For the compliance of GDPR, the cookie that is used to uniquely identify the person or device should be treated as personal data. (according to the 'General Data Protection Regulation Recital 30'). Consider the following original quotation:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
Therefore, under the GDPR, the development ...
