LGPD Cookie Compliance
for International Websites
Your website serves Brazilian users. Brazil's LGPD applies to you — regardless of where your company is based. CookieFácil handles cookie consent, script blocking, and compliance records so you stay compliant.
Does LGPD apply to your company?
Yes — LGPD has extraterritorial reach. Brazil's Lei Geral de Proteção de Dados (LGPD) applies to any organization that processes personal data from Brazilian residents, regardless of where the organization is headquartered. If your website has Brazilian visitors and collects any personal data — including via cookies, analytics, or advertising scripts — LGPD applies to you.
This mirrors the GDPR model: jurisdiction follows the data subject, not the company location. US companies, EU companies, and SaaS platforms serving Brazilian users all fall within LGPD's scope.
Source: LGPD Art. 3 — "This Law applies to any processing operation carried out by a natural or legal person of public or private law, regardless of the country where the data processing organization is headquartered."
One platform for LGPD, GDPR, and CCPA
CookieFácil was built for the Brazilian market first — then extended for the global companies that serve it.
Multinational compliance
LGPD applies to any company with Brazilian users. Our consent banner blocks analytics, advertising, and tracking scripts before consent — meeting LGPD's opt-in requirement and ANPD's official cookie guidance.
- Script blocking before consent
- Google Consent Mode v2 built in
- Tamper-proof consent logs
Developer-friendly integration
One script tag. Works on any stack — WordPress, Shopify, Nuvemshop, or custom. REST API for programmatic consent log access. Google Tag Manager template available.
- Single <script> tag installation
- GTM template — no code required
- REST API for consent records
LGPD, GDPR & CCPA together
Already GDPR-compliant? LGPD is similar but not identical — opt-in consent is required for all cookie categories, and Brazilian residents have distinct data subject rights under ANPD jurisdiction.
- LGPD vs GDPR: key differences
- CCPA opt-out vs LGPD opt-in
- One tool covers all three
LGPD vs GDPR vs CCPA — at a glance
The three major privacy laws share common principles but differ in scope, consent model, and enforcement. CookieFácil handles all three.
| Requirement | LGPD Brazil |
GDPR European Union |
CCPA/CPRA California, USA |
|---|---|---|---|
| Consent model | Opt-in | Opt-in | Opt-out |
| Cookie banner required | Yes (ANPD guidance) | Yes (ePrivacy) | Yes (CPPA) |
| Script blocking | Yes | Yes | No (opt-out model) |
| Consent withdrawal | 1-click | 1-click | 1-click |
| Max fine | R$ 50M or 2% revenue | €20M or 4% revenue | $7,500 per violation |
| Enforcement authority | ANPD | National DPAs | CPPA |
| CookieFácil support | Full | Full | Partial |
Start free. Upgrade when you need to.
CookieFácil's free plan covers sites with up to 5,000 monthly consent interactions. No credit card required. Paid plans start at R$ 29/month — billed in BRL.
Questions? Contact us in English at contato@cookiefacil.com.br — we respond in English.
Frequently asked questions
-
Does LGPD apply to companies outside Brazil?
Yes. LGPD Art. 3 has explicit extraterritorial reach — it applies to any organization that processes personal data collected from Brazilian residents, regardless of where the company is headquartered. If you have Brazilian visitors and use analytics, advertising pixels, or any cookie that collects personal data, LGPD applies to you.
-
If we already comply with GDPR, are we LGPD-compliant?
Mostly, but not entirely. LGPD and GDPR share the same opt-in consent model and both require script blocking before consent. The key differences: LGPD is enforced by Brazil's ANPD (not EU DPAs), data subject rights have different response windows, and fines are calculated differently (up to 2% of Brazilian revenue, capped at R$ 50M per violation). A GDPR-compliant consent banner needs minor adjustments for full LGPD compliance.
-
What does LGPD require for cookie consent specifically?
Brazil's ANPD published official cookie guidance requiring: (1) a clear consent banner before any non-essential scripts fire, (2) equal prominence for Accept and Reject options — no dark patterns, (3) granular category controls (analytics, marketing, functional, necessary), (4) one-click consent withdrawal, and (5) a tamper-proof consent log with timestamp, action, and pseudonymized user identifier. CookieFácil implements all five requirements out of the box.
-
Does LGPD apply to B2B companies or only B2C?
Both. LGPD defines "personal data" broadly — any information that identifies or can identify a natural person. B2B companies that process contact details, IP addresses, or behavioral data of Brazilian employees, leads, or business contacts fall within LGPD's scope. The law does not distinguish between consumer and business data subjects.
-
How does CookieFácil handle Google Analytics and Meta Pixel under LGPD?
CookieFácil uses a MutationObserver to intercept and block script execution before consent is given. Google Analytics, Meta Pixel, and any other third-party script tagged as "analytics" or "marketing" are prevented from loading until the visitor actively accepts that category. After consent, the original scripts are re-injected with their proper type. Google Consent Mode v2 signals (ad_storage, analytics_storage, etc.) are sent automatically based on the visitor's choices.
-
What platforms does CookieFácil support?
CookieFácil works on any website via a single <script> tag. Native integrations are available for WordPress (plugin on WordPress.org), Shopify (App Store), and Nuvemshop. A Google Tag Manager template is available for no-code installation. The REST API allows programmatic access to consent records for custom stacks.