How does LGPD define consent?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

LGPD defines consent as a free, informed, and unambiguous indication of an individual's agreement to processing of their personal data for a specific purpose. This mirrors GDPR's approach: consent has to be a positive action, not passive acceptance or a pre-selected option.

Each word carries weight. Free means given without coercion: you can't require consent as a condition of service when that consent isn't necessary for the service. Informed means the person understood what they agreed to. A clear explanation of who processes their data, what data, and for what purpose. Unambiguous requires a clear affirmative action: checking a box, clicking a button. Not merely failing to opt out.

Consent must also be specific to each processing purpose; blanket consent covering all possible future uses isn't valid. People must be able to withdraw consent as easily as they gave it. You need to document and maintain proof of consent obtained. For sensitive personal data (health information, religious beliefs, genetic data), LGPD requires explicit, highlighted consent beyond the standard.

If you're already GDPR-compliant on consent, your LGPD consent records will likely hold up. Both require the same thing: freely given, specific, informed, unambiguous consent with a clear withdrawal path. Check your consent documentation practices and confirm they cover your Brazilian subscribers.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Help me check whether my consent process meets LGPD's requirements.

I read this on the Email Almanac about how LGPD defines consent. I want to figure out whether my current signup process and consent records meet LGPD's definition. My situation: 1. Do my signup forms require a positive affirmative action (no pre-checked boxes)? yes / no / unsure 2. Do I explain what data I'll process, for what purpose, and who processes it at signup? yes / no / partially 3. Can subscribers withdraw consent as easily as they gave it? yes / no / unsure 4. Do I capture separate consent for each processing purpose? yes / no / unsure 5. Do I have consent records that include the date, method, and purpose for each Brazilian subscriber? yes / no / partially --- My details: - Email platform/ESP: e.g. Mailchimp, SendGrid, HubSpot - Domain(s): your sending domain - Opt-in method: single / double / implied / other - Business type: B2B / B2C / both - GDPR compliant already: yes / partially / no

Edit the yellow boxes, then send to the AI of your choice.