Key Differences between LGPD and GDPR and the Impact on Internet Cookies

Key Differences between LGPD and GDPR and the Impact on Internet Cookies

7 months ago
João Bruno Soares
11 minutes

Protecting personal data has become a fundamental issue in the digital age, leading to the implementation of regulations worldwide to ensure individuals' privacy and security. Two of the most well-known and comprehensive regulations in this regard are the General Data Protection Law (LGPD) of Brazil and the General Data Protection Regulation (GDPR) of the European Union. After all, they cover vast populations in their territories, consequently resonating beyond their borders.

However, while both aim to protect individuals' rights regarding the processing of their personal data, there are some important differences between them.

The Difference in Geographical Application

The first significant difference between LGPD and GDPR lies in their geographical application. GDPR applies to all European Union (EU) member countries and also to companies outside the EU that process data of EU individuals.

On the other hand, LGPD applies to all organizations processing personal data in Brazil, regardless of their geographical location. This means that both Brazilian and foreign companies dealing with personal data of Brazilian individuals must comply with LGPD provisions. Hence the importance of transparency in international data transfers.

The Difference in Fines and Sanctions

Another significant difference is the amount of non-compliance fines. Under GDPR, fines can reach up to 20 million euros or 4% of the company's global turnover, with the higher value prevailing. Meanwhile, LGPD establishes fines that can go up to 2% of the company's revenue in Brazil, capped at 50 million Brazilian reais per infringement.

It's important to note that these values represent maximum penalties, and the severity of the infringement and the organization's financial capacity are considered when determining the fine. Another point is that the fine is per infringement, meaning that 1 citizen who has their data compromised equals 1 infringement. How many infringements would be calculated for a database with thousands, millions of data?

The Difference in Categories of Considered Sensitive Data

The definition of sensitive data also differs between the two regulations. While GDPR includes specific categories of data such as race, ethnic origin, political opinions, religious beliefs, health, sexual orientation, among others, LGPD goes further and also includes biometric and genetic information as sensitive data.

This broadening of the definition of sensitive data in LGPD reflects the concern to protect even more sensitive personal information and ensure that it is processed with due care.

The Difference in Consent Collection and Processing

Consent for data processing is another aspect that differs between GDPR and LGPD. Under GDPR, consent must be explicit, specific, and freely given by the individual. In contrast, LGPD requires unequivocal consent, provided through a statement or other affirmative action by the data subject.

Both regulations emphasize the importance of informed and free consent, ensuring that individuals have control over how their personal data is used.

However, you might wonder: Wouldn't it be the same thing but worded differently?

Nevertheless, despite both regulations emphasizing the importance of consent, there are subtle differences in how they approach this aspect.

According to GDPR, consent must be explicit, meaning it must be given through a clear and specific affirmative action by the individual. This implies that consent cannot be presumed or obtained through omission or pre-selection. Furthermore, consent must be specific, clearly indicating the purpose for which the data will be processed. It must also be freely given, meaning the individual must have the freedom to choose to consent or not, without suffering pressure or coercion.

On the other hand, LGPD requires unequivocal consent, which means that consent must be clear and indisputable. It must be provided through a statement or other affirmative action by the data subject, indicating their agreement to process the data for a specific purpose. LGPD does not use the term "explicit" like GDPR but requires consent to be unequivocal, meaning it leaves no doubts or ambiguities.

Although the nomenclature and words used to describe consent may vary between the two regulations, the differences go beyond that. GDPR sets specific requirements for explicit consent, while LGPD emphasizes the need for unequivocal consent.

These differences reflect the distinct approaches taken by each regulation, although both aim to protect individuals' rights and privacy regarding the processing of their personal data.

In conclusion, LGPD - recently published its guidance on the use of cookies. In this regard, they draw heavily from GDPR's defaults regarding specific requirements for explicit consent in consent collection.

The Difference in the Naming of the Data Protection Officer (DPO)

Another relevant point is the appointment of a Data Protection Officer (DPO). Under GDPR, some organizations are required to appoint a DPO to oversee compliance with the regulation and act as a point of contact for data protection-related issues. This obligation applies to organizations that carry out systematic monitoring on a large scale of personal data or process special categories of data, such as health-related or ethnic origin-related data.

In contrast, LGPD, while not requiring the appointment of a Data Protection Officer, recommends that companies designate a professional responsible for dealing with privacy and data protection issues. Ultimately, the company's managing partner would already be responsible for this aspect.

The Difference in the Use of Internet Cookies

Regarding the impact of internet cookies, both GDPR and LGPD address the issue similarly. Cookies are small text files stored on users' devices when they visit a website. They play a crucial role in personalizing the online experience but can also collect personal information. Both regulations require websites to obtain user consent before storing or accessing cookies that collect personal data.

