Skip to main content
search
Articles

LGPD and Cookies: What has changed?

By January 15, 2021#!30Thu, 16 Sep 2021 17:21:50 -0300p5030#30Thu, 16 Sep 2021 17:21:50 -0300p-5America/Sao_Paulo3030America/Sao_Paulox30 16pm30pm-30Thu, 16 Sep 2021 17:21:50 -0300p5America/Sao_Paulo3030America/Sao_Paulox302021Thu, 16 Sep 2021 17:21:50 -0300215219pmThursday=904#!30Thu, 16 Sep 2021 17:21:50 -0300pAmerica/Sao_Paulo9#September 16th, 2021#!30Thu, 16 Sep 2021 17:21:50 -0300p5030#/30Thu, 16 Sep 2021 17:21:50 -0300p-5America/Sao_Paulo3030America/Sao_Paulox30#!30Thu, 16 Sep 2021 17:21:50 -0300pAmerica/Sao_Paulo9#No Comments

*Julie Caroline Oliveira

Summary - This article aims to present a brief explanation of the General Data Protection Law, better known as LGPD, and to cite some of the changes it has brought to organizations, especially those that make use of Cookies on their institutional websites or e-commerce.

Abstract - This article aims to present a brief on the General Data Protection Law, better known as LGPD, and to mention some of the changes it has brought to organizations, especially for those who use cookies on their institutional sites or e-commerce.

Keywords: Cookies; GDPR; Changes; organizations.

Introduction

In force since September 2020, the General Data Protection Law (LGPD) has brought several changes to both natural persons and companies that process personal data. For a better understanding, data processing consists of any action carried out with data of a natural person that can identify or provide the identification of this person. That is, access, collection, use, transfer, processing, storage, modification, deletion, among other diverse operations, are considered processing of personal data and must be in compliance with the rules provided for in the LGPD. Therefore, this includes all people and companies that use Cookies on their websites, whether institutional, e-commerce, blogs etc.

What are Cookies?

Cookies are small text files that store some information about who has accessed that web page, such as browsing history, shopping preferences, logins, IP address, browser used, operating system, machine settings, among others. Some of this information is not considered personal data at first, however, as soon as there is a record linked to that environment, the information collected allows users to become identifiable.

Another issue regarding Cookies are their different types and how each works. Below are brief descriptions of the main types:

  • Cookies of Session: They can be defined as a short-term memory of a website, after all, they are deleted as soon as the browser is closed. They are what allow the user to move from one page to another within the same domain without losing important information, such as products in an online shopping cart.
  • Cookies

Primary/Persistent/Permanent: They are those created by the accessed domain itself, generally to facilitate its access with language preferences, auto-completion of information in forms, etc. every time you return to that site. They remain stored until their expiration date or until you manually remove them.

  • Cookies from Third Parties: Also known as Cookies malicious, are those that originate from different domains than the one you are currently accessing. It aims to track the user by various means, such as browsing history, behavior online, demographic information, consumption habits, among other information. This type does not usually benefit users and can also be removed or blocked manually.

As seen above, it can be concluded that the Cookies facilitate user navigation, however, they can also pose risks to the protection of personal data. And it is following this thought that the LGPD enters the scenario.

LGPD compliant

The need to comply with LGPD principles has led several companies to review and change security processes, measures and policies. It is important to understand that the law did not arise with the purpose of prohibiting the use of information, but to regulate the way in which this data needs to be treated, as well as the
GDPR (General Data Protection Regulation) for European citizens. In this way, these laws bring some principles to be followed, such as purpose, necessity and transparency, which aim to ensure that the processing of data is carried out exclusively for the informed purpose, the collection of data to the minimum necessary and transparency with the holder regarding the what is performed and with whom your data is shared. In the case of using Cookies, GDPR uses the legal basis (hypotheses used for valid processing of personal data) regarding consent and the use of cookie banner, used to request user consent in relation to the Cookies used in site. However, in the LGPD, the legal basis that best applies is that of legitimate interest, as we use Cookies essential for the user experience (data subject) when site of the treatment agent, allowing it to perform navigation through the site and its resources in full. This legal basis allows the data of the subject to be used to meet the legitimate interests of the controller, such as providing services that benefit the subject. For example, a shopping site needs Cookies to store the products chosen by the customer in the cart and, even if they change or close the page, when they return, the product information will still be there.

Due to the above needs, it is extremely important that companies adapt and make clear the information being collected, why and how they can change the preferences of Cookies and delete the information. For this, a privacy policy and the use of cookies must be detailed in a way that everyone understands and available on the organization's website.

Conclusions

It can be concluded that, if companies want to comply with the law and guarantee the trust of their customers, they must adapt to the changes proposed above.

Learn more about the LGPD:

About [SAFEWAY]

THE SAFEWAY is an Information Security company, recognized by its clients for offering high added value solutions, through Information Security projects that fully meet the needs of the business.

During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 23 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

SAFEWAY can help your organization through SAFEWAY SECURITY TOWER a complete service chain so that your operations continue to be monitored and protected by a highly specialized team. Our SOC works on a 24×7 basis, with a high-performance technical team and tools to assist your organization in identifying and responding to incidents in a predictive and reactive manner, keeping your business safe and monitored at all times.

Let's make the world a safer place to live and do business!

Tags:

Close Menu