仅使用 localStorage 的 App 是否必须符合 GDPR?

Is an App that only use localStorage has to be GDPR Compliance?

所以,我创建了一个 app that can be installed on websites via CloudFlare Apps. This is my app。此应用程序仅在 localStorage 上存储 1 个数据(以 datetime 的形式),用于记住单击了 "Got it" 按钮的用户。

我的问题是:

  1. 我的应用是否符合即将于 5 月 25 日生效的 GDPR?
  2. localStorage是否属于个人信息?
  3. 我的应用如何符合 GDPR?

我对即将出台的 GDPR 知之甚少。

如果您说德语,关于新 GDPR 后果的最佳文章是 the series of the iX Journal

本系列的一部分翻译成这样:

For Cookies that are used to enhance the User Experience of a Website, f.e. Session or Shopping Cart Cookies, the Interests of the Website Operator will outweight. Even the use for Webanalticys could as part of this balancing of interests be justified. But it will be necessary for Website Operators to enable the user the right to revoke the given permissions. - Source: iX January 2018

这是iX 1 月份文章中的一个非常模糊的答案。今天有更多关于 Cookie 监管的信息。您使用存储信息的目的不是 GDPR(它规定了从任何网站以机器可读格式导出用户日期的权利等内容),而是电子隐私法规,它可以被视为附加部分GDPR。

Simpler rules on cookies: The cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rule will be more user-friendly, as browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy-intrusive cookies improving internet experience (like to remember shopping cart history) or cookies used by a website to count the number of visitors. — Source

在你的具体情况下,我会说这与 "localStorage" 是否可以归类为个人信息无关。它与您存储的内容以及存储它的原因有关。但在我看来,只要此信息仅用于增强用户体验,我认为您的工作进展顺利。

To answer one of your part questions I don't think you can say something like: "Everything stored in localStorage is allowed or disallowed". I think it will always be what you store, why you store it and if you process it.

从这么远的角度来看,很难判断您的整个应用程序是否合规。例如,GDPR 将动态 IP 地址归类为个人信息。如果您存储和处理 IP 地址,则需要通知用户您的插件。但最重要的是,GDPR 主要针对网站运营商。当我看到你的应用程序时,你 "just" 提供了一个插件。因此,如果存储了任何需要特殊条款的信息,您的插件的用户将需要在他们的隐私政策中包含特殊条款。

重要的是要说,我是律师也不是合规官。