Brazilian Data Protection Authority Issues Guidelines on Cookies | Scenes & Events | Whuff News


The Brazilian Data Protection Authority (ANPD) recently issued guidelines that do not record cookies. Administrators are advised to implement the instructions in the following cases:

  • Cookie Notice
    • A special cookie notice is recommended, informing each user about the categories of cookies, their purposes, third parties involved, retention periods, data rights and other requirements under the LGPD. However, it is not prohibited to include a cookie issue in a public privacy notice.
    • The cookie notice should have a specific topic about how each user can block, disable or delete cookies through their own website.
    • If there is a cookie statement, a Portuguese translation is required.
  • Cookie Flag
    • First and second level cookie flags must be enabled.
    • First level flags (flags facing users on landing pages) should be:
      • Give users the ability to completely reject or allow non-essential cookies. The accept button should not be more prominent than the reject option.
      • Include a link in the secondary cookie banner.
      • Make a brief statement about the use of cookies by the administrator.
    • The secondary flag (opening to the primary flag) shall be:
      • Give users the ability to approve or reject individual categories/purposes of non-essential cookies (granularity).
      • Provide brief information about the purposes/categories of cookies that are allowed. General information should be indicated in the cookie display (not long cookie flags).
      • Non-essential cookies should be rejected by the designer.
      • There is a link to the cookie notice (or a privacy notice that includes a cookie-specific topic).
    • Banners should continue to be displayed to users, even after they have consented to such collection because administrators must allow such data subjects. to withdraw their consent at any time (consent can be withdrawn as easily as it was given).
    • If there is a cookie flag, a Portuguese translation is required.
  • Legal Foundation
    • According to the ANPD:
      • Legitimate interests are the appropriate legal basis for essential cookies.
        • However, essential cookies are often required for the execution of contracts and data matters. Therefore, legitimate interest may not be the most appropriate legal basis for this purpose.
      • Consent is the legal basis to rely on for the purpose of collecting personal information from non-essential cookies. Under the LGPD, consent must be freely given, informed and clear.
        • However, as with the right, the ANPD’s choice of consent as a legal basis for non-solicited cookies may not be compatible with the four subject to LGPD interest rate changes. Regulators should bear in mind any potential biases from selecting consent as the appropriate legal basis, particularly for sales and advertising campaign.
      • In light of the above, a thorough and documented legal background check is highly recommended.
  • Respond
    • Once the administrators decide to rely on the permission, the permission of the cookie flags must be confirmed. In addition, any cookies must be disabled upon withdrawal of consent.
    • If the authority relies on legitimate interest, the legal interest analysis is recommended by the ANPD.
    • If fair interest is used for marketing and advertising, because information and major operations may be affected (ie, any operational activity may arise from a high risk to the rights and freedoms of individuals), a data protection effect. review is also recommended.



Source link