Hacker News new | past | comments | ask | show | jobs | submit login

GDPR differentiates between cookies and localStorage? I'm skeptical, but if so that's… a really surprising loophole.



It doesn't differentiate. GDPR is about identities and using them for non-essential purposes. It doesn't take a stance on the technologies in use. According to our lawyer GDPR law texts doesn't contain the word "cookie" anywhere.

Storing a user identifying random id to any permanent storage (cookie, localStorage, etag, Flash, you name it...) goes against GDPR.


Got it — the difference between Volument’s localStorage and GA’s cookie is the “identifying” aspect of the latter.


Exactly. GA uses identifying cookie so a consent is needed outside Europe too as per CCPA and others. Moreover you must explicitly ask for permission to identify the visitor and explain why you do it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: