On 04/01/2022 19:32, Jean Abou Samra wrote:
Forgive my igorance with the inner workings of the Internet: what does this mean in connection with GDPR and all that? Am I right that the fact that the information stored on the user's device serves a purpose essential to satisfying the very request of the user means that it would fall under PECR exceptions to the requirement of a banner asking for explicit consent of the user? Otherwise, as far as I can read, the requirement is that you must ask for permission before storing or using the data, so this permission could be asked to the reader just when toggling highlighting and not for everyone reading the documentation, right? I'm a bit at loss trying to understand what is OK or not in this respect.
The fact that it's stored on the user's own device (and the server never sees it) means that the GDPR is irrelevant.
The GDPR places an onus on you to take appropriate care of OTHER PEOPLES' information. If you never have that information, then the GDPR is irrelevant. If you only have that information transiently, for the purpose of satisfying the user's web session, then I guess you just need to make sure that it's wiped when the session ends.
The big problem actually is with the webserver itself. If it keeps logs of people accessing the website, those logs are far more of a GDPR problem than all this stuff on the web site.
Cheers, Wol
