Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's the local European laws. For example in Finland, where I live all analytics software must display a consent because the data is used for non-essential purposes. Applies to Volument and our competitors. More details on this doc, which is co-authored with a GDPR official:

https://volument.com/learn/data-privacy



GDPR differentiates between cookies and localStorage? I'm skeptical, but if so that's… a really surprising loophole.


It doesn't differentiate. GDPR is about identities and using them for non-essential purposes. It doesn't take a stance on the technologies in use. According to our lawyer GDPR law texts doesn't contain the word "cookie" anywhere.

Storing a user identifying random id to any permanent storage (cookie, localStorage, etag, Flash, you name it...) goes against GDPR.


Got it — the difference between Volument’s localStorage and GA’s cookie is the “identifying” aspect of the latter.


Exactly. GA uses identifying cookie so a consent is needed outside Europe too as per CCPA and others. Moreover you must explicitly ask for permission to identify the visitor and explain why you do it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: