I'm working on a website that allows users to customize the color theme, and these preferences are only saved on their device without any data being sent to the server. However, many sites show cookie popups to inform users about storing information on their device, primarily to guard against tracking. Since I'm storing user preferences, I want to know what steps I need to take to comply with EU privacy laws, specifically regarding the necessity of a privacy notice for this situation.
5 Answers
You usually don't need a notification for first-party cookies like those used for saving user preferences. A cookie banner is typically required only if you're collecting or tracking personal data with third-party tools. Your users' color scheme choices aren’t considered personal data, so you're likely all good!
Exactly! It’s when you’re dealing with non-essential cookies that require consent.
You generally don’t need cookie banners for first-party cookies that relate to functionality, like theme settings. Users expect that kind of customization to involve some data storage. Cookie popups are mainly for advertising and analytics cookies set by third parties.
Just determine if the data you’re collecting is necessary for your site’s functionality. If it’s not personal data and only related to theme settings, then you’re not required to show a notice at all. So, you're probably set!
While user preferences are generally fine, be aware that if your server logs IP addresses, that counts as personal data under GDPR. It's wise to be transparent about this in your privacy notice, and you can find privacy policy generators online to help you out if needed.
Even though you're not collecting personal data, you still need a privacy policy in the EU to explain what data you do have, like IP addresses or request logs. It doesn’t have to be lengthy, but you should clarify your practices in case people have questions about their data rights.
Thanks for the reminder! It's good to have a clear policy in place.
Got it, I’ll make sure to include that in my site.
That's what I thought too! It's pretty straightforward if you're just handling user preferences.