In a digital landscape where information is essential, privacy becomes a valuable currency. Since 2020, the General Data Protection Law (LGPD) has set new directions for data processing in Brazil.
With the law in effect in Brazil, the rules of the game have been redefined, especially in the realm of programmatic advertising.
This article aims to deepen our understanding of how the LGPD can impact this digital sphere.
Additionally, we will explore its nuances and uncover strategies to navigate successfully in this new paradigm between the LGPD and Programmatic Advertising. So, keep reading!
What is LGPD?
In summary, the LGPD (General Data Protection Law), Law 13,709/2018, is the umbrella that protects consumers’ personal data in Brazil.
Since its implementation in 2020, companies have been required to follow strict standards for collecting, storing, and processing customer data, all regulated by Law 13,709/2018.
In addition to clear guidelines, the LGPD establishes penalties for those who violate its provisions. This legislation, developed based on the rules of the European GDPR, began to be discussed in 2017 and was approved in 2018.
How does LGPD apply to programmatic advertising?
In the era of programmatic advertising, LGPD poses a significant challenge. The law proposes minimal collection of personal data.
That is, it requires companies to obtain one of the 10 legal bases for processing, including consent, legal compliance, contract execution, and legitimate interest.
In the digital context, especially in programmatic advertising, Legitimate Interest often serves as a legal basis. However, its application requires a rigorous test of proportionality.
This test, divided into stages such as legitimacy, necessity, balancing, and safeguards, aims to ensure transparency, opposition, and risk mitigation.
In the context of programmatic advertising, data is obtained through Data Providers, who collect behavioral information from users.
Moreover, LGPD requires transparency about the treatment of this data, ensuring that users are aware of and comfortable with ad personalization.
Whether it’s first-party data, obtained directly by advertisers, or third-party data, acquired from external providers, all are considered personal data under LGPD.
What are the penalties for non-compliance with LGPD?
The General Data Protection Law (LGPD) establishes several penalties for non-compliance with its provisions.
After all, the penalties aim to ensure organizations’ compliance with data protection standards and safeguard the privacy of data subjects. The main penalties provided by LGPD include:
Warning:
The national authority can issue a formal warning to the company that violates LGPD. This warning serves as an alert for the need to correct data processing practices.
Daily Fines:
In cases of continuous non-compliance, LGPD allows for the imposition of daily fines, which can be established until the company regularizes its practices in compliance with the law.
Data Blocking or Deletion:
The national authority may determine the blocking or deletion of personal data related to the irregularity. This measure aims to interrupt the improper processing of data.
Partial Suspension of Database Operation:
In more severe cases, the national authority may impose the partial suspension of the database’s operation that is being used in a manner not compliant with LGPD.
Monetary Fine:
Fines are one of the most significant penalties. LGPD establishes that fines can amount to 2% of the company’s revenue, capped at R$50 million.
The exact determination of the fine depends on the severity of the violation and other factors considered by the national authority.
Moral Damages:
In addition to fines, LGPD provides that non-compliance with the law may result in lawsuits for moral damages. That is, the company may be held liable for damages caused to data subjects, regardless of the proof of material harm.
It is important to highlight that penalties may vary according to the nature of the violation, the company’s cooperation in correcting irregularities, and other relevant factors.
Administrative sanctions aim to encourage compliance and protect the rights of data subjects.
The adaptation of programmatic advertising to LGPD requires concrete actions from companies. Developing clear privacy policies is the first step.
These policies should detail the collection, purpose, responsibilities, and risks associated with data processing.
The implementation of consent mechanisms becomes essential, whether through opt-ins in privacy policies or through transparent and user-friendly cookie notices.
Training and awareness are fundamental. Professionals involved in programmatic buying and selling must understand the importance of complying with LGPD and act according to its principles.
For campaign deployment, advertisers should analyze touchpoints with the audience to ensure a secure experience.
In summary, aligning with the legal bases of Consent and Legitimate Interest requires practices such as clear opt-ins in privacy policies, efficient cookie notices, and transparent provisions regarding data collection for advertising purposes.
However, remember that seeking professional advice is often more advisable. LGPD not only imposes rules but also signals a positive evolution for the digital market.
By adopting practices that prioritize privacy and transparency, the programmatic ecosystem not only adapts to the legislation but also enhances the user experience.
LGPD is not an obstacle but an opportunity to transform Big Data into Good Data, promoting a safer and more reliable online environment for everyone.