1. Home
  2. Forums Index
  3. WebmasterWorld / Website Regulatory Compliance 11:56 pm May 20, 2026

Forum Moderators: webwork

Message Too Old, No Replies

GDPR and local storage

GDPR affects use of local storage by embedded widgets?

         

stever

4:52 am on May 22, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



An acquaintance has an embedded booking widget on her site.

Just going through it and checking the site for GDPR stuff, I noticed that it was not using cookies but was using local storage (checking in Firefox Web Developer in private browsing).

I know next to nothing about this technique but from the little I have read it a) appears to function in a similar way to a cookie and b) be substantially less secure because of xss potential.

Anyone want to illuminate whether the use of local storage might be part of this GDPR can of worms?

keyplyr

5:19 am on May 22, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



[webmasterworld.com...]

I think you answered your own question... less secure so obviously wouldn't comply with GDRP.

You could use the xss security header though:
X-XSS-Protection: 1; mode=block

stever

5:51 am on May 22, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks for the reply.

Sorry, I wasn't too clear about what I was looking for because I know little about local storage.

I think my questions were:
i) is 'local storage' just in the user browser and, if so, does this count as 'data storage' in terms of GDPR (since the data never goes anywhere apart from the user and the user, theoretically, has allowed the use of local storage)
ii) does the use of 'local storage' fall under the cookie notification regulations (which are separate from GDPR but often being combined now by websites)

keyplyr

5:57 am on May 22, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Cookies are stored on the user's computer.

What you're describing is data that identifies a user that's stored on the web server. As such, it would be subject to GDPR proposals about data storage. The link I gave above outlines data storage.

One point I left out in that other thread though is encryption. If stored data is encrypted, it would be compliant generally speaking without getting into who has access and for how long the data is stored.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Regulatory Compliance 11:56 pm May 20, 2026