LGPD vs CCPA:
Opt-In vs Opt-Out

LGPD requires Brazilian visitors to opt in before any tracking scripts load. CCPA lets scripts run by default and gives California users an opt-out. If your site serves both, you need both — and an existing CCPA setup does not cover you for Brazil.

Cover both — start free See full comparison

What is the main difference between LGPD and CCPA?

The consent model is fundamentally different. LGPD (Brazil) requires opt-in consent — no tracking script may load until the visitor actively accepts. CCPA (California) uses an opt-out model — scripts run by default, and users can stop data selling via a "Do Not Sell My Personal Information" link.

This means: a website that is CCPA-compliant is not LGPD-compliant for Brazilian users. If your Google Analytics is firing before a Brazilian visitor sees your banner, you are already in violation of LGPD — regardless of your CCPA status.

LGPD vs GDPR — shield with Brazil map illustrating data protection compliance under Lei 13.709/2018 (LGPD) and the General Data Protection Regulation (GDPR), enforced by ANPD and EU DPAs

LGPD vs CCPA — side by side

Two fundamentally different approaches to privacy regulation.

Requirement LGPD
Brazil — ANPD		 CCPA/CPRA
California — CPPA
Consent model Opt-in required Opt-out
Scripts before consent Must be blocked Can run by default
Cookie banner required Yes (ANPD guidance) Yes (opt-out link)
Right to delete data Yes Yes
Right to access data Yes Yes
Max fine R$ 50M or 2% BR revenue $7,500 per violation
Enforcement authority ANPD (Brazil) CPPA (California)
CookieFácil support Full Partial

One installation. Both laws covered.

CookieFácil applies the strictest rule globally — opt-in required before any non-essential script fires. This satisfies LGPD for Brazilian visitors and exceeds what CCPA requires for California visitors.

LGPD — full coverage

Script blocking before consent, equal-weight buttons, tamper-proof consent logs, one-click withdrawal. Every ANPD requirement met out of the box.

  • MutationObserver script blocking
  • Google Consent Mode v2 built in
  • Consent logs with timestamp + banner version

CCPA — partial coverage

The opt-in model exceeds CCPA's opt-out requirement — California visitors get stronger protection than CCPA requires. Full "Do Not Sell" GPC signal handling is on the roadmap.

  • Opt-in exceeds CCPA opt-out requirement
  • Consent log satisfies CPPA documentation
  • GPC signal support: roadmap

One dashboard, all regions

Manage consent configuration, view logs, and export compliance reports for all jurisdictions from a single CookieFácil account. No per-region tools needed.

  • Single installation for all visitors
  • Unified consent log across regions
  • Free plan — up to 5,000 interactions/month
Create free account
Add GDPR coverage too

Choose the right plan for your business

Start free and scale as your consent volume grows. Billed in BRL — no credit card required to start.

Free

Start collecting consent records

  • 1 site · 1,000 visitors/month

  • Cookie consent banner — LGPD + GDPR ready

  • Basic consent reports

Start Free
Most Popular

Basic

For growing businesses

  • 2 sites · 5,000 visitors/month

  • CSV export of consent records

  • Remove CookieFácil branding

Get Started

Professional

For multiple sites and agencies

  • 5 sites · 50,000 visitors/month

  • CSV + PDF + advanced reports

  • Custom CSS and geo-targeting rules

Get Started
See all plans and features →

Frequently asked questions

  • What is the main difference between LGPD and CCPA?

    The fundamental difference is the consent model. LGPD (Brazil) requires opt-in consent — scripts must be blocked until the visitor actively accepts. CCPA (California) uses an opt-out model — scripts run by default and users can opt out. A CCPA-compliant site is not LGPD-compliant for Brazilian visitors.

  • Can one cookie banner handle both LGPD and CCPA?

    Yes. CookieFácil applies opt-in consent globally — blocking all non-essential scripts before consent for every visitor, regardless of location. This satisfies LGPD for Brazilian visitors and exceeds what CCPA requires for California visitors. One installation, both laws covered.

  • Does LGPD apply to California-based companies?

    Yes. LGPD has extraterritorial reach — it applies to any organization processing personal data from Brazilian residents, regardless of where the company is based. A California company with Brazilian website visitors must comply with both CCPA (for California residents) and LGPD (for Brazilian residents).

  • What are the penalties under LGPD vs CCPA?

    LGPD fines: up to 2% of Brazilian revenue, capped at R$ 50M per violation, enforced by ANPD. CCPA/CPRA fines: up to $7,500 per intentional violation, enforced by California's CPPA. LGPD fines are calculated per violation, while CCPA fines are per intentional violation.

  • Is CCPA stricter than LGPD?

    Neither is strictly "stricter" — they regulate differently. LGPD is stricter on consent (opt-in required for all non-essential cookies). CCPA gives consumers more explicit data sale rights. Compliance with LGPD's opt-in model satisfies CCPA's consent requirements and more.

  • How does CookieFácil support CCPA compliance?

    CookieFácil's opt-in model exceeds CCPA's opt-out requirement — scripts are blocked before consent for all visitors, which is stronger than what CCPA legally requires for California residents. Consent logs satisfy CPPA documentation requirements. Full "Do Not Sell" GPC signal handling is on the product roadmap.