EDPS: Guidelines on the protection of personal data processed through web services provided by EU institutions (Nov 2016)

https://edps.europa.eu/sites/edp/files/publication/16-11-07_guidelines_web_services_en.pdf

incl. also interesting links to other EU papers (e.g. on cloud)
Sadly from Nov 2016, so with GDPR in mind, but not in force, yet.

Covered technologies include
 Cookies
 Scripts (such e.g. JavaScript code) and components (such as browsers plugins) to be executed on the client side.
 Web caching mechanisms
 HTML5 local storage
 “Device fingerprinting”
 “Canvas fingerprinting” and “Evercookies”
 Web beacons