The National Data Protection Authority (“ANPD”) has just released its Guide on Cookies and Personal Data Protection. The regulation is relevant topic as it addresses a technology widely used for collecting and processing data in digital environments.
Among the information that can be processed by these files that are able to collect data – the so-called Cookies, there is personal data, which is where the ANPD’s concern with the subject comes in. This type of file can be used for various purposes, such as remembering choices previously made by that user (i.e., password or login), measuring the audience of a particular site, and other activities. To create this “memory,” cookies may need to store personal data – identifying individuals directly or crossing data, which allows indirect identification, which is precisely what causes the General Data Protection Law (“LGPD”) to apply.
The ANPD deals with the concept of cookies in its Guide, by presenting a classification of different types (i.e., first-party cookies, third-party cookies, necessary cookies, analytical cookies, functionality cookies). Additionally, it addresses the principles applicable to the processing carried out through them, more specifically – the principles of purpose, necessity and adequation, and of free access and transparency, as well as detailing the rights of the holder applicable when using them and how to guarantee them.
Moreover, the guide includes a topic that specifically addresses the legal hypotheses that would be potentially applicable when using cookies, which are those of consent and legitimate interest and detail the particularities of each of these hypotheses within this context.
The guide characterizes cookie banners as a realization of principles and rights provided for in the LGPD, since they can be a way of enforcing the rights and principles of law. Thereby, it determines a series of good practices relating to these banners, as well as lists of practices that are not recommended.
The Authority reinforces that the Guide will be open for comments and contributions from the civil society, which can be sent to the ANPD Ombudsman through the Plataforma Fala.BR. The complete Guide can be accessed through this link.