Remix.run Logo
reactordev 3 days ago

It’s not a loophole. localStorage is just that, local. Nothing is shared. No thing is “tracked” beyond your site preferences for reading on that machine.

I say it’s a perfect application of how to keep session data without keeping session data on the server, which is where GDPR fails. It assumes cookies. It assumes a server. It assumes that you give a crap about the contents of said cookie data.

In this case, no. Blast it away, the site still works fine (albeit with the default theme). This. Is. Perfect.

dkersten 2 days ago | parent | next [-]

> which is where GDPR fails. It assumes cookies.

It does not assume anything. GDPR is technology agnostic. GDPR only talks about consent for data being processed, where 'processing' is defined as:

    ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(From Article 4.2)

The only place cookies are mentioned is as one example, in recital 30:

    Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
reactordev 2 days ago | parent [-]

>GDPR only talks about consent for personal data being processed

Emphasis, mine. You are correct. For personal data. This is not personal data. It’s a site preference that isn’t personal other than you like dark mode or not.

dkersten 2 days ago | parent [-]

I was responding to this bit:

> It assumes cookies. It assumes a server.

sensanaty 2 days ago | parent | prev | next [-]

> It assumes cookies.

How can people still be this misinformed about GDPR and the ePrivacy law? It's been years, and on this very website I see this exact interaction where someone is misinterpreting GDPR and gets corrected constantly.

0x073 3 days ago | parent | prev [-]

Gdpr don't assumes cookies, if you misuse local storage you also need confirmation.

reactordev 3 days ago | parent [-]

only if you are storing personal information. Email, Name, unique ID.

Something as simple as "blue" doesn't qualify.

dkersten 2 days ago | parent [-]

Correct. But you can also use cookies for that, without violating GDPR or the ePrivacy directive.

reactordev 2 days ago | parent [-]

Then you have the problem of some users blocking cookies at the browser level. LocalStorage is perfect application for this use case.

account42 2 days ago | parent [-]

Or maybe you could respect those user's preferences of not having shit stored for your website.