LGPD is set to be August 15, 2020.

Under the LGPD, there are certain requirements with regards to cookie consent. LGPD requires organizations to take freely given consent before collecting consumer data. This can be done by implementing a cookie banner on your website. Under the LGPD, organizations need to make sure that the cookie banner should support the following:

  • Consent should be affirmative, specific and unambiguous
  • Details of the recipients and the data controller must be stated
  • Purpose of processing and notification of profiling must be clear
  • Ability to withdraw consent must be provided
  • Link to complain, correct and transfer data must be available
  • Ability to decline consent must be just as easy as granting consent

It is vital that data controllers provide consumers with the right to withdraw their consent. This option should be available in plain language and made clearly visible. In case a consumer wants to withdraw their consent, the data controller must provide the consumer with a free of charge procedure and facilitated procedure to revoke consent. if this is done, the controller cannot process data for which consent was previously given..

A compliant LGPD Cookie Banner requires:

  1. Consent must be specific, affirmative and unambiguous
  2. Identification of the data controller and recipient
  3. Documentation of purpose as well as notification of profiling
  4. Duration length
  5. Clear withdraw consent
  6. A link to complain, correct, and transfer data
  7. An option to decline

What is the correct way to use cookies in the LGPD?

Under article 5 of the LGPD defines consent as "free, informed and unambiguous manifestation whereby the data subject agrees to her/his processing of personal data for a given purpose.” This clearly states that LGPD requires opt-in consent, much like the GDPR. Before the consumers data is collected, the consumer must consciously give consent to the organization for storing cookies.

Although cookies have not been specifically addressed by the LGPD, it is possible to assume that the use of cookies is not prohibited and can be done if the following articles are respected:

  1. Article 3(III)
  2. Article 7(VI), (VIII), and (IX) of the Internet Law
  3. Principles of Processing
  4. One of the nine legal bases for processing

The LGPD has brought legal certainty with regards to a consumer's personal data, and the ANPD is responsible for providing the guidelines towards compliance as well as enforcing the laws under the LGPD. This includes defining and clarifying what constitutes as a controversial use of internet cookies.


A cookie banner is merely a script that you can embed into your website and it shows up as a banner when a user visits your website. Securiti is offering organizations a free cookie banner script that they can integrate into their website in mere seconds. This cookie banner has benefits such as:

  • Global Web Footprint: Highly optimized front-end for low-latency page performance for global traffic.
  • Configurable Cookie Banner: Customize and style the look & feel to align with your brand.
  • Global-Regulation Support: Reverse IP detection to present the appropriate compliance type for global compliance.
  • Maximize Optin Rate: Capture granular consent by processing purpose.

With data collection exponentially increasing online, automation is necessary, now more than ever, for any organization that is hoping to comply with privacy regulations in a scalable way.

Securiti has created a free service that will enable organizations to simplify their cookie consent process and take a step in the right direction towards complying with privacy regulations all over the world.

Frequently Asked Questions (FAQs)

Yes, the Lei Geral de Proteção de Dados Pessoais (LGPD), Brazil's data protection law, requires organizations to obtain freely given consent before collecting consumer data. This can be done by implementing a cookie banner on your website. Websites and online services that operate in Brazil and process personal data through cookies should obtain user consent in compliance with LGPD.

LGPD stands for "Lei Geral de Proteção de Dados," which translates to the "General Data Protection Law" in English. It is Brazil's comprehensive data protection legislation.

No, LGPD (Brazil's General Data Protection Law) is not the same as GDPR (General Data Protection Regulation), which is the European Union's data protection regulation. While both laws share some similarities in terms of protecting individuals' privacy and data rights, they have distinct requirements and scopes.

The use of cookies in compliance with LGPD is primarily to enhance user experience and collect data for legitimate purposes, such as website analytics and personalization. However, under LGPD, obtaining user consent for using cookies is essential, and users have the right to opt-out or withdraw their consent at any time.

Anas Baig

Authored by Anas Baig

Anas Baig is a Product Marketing Manager with a proven track record in the cybersecurity industry. He has been a prominent contributor to numerous esteemed publications, including Infosecurity Magazine, CSO Online, Tripwire, Security Affairs, Network Computing, Security Boulevard, and several other renowned cybersecurity blogs.His in-depth knowledge and extensive experience in the industry make him a trusted source for cutting-edge insights and information in the ever-evolving world of cybersecurity.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend