pimterry
commented
3 years ago You should talk to your own legal/privacy team, but I'm fairly confident that:
- You don't generally need consent for strictly functional cookies, which covers loglevel is most contexts, so I would be surprised if this really is required in most environments.
- In cases where this is required (e.g. using loglevel inside marketing code only) you do almost certainly need to disable persistence completely, not just cookies. GDPR & other EU laws do not regulate cookies. They regulate storage of information on an end user's computer, and they apply equally to cookies, localStorage, indexedDB, or anything else similar. You can already comply with this by completely disabling persistence in loglevel with the existing option.
Some more info here: https://law.stackexchange.com/a/30766. If there's a specific use case where you really do need to disable cookies to enforce usage of local storage only instead, I'd be super interested to hear about it and I'm happy to look into that, but AFAIK there's no privacy laws anywhere in the world that treat cookies differently to the other persistence features that loglevel uses.
Kureev
xmedeko
Hi,
First of all, thank you for such an amazing project! We've been using it for a couple of years and it works like a charm ❤️ .
Recently, we discovered that
loglevelmight use cookies for persistence. While this sounds like an absolutely great idea, we should have an option to disable it. Having it always on would violate GDPR policy around "functional" cookies. Unless customer would allow this type of cookies, they should be blocked by default.I checked the docs and it seems that currently there is only an option to disable persistence which I'd like to avoid and hence, asking you to consider adding this functionality to the lib. If you'd like to add such functionality to your lib, I can compose a PR addressing this. I might only need your opinion on on the naming 🤔, but the rest I can take myself.