Okay, if I understand correctly, if you want your website to be RGPD compliant, you must wait for user opt-in before storing anything to their device.

Maybe I'm asking myself too much questions but, how exactly does this work for a PWA ? Should you ask user for permission before starting a service worker and/or before caching any content ? If so, what if the user refuses the authorization ? The app is broken ? Or it just fallback to good old http browsing if it's server-rendered ?

  • 9
    The GDPR is not about data storage, it's about personal data. Caching assets of a PWA does not count. Cookies can because they are used to identify the user upon the next visit.
  • 3
    @Fast-Nop Thanks ! That what my first thought but I still had a doubt... You reassure me, the opposite would be so painfull ^^
  • 4
    You need to apply the consent only if you are using the users data outside of the service core functionality (many times it's the analytics\profiling of user data).
Add Comment