Privacy
Stay informed about online privacy best practices, data protection strategies, and how to build trust with your website visitors. Explore topics like data minimisation, user rights management, transparent data collection practices, and the evolving landscape of digital privacy across Europe, the US, and beyond.
Data Subject Rights Under the LGPD: Access, Deletion, Portability and More
Brazil's LGPD grants individuals nine distinct rights over their personal data, from confirmation of processing to review of automated decisions. Controllers must respond immediately or within 15 days, depending on the request type - with no option to extend that deadline.
International Data Transfers Under the LGPD: Rules, Safeguards, and the New Adequacy Era
Brazil's LGPD restricts how personal data leaves the country, requiring either an ANPD adequacy decision, standard contractual clauses, or binding corporate rules. With the EU-Brazil mutual adequacy agreement finalised in January 2026, the transfer landscape is shifting fast - and website owners need to keep up.
LGPD Controller vs. Processor: Roles and Joint Liability
Brazil's LGPD divides personal data obligations between controllers and processors. Find out how the law assigns liability, demands specific record keeping, and dictates damage compensation.
LGPD Data Breach Notification: Rules and Timelines
Brazil's data protection law mandates specific actions when a security incident occurs. Controllers must report breaches that pose significant risks to data subjects and the national authority without delay.
Sensitive Personal Data Under the LGPD: What It Is and How Brazil Restricts Its Processing
Brazil's LGPD defines sensitive personal data as information about racial origin, health, biometrics, political opinion, religious belief, and sexual life. Article 11 restricts processing to a narrower set of legal bases than ordinary personal data, and the ANPD has already taken enforcement action against companies that got it wrong.
LGPD Explained: What Is Brazil's Data Protection Law and Who Does It Apply To?
Brazil's LGPD applies to any organisation that processes data of individuals in Brazil, regardless of where the company is based. Articles 1 through 4 define the law's territorial reach, its material scope, and the narrow exemptions that exist. If your website collects any data from Brazilian visitors, this is the article you need to read.
The 10 Legal Bases for Processing Personal Data Under Brazil's LGPD
Article 7 of the Brazilian Data Protection Law outlines ten specific conditions for lawful data processing. Choosing the correct legal basis is mandatory for compliance.
Google Cookies Explained: What They Are, What They Do, and How to Handle Them on Your Website
Google places dozens of cookies through services like Analytics, Ads, YouTube, and reCAPTCHA. Each cookie serves a different purpose - analytics, advertising, security, or personalisation - and each carries specific consent obligations under GDPR and the ePrivacy Directive.
Automated Decision-Making and AI Under the CCPA: The New 2027 Rules You Need to Prepare For
California finalised its automated decision-making rules in late 2025. Businesses have until 1 January 2027 to implement strict notice and opt-out mechanisms for AI and profiling.