The article https://gdprhub.eu/index.php?title=AEPD_(Spain)_-_PS/00524/2023&mtc=today is about 3rd party cookies. It's correct, that 3rd party cookies are not allowed without a users consent.
Your dark mode cookie will be a first party cookie, furthermore a binary value, not for tracking purposes.
So you can't compare these.
We are not aware of any process that has dealt with anything like this first party cookie with a binary value for technical purpose.
What would probably cause less discussion (also from the thread): the default (=cookie not present) is light mode; if the user explicitly selects dark mode, the cookie is set.
What is correctly presented in the thread is that setting a cookie and writing a value to local storage are of course the same thing on a more abstract level, namely storing data on the end device.
hi all!
I'm a dpo from legalweb.io, responsible for the integrations of cms systems to our gdpr cloud solution. @grienauer asked me, if I could clearify this issue/question about the dark mode setting.
There is no problem in case of gdpr setting such an information in local storage, or as a cookie.
Such an "information" is or can be called "technically necessary".
You don't use this kind of date for further processing of private data, or forward this information to a 3rd party.
As explanation or example: if you would forward the statistcs about dark mode/normal mode usage to a 3rd party and if it would be possible to identify a single user to get his specific setting, a consent would be needed.
The usage of this information is just for deciding which css should be loaded - the normal or the dark one, so no need to get a consent of the visitor in this case.
kind regards,
Matthias