LGPD cookie consent for Brazilian websites
Brazil's LGPD requires explicit, informed consent before personal data is collected, including through cookies and tracking scripts. Consentify enforces consent at the script level so no tracker loads until the visitor agrees.
LGPD cookie consent for Brazilian websites
Brazil's LGPD requires explicit, informed consent before personal data is collected, including through cookies and tracking scripts. Consentify enforces consent at the script level so no tracker loads until the visitor agrees.
What is LGPD?
The Lei Geral de Proteção de Dados (LGPD) is Brazil's national data protection law, in force since September 2020 and enforced by the ANPD (Autoridade Nacional de Proteção de Dados). It closely mirrors EU GDPR in its structure and requirements. For websites, LGPD requires a lawful basis for processing personal data, and for non-essential cookies and tracking, that basis is consent. Consent must be freely given, informed, specific, and unambiguous. LGPD applies to any organisation that processes data from individuals located in Brazil, regardless of where the organisation is based.
How Consentify covers LGPD
Prior consent enforcement
Consentify injects no tracking or analytics scripts until the visitor actively consents. No cookies are set, no network calls made, until explicit opt-in. This satisfies LGPD's consent requirement.
Timestamped consent records
Every consent decision is stored with a timestamp, accepted categories, and a hashed IP. Records are available for regulatory requests from the ANPD.
Right to revoke
LGPD gives data subjects the right to revoke consent at any time. Consentify re-opens the consent banner on click, letting users update or withdraw their choices.
Right to deletion
Each consent record has a unique delete token. Users can request deletion of their consent record to exercise their LGPD right to erasure.
Frequently asked questions
Does LGPD apply to my website if I'm outside Brazil?
Yes, if you collect data from individuals located in Brazil (including through analytics, advertising pixels, or form submissions) LGPD applies regardless of where your organisation is based. This is similar to how EU GDPR works for non-EU companies serving EU residents.
Is LGPD the same as GDPR?
LGPD was heavily inspired by GDPR and shares the same principles: lawful basis, data subject rights, accountability, and privacy by design. The consent requirements for cookies are effectively equivalent. A banner that satisfies GDPR also satisfies LGPD for most use cases.
What are the penalties for non-compliance with LGPD?
The ANPD can impose fines of up to 2% of a company's Brazil revenue, capped at R$50 million per infraction. Enforcement has ramped up since 2023, with the ANPD publishing decisions and guidance on consent requirements.
Can I use Consentify for both LGPD and GDPR?
Yes. One Consentify banner satisfies both. The consent mechanism (prior, informed, unambiguous, withdrawable) is the same under LGPD and GDPR. You configure integrations once and the same banner serves visitors from Brazil, the EU, and anywhere else.
Add LGPD-compliant consent to your site
Free forever for one domain. No code required.