Hacker News new | ask | show | jobs
by Gustek 892 days ago
My understanding of ePrivacy (mostly GDPR) is that this kind of feature does not require consent. It's only features that would allow you for tracking of the user that require consent. Storing some setting in a local storage, never sending it to the server is fine.

Things get a bit muddy when sending to server but even then you may not need a consent if it is a feature that is required for correct working of the website or better experience without tracking and profiling.
2 comments
diggan 892 days ago
This is correct. Unless it involves personal data and/or tracking the user somehow, then GDPR isn't relevant.

Example: If you're storing lightOrDarkTheme in a cookie/localStorage, then there is no need to try to follow any directives, nor are you required to inform the user about that you're storing the preference.

link
jefftk 892 days ago
GDPR and ePrivacy are different regulations. Under the latter even purely local data storage still requires consent unless it's "strictly necessary" to implement something the user has requested.

For example, see the discussion the sibling commenter linked around storing UI customization choices for only the duration of the current session: https://ec.europa.eu/justice/article-29/documentation/opinio...

link
troupo 892 days ago
You don't need consent in this case, as clearly stated in 3.6 UI customization cookies

--- start quote ---

3.6 UI customization cookies

These customization functionalities are thus explicitly enabled by the user of an information society service (e.g. by clicking on button or ticking a box) although in the absence of additional information the intention of the user could not be interpreted as a preference to remember that choice for longer than a browser session (or no more than a few additional hours). As such only session (or short term) cookies storing such information are exempted under CRITERION B

--- end quote ---

link
jefftk 892 days ago
See discussion above: https://news.ycombinator.com/item?id=38901520

As long as it's clear to the user that they're making a site-wide UI customization choice and just not choosing the language for this specific example I agree with you, but I don't think it's clear in the typical case.

link
troupo 892 days ago
IMO this is splitting hairs, and no one will take you to court because you changed the snippet language across the entire site for the session
link