GDPR establishes that consent must be obtained through a clear affirmative action, such as checking a checkbox or clicking a button. Additionally, users must be informed about which cookies will be stored, for what purpose, and for how long. They also have the right to withdraw their consent at any time.

Similarly, LGPD follows a similar approach, requiring websites to obtain prior and unequivocal consent from users before using cookies that collect personal data. Users must be informed about the purpose of the cookies, as well as the option to refuse or revoke consent. Moreover, LGPD also provides users with the right to access, correct, and delete their personal data collected through cookies.

Therefore, both GDPR and LGPD aim to ensure that users have control over their personal data, including those collected through cookies. Companies operating in both the European Union and Brazil must be aware of the provisions of these regulations and take appropriate measures to ensure compliance.

Transparency, Security, and Control: The Synergy Between the Regulations

In summary, GDPR and LGPD are comprehensive data protection regulations aimed at protecting individuals' rights and privacy. Although there are differences in their geographical applications, fines for non-compliance, definitions of sensitive data, and consent requirements, both share the goal of promoting transparency, control, and security in data processing.

Furthermore, both regulations recognize the importance of consent for the use of cookies and require websites to obtain user consent before collecting their data through these technologies. Therefore, companies operating in compliance with GDPR and LGPD must closely observe the guidelines related to internet cookies, ensuring they obtain appropriate consent and provide clear information about the collection, storage, and use of these cookies.

Learn more about the 10 risky processes in you marketing you should revise.

Privacy and the Use of Cookies

The impact of internet cookies is significant for companies that must comply with both GDPR and LGPD. Cookies are widely used to track user behavior, personalize ads, and enhance the browsing experience. However, they also raise concerns regarding privacy and the protection of personal data.

For companies operating in compliance with both regulations, it is crucial to ensure that cookies are set up and used in accordance with consent and transparency requirements established by the regulations. This entails obtaining explicit consent from users before activating cookies and providing clear information about the types of cookies used, their purpose, and storage duration. Additionally, companies should allow users to opt out of accepting cookies or easily manage their cookie preferences.

Non-compliance with provisions related to cookies can result in substantial fines, as well as loss of user trust and damage to the company's reputation. Therefore, it is essential for companies to be vigilant about the obligations imposed by both GDPR and LGPD regarding internet cookies.

To ensure compliance with GDPR and LGPD regarding cookies, companies should take the following measures:

  1. Transparency: Companies must provide clear and accessible information about the use of cookies on their websites. This includes explaining what types of cookies are used, for what purpose, and how long data is stored.

  2. Proper Consent: User consent must be obtained before activating cookies that collect personal data. Consent must be obtained clearly, specifically, and unequivocally. Users should have the option to consent or refuse the use of cookies and manage their cookie preferences.

  3. Preference Management: Companies should offer users clear options to manage their cookie preferences. This may include the ability to accept or reject specific categories of cookies or revoke previously given consent.

  4. Data Security: Companies should implement adequate security measures to protect personal data collected through cookies. This includes safeguarding this information against unauthorized access, misuse, or disclosure.

  5. User Rights: Companies must respect users' rights regarding their personal data, as established in GDPR and LGPD. This includes the right to access, correct, update, or delete data collected through cookies.

By adopting these measures, companies can ensure they are acting in compliance with data protection regulations and demonstrating their commitment to user privacy and security.

Need assistance in implementing a cookie policy and consent collection on your company's websites? We at AdOpt can help!



Related posts

Adopt post

How to delete cookies and cache in Chrome and other browsers?

Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?

Adopt post

Fines in LGPD - What are they, amounts, and compliance deadlines

In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).

Adopt post

GDPR, LGPD, and CCPA: What Are These Laws, Similarities, and Differences

LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.

Adopt post

How to Choose a CMP (Consent Management Platform)?

Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...

Adopt post

LGPD: An Opportunity for Digital Marketing Agencies!

Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.

Adopt post

5 Signs Your Website Needs an Cookie Consent Strategy

How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.

Adopt post

GDPR and Cookies all you need to know

Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.

Adopt post

GDPR Legal Basis: An Introduction

In this article, we'll explore the GDPR foundations and provide practical insights from the basics to more advanced concepts of its legal basis.

Adopt post

Understand the legal bases of the LGPD

At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.

Adopt post

Understand the meaning of the LGPD for your company

Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?

Adopt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Adopt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

Adopt post

10 Marketing Processes You Should Rethink under the LGPD!

In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.

Adopt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

Adopt post

Best practices in tag categorization

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love