Hacker News new | past | comments | ask | show | jobs | submit login

GDPR differentiates between cookies and localStorage? I'm skeptical, but if so that's… a really surprising loophole.



It doesn't differentiate. GDPR is about identities and using them for non-essential purposes. It doesn't take a stance on the technologies in use. According to our lawyer GDPR law texts doesn't contain the word "cookie" anywhere.

Storing a user identifying random id to any permanent storage (cookie, localStorage, etag, Flash, you name it...) goes against GDPR.


Got it — the difference between Volument’s localStorage and GA’s cookie is the “identifying” aspect of the latter.


Exactly. GA uses identifying cookie so a consent is needed outside Europe too as per CCPA and others. Moreover you must explicitly ask for permission to identify the visitor and explain why you do it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: