I think attempting to mirror what persistent (cross-browser-session) cookies do without technically using cookies is surely in violation of the spirit, if not the explicit letter, of privacy laws.
I don't want to be in court saying, "But I used LocalStorage, your honor! You just said I couldn't use document.cookie!"
What I would like to dive into is whether temporary (same-session) client-side tracking is ever legally allowed. That is, has someone opted out of having their click path known across a few pages -- this could be readily done using SessionStorage -- in order to change page content. I'm sure there would be 3 different answers from 3 different lawyers, though. 
Hi Sanford,
Fully agreed with you, I am pretty sure that a judge would not bother much to make a difference between a cookie and a local storage 
. My question to PM a long time ago was about the usage of fingerprinting instead of cookies, to remove any need for local storage. But anyhow, your comment remains: this would probably violate the spirit of the laws anyway...
The EU is working on an e-privacy directive that will make the use of Cookies more flexible BUT strictly enforce the compliance to DNT browser settings. I do not know how DNT is really enforced in browsers. Is it "No Cookie at all" or does it means that in sessions cookies are allowed but all cookies are cleansed when the session ends ? I should run a test, but if anyone has ever tried, that would save some time
-Greg
And in this case, what does the Marketo setting do ? prevent Munchkin from firing ? make Marketo cookie a session cookie ?
-Greg
.png)