So, I created an app that can be installed on websites via CloudFlare Apps. This is my app. This app only stores 1 data (in the form of datetime) on localStorage which is used to remember users that have clicked on the "Got it" button.
My questions are:
localStorage classified as personal information?I have little knowledge about the upcoming GDPR.
If you speak German the best articles about the consequences of the new GDPR are the series of the iX Journal.
A part from this series translates to something like this:
For Cookies that are used to enhance the User Experience of a Website, f.e. Session or Shopping Cart Cookies, the Interests of the Website Operator will outweight. Even the use for Webanalticys could as part of this balancing of interests be justified. But it will be necessary for Website Operators to enable the user the right to revoke the given permissions. - Source: iX January 2018
This was a very vague answer inside the January article of the iX. Today there is more information available about Cookie regulation. What you use your stored information to is not directly the GDPR (which regulates stuff like the right to export your user date from any site in a machine readable format) but rather the E-Privacy-Regulation, which can be seen as an additional Part of the GDPR.
Simpler rules on cookies: The cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rule will be more user-friendly, as browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy-intrusive cookies improving internet experience (like to remember shopping cart history) or cookies used by a website to count the number of visitors. — Source
In your specific case I would say it is not about if "localStorage" could be classified as Personal information. It is about what you store and why you store it. But as I see it, as long as this information is only used to enhance the User Experience, I think your on a good track.
To answer one of your part questions I don't think you can say something like: "Everything stored in localStorage is allowed or disallowed". I think it will always be what you store, why you store it and if you process it.
If your whole app is Compliant is hard to tell from such a far point of view. For example, the GDPR classifies dynamic IP addresses as personal information. If you store and process the IP address you would need to inform the users of your Plugin. But most important the GDPR targets mostly Website-Operators. As I see your app, you "just" provide a plugin. So the users of your plugin would need to include special terms inside their privacy policy if there were any information stored that would need this.
What is important to say, I'm rather a lawyer nor a Compliance Officer.