I'm creating a small website where users can customize the color theme, and I want to make sure I'm compliant with EU regulations. The color choices are only stored on the user's device and never sent to the server. Normally, many websites have cookie popups informing users that their information is saved on their device, which is primarily to protect against tracking. Since I'm technically saving information on their device, do I need to take any specific legal steps to be compliant?
5 Answers
You generally don't need to have a notification for first-party cookies that are used for user preferences, like theme selection. Those aren't considered personal data, so you're in the clear! The cookie notifications mainly apply when personal data is collected by you or any third-party tools on your site.
You’re good! You don’t need to show cookie banners for first-party cookies that deal with functionality, theme choices, and the like. It’s expected that people know such settings might create local storage.
The main question is whether the data being stored is essential for your site's operation. If it’s not personal data and just relates to website functionality, you shouldn't worry about needing a cookie notification.
For what you're doing, you seem fine. Just be aware that if you have a server, it may log IP addresses, which are considered personal data under GDPR. You’ll want to mention that in your privacy policy.
Legally, you need a privacy policy in the EU, even if it’s very short. It should clarify how you handle data, like logging IP addresses, even if you aren't actively collecting personal data. Transparency is key, so having a privacy policy is a smart move.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads