EDPS: Guidelines on the protection of personal data processed through web services provided by EU institutions (Nov 2016)


incl. also interesting links to other EU papers (e.g. on cloud)
Sadly from Nov 2016, so with GDPR in mind, but not in force, yet.

Covered technologies include
 Cookies
 Scripts (such e.g. JavaScript code) and components (such as browsers plugins) to be executed on the client side.
 Web caching mechanisms
 HTML5 local storage
 “Device fingerprinting”
 “Canvas fingerprinting” and “Evercookies”
 Web beacons