Do you have a link to that clarification? I can't seem to find it easily. Last time I dove into this topic was over a year ago, I guess some things changed.
As to local storage, yes (ignoring third-party js). The point is that you don't personally have to use cookies to infringe the law, OP seemed confused about this. I'm also guessing session cookies don't count as persistent.
I found the European CoJ (I think that's the English acronym...) case
I'm not really seeing any statements about when consent is required, rather about how it may be given required. In addressing question 1(b) they even specifically mention the need to protect users from hidden identifiers. I would argue a shopping cart is, at least, not the intended target here.
Nevertheless, you have convinced me that it is a good precaution to ask for permission for any and all persistent retrievable data, particularly in light of the wording of directive 2002/58.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Do you have a link to that clarification? I can't seem to find it easily. Last time I dove into this topic was over a year ago, I guess some things changed.
As to local storage, yes (ignoring third-party js). The point is that you don't personally have to use cookies to infringe the law, OP seemed confused about this. I'm also guessing session cookies don't count as persistent.
Ah, I confused that. It was the BGH that confirmed the EuGH statement from 2019 (sources are mostly german).
And yes, you are of course correct that you can break the law even without cookies, but that requires sending user data to any services.
I found the European CoJ (I think that's the English acronym...) case
I'm not really seeing any statements about when consent is required, rather about how it may be given required. In addressing question 1(b) they even specifically mention the need to protect users from hidden identifiers. I would argue a shopping cart is, at least, not the intended target here.
Nevertheless, you have convinced me that it is a good precaution to ask for permission for any and all persistent retrievable data, particularly in light of the wording of directive 2002/58.