Shopify privacy law · Brazil
Shopify cookie consent in Brazil
Brazil's LGPD is GDPR-aligned with a few local twists — a unique 'public-figure' clause and mandatory Portuguese-language privacy notices. ANPD enforcement ramped up significantly in 2024.
Governing law: Lei Geral de Proteção de Dados (LGPD)
Enforcement reality
The Autoridade Nacional de Proteção de Dados (ANPD) issued its first major fine (R$14,400) in 2023 and has scaled enforcement steadily since. Cookie-consent guidance was published in late 2023 — opt-in for non-essential cookies, with similar standards to GDPR but a more pragmatic 'effective consent' test. Maximum fine: 2% of Brazilian revenue, capped at R$50M per infraction.
What Shopify merchants must do in Brazil
- Privacy notice in Portuguese (Brazilian Portuguese specifically)
- Opt-in consent for non-essential cookies and marketing
- Designate a Data Protection Officer (DPO) — even small businesses
- DSAR-equivalent request handling within 15 days (shorter than GDPR's 30)
- Data breach notification to ANPD 'in a reasonable time' (~48 hours typical)
- International transfers require ANPD-approved mechanism (currently SCCs or adequacy)
How Consentico handles Brazil
Consentico's geo-targeting detects Brazil visitors at the edge and applies the right banner — opt-in posture for the local jurisdiction rules, with Google Consent Mode v2 signals and a per-decision audit log. The banner survives Shopify theme switches and uninstalls cleanly.
Related concepts
- Consent (GDPR)Freely given, specific, informed, and unambiguous indication of agreement. No pre-checked boxes, no implied consent from continued browsing.
- Lawful basisUnder GDPR, you must have one of six legal grounds to process personal data. For ecommerce: contract, legitimate interest, or consent.
- DSARData Subject Access Request — when an EU/UK resident asks you for a copy of, or deletion of, their personal data.
Compliant in Brazil — in five minutes.
Free for stores under 5,000 banner views per month. No code, no theme edits.