I have been taking everyone else’s advice mostly instead of reading up on things myself. I’m starting to read about GDPR and cookies as well as what is personal information. I’m in the U.S. but, I still want to be as GDPR compliant as possible. This (UK based I believe) organization explains things well: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/how-do-we-comply-with-the-cookie-rules/
First, I’ve read that you do not have to call out any essential cookies you use. Usually. And so, log in cookies, and cookies related to user input, user preferences, cookies related to security (and there are other examples out there) do not have to be called out.
However, non-essential cookies do. One famous type being tracking/analytics/advertising cookies.
And so it seems to me that if your Flarum does not have ads, or analytics, any other cookies in Flarum are probably essential and don’t have to be called out. Although, I’m bracing myself for people replying to this disagreeing. Because there’s always a disagreement on this topic. And because like with SEO, it seems parts of GDPR are still a little subjective.
Also, I do not use analytics other than my host’s default Awstats. Which creates raw access logs. These logs include IP addresses. I’m reading two opinions on this. 1) In this case, usually, an access log like the one provided by Awstats is for bandwidth / security purposes. Therefore, it is exempt. Because it is for security. Not to identify someone. And in order to use an IP to fully identify someone, you have to have the ISP give you the person’s account info. And so if you aren’t needing to do that, it’s not quite an identifiable piece of data by itself. At least that’s one opinion I’ve read.
The other opinion is, it’s cut and dry. IPs are always personal info. And so if my web host uses Awstats, and there isn’t an easy way for me to turn that off, I could never be 100% compliant.
I still have a lot more reading to do. But so far, I think at least for some things out there, people might be doing certain things wrong.