LGPD: Brazil’s General Data Protection Law

The Lei Geral de Proteção de Dados (LGPD) is Brazil’s overarching data protection regulation. Heavily inspired by the European GDPR, the LGPD establishes a strict framework for the processing of personal data of individuals located in Brazil.

Under the LGPD, consent must be free, informed, and unambiguous. This means pre-ticked boxes are unacceptable, and websites must utilize a robust User Consent Management Platform (CMP) to block cookies until explicit permission is granted by the user.

Because of its similarities to the GDPR, achieving LGPD compliance requires strict control over third-party scripts. Utilizing privacy-preserving APIs like Google Consent Mode V2 ensures that you can still gather baseline analytics for Brazilian users who decline tracking, without violating their newly enshrined privacy rights.