GDPR and Phoenix

I know about the cookies frontend part, but what about the server side part compliance with GDPR and especially the websocket protocol and things it stores.

Is there anything I should be aware of?

Does Phoenix store some information that is GDPR important in the Database or somewhere else?

1 Like

Phoenix itself does not store any information in a data store.So the platform itself does not have a material impact as a result of GDPR. What your application does matter though of course.

In case you want to disable cookies and not worry about GDPR: Phoenix and LiveView without cookies - Byteflip

1 Like

WebSocket protocol doesn’t have anything to do with GDPR. Check Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu not all cookies need GDRP consent and browser local storage & session storage likely also fall in this same rules because law is not just about cookies. Anyway from there

Receive users’ consent before you use any cookies except strictly necessary cookies.

Cookies can’t contain information that identify the person. So you can’t store users email or name in them for example. No login name in the cookie either but user id is probably ok.
You could even store just client id or authorization id in JWT token in the cookie instead user id for example that is then tied server side authorization that contains user id. That way user id is also kept out of browser cookies.

If you use some 3rd party browser analytics like azure application insights you likely need to show that GDRP consent popup. If you use azure application insights specifically then you might need extra steps to make it GDRP compliant so it won’t store cookie until user has given consent by setting disableCookiesUsage to true until user has given consent. But I’m pretty sure lot of sites don’t do this and just let analytics create cookie before consent is given…

1 Like

This is a misconception. You don’t need to disable cookies for GDPR compliance. All you have to do is not use cookies for tracking. Cookies for login and other functional cookies are totally fine.

6 Likes

So, the Phoenix.LiveDashboard.Router is fully GDPR compliant?

Yes, it is.

3 Likes