Local and Session Storage and GDPR


when thinking what to put into my privacy declaration when using Nextcloud, I found that when sharing an editable .md-file, not only the four regular Nextcloud cookies are shown, but my browser also says (in Chrome, when clicking onto the lock) something called in German “Lokaler Speicher” and “Sitzungsspeicher”, so probably “local storage” and “session storage” in English). As it is shown there, I suppose I will have to add information about that to my privacy declaration. But what is that? I have read about local storage and Nextcloud, but I simply do not understand what that means in terms of what there is being stored in the browser of the person, who will be accessing that file.

So: Which data will be stored on the user’s computer when this can be seen in the browser? And for how long? End of session? Longer? And will there be further data collected through this? And which? And what happens, if the comment function is being used or a video call is initiated using Next Cloud talk which is shown to those who wish to give a comment to that file?

I would appreciate helpful answers here!

Hi @Light, by default only important cookies (for connections ) are stored during an active session on the browser of the user. But some apps can use other cookies to locate the user or other functionality so I can’t tell you what write to your privacy declaration.
I think, you have to check cookies used during connection with your browser.

Hi @Mageunic, Thank you for your reply. Well, I did check and that is where “local storage” and “session storage” showed up. When I clicked at what I saw, there were no further information available, so I have no idea at all what might be stored there, that is why I am asking.

I have started to look through privacy declarations of others who use Nextcloud in the hope I would find the phenomenon (which will very probably be the case in all Nextcloud installations, as being able to share .md-files which can be edited is part of the core installation) mentioned there, but no one mentions it, so no clue so far there.

I also think cookies and “local” (and so I suppose also “session”) “storage” are two things, although the GDPR makes no difference there according this page. So I cannot simply let it be.

(heavily edited)

1 Like

@Light I think cookies and local storage, session storage are a bit different because my browser doesn’t detect them as cookies ( press F12 and go to apps menu):

I’m french, sorry for the screenshot that is not in English :

1 Like

@Mageunic I see, thank you, I did not know about that function. In my installation, what I can see is this:

1. For local storage

Key Value
Nick Curley
“nextcloud_per_dGV4dA==_currentSession” [object Object]

and below there is written

1 Curley

2. For Session Storage

There are no keys or values given.

But what does that mean now? What is it about? What is stored there? Is is stored on the page visitor’s computer / in his/er browser? What might be stored in session storage? Without knowing this and giving the information in my privacy declaration, I cannot use the sharing function or other functions which have these “storages” on a non-private website :disappointed: I tried Google, but so far to no avail.

@Light I think only local storage informations are stored on user’s browser ( when they are logged, there is no data in it on the connection page).
Session storage seems to be here but no data is stored inside … so nothing stored in the browser

@Mageunic Oh, ok, but then I would still need to inform my visitors about the fact that information are stored in local storage, and they will want to know what information and for how long. What do those values mean?

(Could you perhaps also explain what you mean with “When they are logged, there is no data in it on the connection page?” My apologies that I do not get it: When what is logged where? And which connection page? (And what does it mean?) I am really not an IT person, I am just a user without much technical understanding.)

1 Like

These data are necessary for the proper functioning of the site. The stored data are temporary. It is stored only and during the time a user is connected to an account on the server. (visitors do not have data stored in theory)

for other default cookies of nextcloud, more details here : Cookies — Nextcloud latest Administration Manual latest documentation

1 Like

@Mageunic I see, Thank you very much! Then I do not have to worry and can simply mention that in my privacy declaration (I think), so (I think) probably no permission for that is necessary. So I can use that function after all :smiley:

1 Like