I'd like to avoid having the cookies banner on my websites where possible. Could I store session id's in localStorage to bypass implementing the banner?
Asked
Active
Viewed 7.2k times
2 Answers
59
If you don't use cookies at all then it would be a huge misinformation to warn your visitors about using cookies. It may even be useful to explicitly state that you don't use cookies. Remember that warnings about cookies are for people who want to avoid cookies so they should know when they finally get to a rare website that doesn't use them. But you may still need to warn about other things, like local storage. Just don't call it cookies if those are not cookies because it would be a misinformation that can even be against the law.
According to The EU Cookie Law website:
Is is just cookies?
No - The law also affects anything that acts like a cookie, for example:
- Flash Cookies
- HTML5 Local Storage
The ICO has said that it isn't good enough to just re-implement the tracking some other way outside of cookie storage.
According to The Cookie Collective:
There are other technologies, like Flash and HTML5 Local Storage that do similar things, and these are also covered by the legislation, but as cookies are the most common technology in use, it has become known as the Cookie Law.
See also:
- Localstorage vs. Cookies vs. The law by Johan van Tongeren
-
11"warnings are for people who are afraid of cookies" - that is blatantly wrong. The warnings are mandated by the directive and the directive does not even mention cookies. Any kind of tracking and surveillance is covered. – JacquesB Sep 02 '15 at 14:31
-
3This is just my interpretation, and could be wrong, but as i understand it, if you use local storage in a way that doesn't allow you to identify individual users, it doesn't apply, so for example using local storage to store user preferences wouldn't require notification, but using it to store a session id that then automatically gets sent back to the server would. – Jules Sep 02 '15 at 20:00
-
1@Jules: You are correct. You can also use cookies without having to notify the user. It is not a question of any specific tracking method, but rather if you store the traffic data or share it with third parties. – JacquesB Sep 02 '15 at 20:41
-
1@JacquesB I didn't mean that the warnings about cookies are mandated by the directive but that warning about cookies specifically on a website that doesn't use them would be misleading. I reworded that sentence, I hope it is more clear now. Thanks for pointing it out. – rsp Sep 09 '15 at 12:04
-
16People that are afraid of cookies have their browsers set to reject all cookies. Smart people control cookies with their browser, use private browsing, and constantly clear their cache. When I go to the store and use my credit card the POS can record everything about my purchases and analyze my private life yet nothing pops up on the checkout terminal asking for my permission or offering more information. The law is an ignorant misguided attempt. People don't want to be interrupted by a banner to click however unobtrusive it is made to be. The law should be disregarded altogether. Screw the EU – J.Money Feb 25 '16 at 13:47
-
6@J.Money, If you'd like to live in the world that every website might use your computer to store your private information and get it when it wants, _and_ without providing any information to the user, feel free. Others would like to be warned. Thanks to EU. – João Pimentel Ferreira Jul 18 '17 at 22:33
-
1@João you go to a website. It displays the cookie warning. It's already too late. You have been tracked. Now they are just confirming your suspicions. It is no different than any of the million other ways you are being tracked. – J.Money Jul 21 '17 at 03:06
-
But then YOU KNOW IT. And thus you can either turn off cookies or not use such website. – João Pimentel Ferreira Jul 22 '17 at 09:20
-
2@J.Money By updated EU law, you can't track users till they approve cookies. So basically "It displays the cookie warning. It's too late" is no longer valid - and sites tracking without permission might get pretty big penalties by doing so (law is ready for a while and will be valid from May 2018). – Jurosh Jan 19 '18 at 09:44
-
3@J.Money I think your comparison is disingenuous. You compare it to making a purchase - but you don't need to make a purchase for a website to track you. An appropriate comparison here would be: you look at a pair of jeans through a store window and they know your age, gender, location, porn preferences, recent search history and a damn good estimate of your net worth. You wouldn't willingly hand this information to the store clerk. Websites didn't even have to ask before GDPR. – Brandon Bertelsen Feb 28 '21 at 19:43
55
The cookie law is not actually about cookies (and its not actually called the cookie law). Its about tracking users, storing and sharing the information with third parties. Cookies are just the most popular method to track users.
If you don't want to show the "cookie warning" then just don't track the users beyond the session and don't share traffic data with third parties.
JacquesB
- 57,310
- 21
- 127
- 176
-
1You said “don't track the users beyond the session”. Do you think it would be legal to use [`sessionStorage`](https://developer.mozilla.org/en/docs/Web/API/Window/sessionStorage) for website analytics? `sessionStorage` gets deleted as soon as the user closes the browser tab. – ausi Nov 24 '16 at 19:12
-
2@ausi: Sure...if you don't store the analysis anywhere. But that would be pretty useless. – JacquesB Nov 24 '16 at 19:19
-
3I meant using the `sessionStorage` for storing a unique tracking id and using that to send data to an analytics server. This way, after closing the browser tab, the analytics server can no longer identify the same user. But as long as the website is opened it can identify the browsing session. – ausi Nov 24 '16 at 19:25
-
7@ausi: This is basically the same as a session cookie. I believe you still have to warn even if the analysis data is anonymized. – JacquesB Nov 24 '16 at 19:49