On the 13th, the ANPD (National Data Protection Authority) issued a request for adjustments to the cookie collection on the Gov.br Portal, as two points of concern were found due to non-compliance with the General Data Protection Law.

The first nonconformity found by ANPD It was in the first-level banner, which, in addition to having little information, offers users the only option of "I accept," a practice that goes against the LGPD, which stipulates that the data subject's consent must be freely given, informed, and unambiguous.

The second nonconformity was in relation to Cookies Policy from the second-level banner.

The information found was considered too generic and insufficient, hindering user comprehension, since the purposes are presented in a scattered manner, making it difficult to identify all of them.

Furthermore, the only visible purposes relate to first-party cookies Necessary issues include security, network management, and accessibility, as well as incorrect classification, with analytical cookies being presented as third-party cookies.

ANPD informs of the necessary adjustments.

In its request, the ANPD, in addition to pointing out the points of non-compliance, determined the adjustments that must be made, as stated in the document:

"Given this, the ANPD recommends that, in order to adapt the "Gov.br" portal to the LGPD (Brazilian General Data Protection Law), the indicated best practices be observed, and that at least the following measures be adopted:"

• a) In the first-level banner:
• Provide an easily visible button that allows users to reject all non-essential cookies;
• Disable consent-based cookies by default (opt-in);
• b) In the second-level banner (Cookie Policy):
• Identify the legal bases used, according to each cookie purpose/category, using consent as the main legal basis, except for strictly necessary cookies, which may be based on legitimate interest;
• Classify cookies into categories in the second-level banner;
•      iii. To allow obtaining specific consent according to the identified categories;
• Provide an easily visible button that allows users to reject all unnecessary cookies.

 It is important to emphasize that the ANPD (National Data Protection Authority) makes its official website available through the Gov.br Portal, and it is extremely urgent that adjustments be made, as the regulatory body, as an example to be followed, needs to be in perfect compliance with the LGPD (Brazilian General Data Protection Law), whose responsibility for interpreting and enforcing the guidelines belongs specifically to the ANPD.

What are the cookies that the ANPD (Brazilian National Data Protection Authority) referred to?

The cookies in question can make the user identifiable, as they allow access to personal data, making it unacceptable for their collection to be done in a way that does not make the user feel informed about whether or not to give their consent.

There are some cookies that store only anonymous information, without the possibility of identifying the user, and therefore are not under the responsibility of the ANPD (National Data Protection Authority), but rather under the responsibility of Law No. 12.965/2014, known as... Brazilian Internet Bill of Rights.

The ANPD (Brazilian National Data Protection Authority) has announced that it is producing a guide on the subject, which will cover topics such as: types of cookie categories and purposes; the legal basis of the LGPD (Brazilian General Data Protection Law); and best practices for cookie collection.

There is no estimated date yet for when the material will be available.