Consent-aware storage mechanismSee original GitHub issue
Currently analytics by default stores a field
localStorage. However, with GDPR we don’t want to store any persistent information until the user gives consent to do so.
We can prevent this by passing in a storage option with a transient storage type (e.g. using
However, if the user later gives consent, we would want to transition over to using permanent storage.
It would be very helpful if the library was “batteries included” in the sense that it provides an easy way to do this, perhaps with a dedicated consent module.
Initially it could use global storage. But if consent is granted to store tracking cookies, it would copy the relevant data from the global variable storage to localStorage and start using localStorage after that.
It may also be helpful if the library used a different storage options for different kinds of consent.
For example, in Google Tag Manager they have
security_storage that are configured and consented to separately.
I’m not sure if any of the analytics plugins currently would benefit from this distinction but they might.
If the analytics object had 5 different
storage objects and each had a flag indicating whether it had consent or not, and plugins could get an event when storage consent changed, they could make use of that to propagate consent state to their upstream library or other make use of this information to adjust their storage related behavior.
- Created 10 months ago
- Comments:7 (6 by maintainers)
Top GitHub Comments
This ticket actually just requests that the analytics library itself has a similar mechanism - it can load without storage consent and just store the
userId in memory. Later if consent is given it can use
localStorage. In principle some plugins for it could make use of the same mechanism instead of making their own.
With Google Analytics, Google Tag Manager, and some other libraries you can tell them to load without storing any cookies or using localStorage. They just send the events with a non-persistent session ID in them. If you later give storage permission, they will store the session ID so that the user’s actions are tracked across pages and reloads.
It is nice to be able to see some analytics for users who did not accept cookies as you can still at least see page view counts, browser usage, and data like that for those users.