I thought GDPR cared mostly about uniquely identifying visitors which this does not do. You still need a cookie banner to state that you will put some data on their machine but you always need one of those.
That claim is false in Europe. You need to ask permission for this approach, because you're storing something on the user's device (the generated date in the cache) that isn't strictly necessarily. The ePrivacy directive says you need permission for that, nowhere does the law specify "cookies" it's about any kind of data stored on the user device.
True it does not matter if it’s a cookie, or whatever. You need to look to the ePrivacy directive article 5.3 for which exemption case applies. In the case of timestamps, it would be case A :
> when the cookie is used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network” (“Exemption A“)
Since the timestamp is no longer used solely for this purpose, you need consent.
reply