Artifact GuideBrazilCookies

Brazil LGPD Cookies

Cookies decisions under the Brazil LGPD should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed.

Use this section to define scope, owner, evidence inputs, and the review outcome before execution.

Back to main artifact Review sources

Author

Sorena AI

Published

May 9, 2026

Updated

May 9, 2026

Questions

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published May 9, 2026

Updated May 9, 2026

Overview

This page defines LGPD obligations Cookies to the specific trigger, responsible role, deadline, evidence record, and review path that product, legal, privacy, security, and compliance teams can apply.

Search this module

Find a question or answer quickly

3 of 3 questions

Question 1

What should teams do about Cookies under the Brazil LGPD?

Teams should treat Cookies under the Brazil LGPD as a source-linked operating decision: confirm whether the issue affects controller/operator roles, lawful basis, data-subject rights, children data, international transfers, security incidents, DPO/encarregado duties, or ANPD enforcement exposure, assign the team that can change the process, and keep evidence showing the action and review trigger.

The safest first step is to identify the controller/operator role, purpose, lawful basis, data category, data-subject right, transfer, or incident trigger before assigning the LGPD action.

Write the Cookies decision in one sentence before drafting controls.
Attach the external source URL and a short source quote to the evidence record.
Route unclear cases to legal, privacy, security, or compliance review before launch.

Citations

ANPD Guia Orientativo - Cookies e Proteção de Dados Pessoais

ANPD cookie guidance explains when cookies can collect personal data and how transparency, purpose limitation, consent, legitimate interest, and rights controls should be reflected in cookie banners and policies.

ANPD - Cookies e Proteção de Dados Pessoais

ANPD's announcement confirms the cookie guide is meant to support LGPD alignment for processing agents and transparent digital practices.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

The current LGPD text supplies the principles, transparency duties, data-subject rights, and lawful-basis framework that ANPD applies to cookie and tracking technologies.

Question 2

What evidence should teams keep for Cookies under the Brazil LGPD?

Useful evidence is not just a privacy notice. Keep the source, role map, lawful-basis note, rights log, transfer analysis, incident assessment, DPO review, and approval trail together.

Source URL and quote used for the decision.
Scope notes, screenshots, data-flow or system references, and role mapping.
Implementation ticket, approval record, exception notes, and review date.

Citations

ANPD Guia Orientativo - Cookies e Proteção de Dados Pessoais

Evidence support for cookie records because the ANPD guide identifies cookie categories, transparency information, consent controls, legitimate-interest considerations, and policy/banner practices.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Evidence support for cookie records because LGPD Article 9 requires clear, adequate, and easily accessible information about personal-data processing.

ANPD - Cookies e Proteção de Dados Pessoais

Evidence support for the FAQ answer because ANPD frames the cookie guide around transparent practices and greater user understanding and control.

Question 3

Which mistakes create risk when handling Cookies under the Brazil LGPD?

The common failure pattern is using a GDPR-style answer without checking LGPD roles, lawful bases, ANPD guidance, transfer rules, incident thresholds, and Brazilian enforcement context.

Using an old threshold, deadline, source page, or contract template without checking current source text.
Treating a source-linked exception as a general exemption for every product or data flow.
Publishing notices, controls, or answers that do not match the actual product behavior.

Citations

ANPD Guia Orientativo - Cookies e Proteção de Dados Pessoais

Risk and boundary support for the FAQ answer because the ANPD guide warns that cookie use is only legitimate when it respects LGPD principles, rights, and the data-protection regime.

ANPD - Cookies e Proteção de Dados Pessoais

Risk and boundary support for the FAQ answer because ANPD connects cookie compliance to transparency and user control in digital environments.

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

Risk and boundary support for the FAQ answer because LGPD Article 6 requires purpose, adequacy, necessity, and transparency limits for personal-data processing.

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

Risk and boundary support for the FAQ answer because LGPD cookie failures can become enforcement issues under ANPD's sanctions and dosimetry regulation.

Recommended next step

Turn Brazil LGPD Cookies into assigned work

This artifact page provides practical inputs, owner roles, required outputs, and evidence checkpoints for cookies.

Assessment workflow

Open Assessment Autopilot for Brazil LGPD

Turn Cookies into scoped questions, evidence fields, and review tasks.

Explore next step

Research workflow

Review Brazil LGPD source evidence

Use Research Copilot to answer follow-up questions with cited source material.

Explore next step

Talk to Sorena

Talk through implementation

Review scope, evidence, owners, and the next compliance actions with operational practice.

Explore next step

Primary sources

References and citations

ANPD - Cookies e Proteção de Dados Pessoais

gov.br

Referenced sections

Risk and boundary support for the FAQ answer because ANPD connects cookie compliance to transparency and user control in digital environments.

"promover a cultura da proteção de dados pessoais no ambiente digital"

ANPD Guia Orientativo - Cookies e Proteção de Dados Pessoais

gov.br

Referenced sections

Risk and boundary support for the FAQ answer because the ANPD guide warns that cookie use is only legitimate when it respects LGPD principles, rights, and the data-protection regime.

"somente será legítimo se respeitados os princípios, os direitos dos titulares"

LEI Nº 13.709, DE 14 DE AGOSTO DE 2018

planalto.gov.br

Referenced sections

Risk and boundary support for the FAQ answer because LGPD Article 6 requires purpose, adequacy, necessity, and transparency limits for personal-data processing.

"finalidades legítimas, específicas, explícitas e informadas ao titular"

RESOLUÇÃO CD/ANPD Nº 4, DE 24 DE FEVEREIRO DE 2023

in.gov.br

Referenced sections

Risk and boundary support for the FAQ answer because LGPD cookie failures can become enforcement issues under ANPD's sanctions and dosimetry regulation.