Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
jQuery UI is the user interface widget and interaction library that sits on top of jQuery. It provides ready made widgets (datepicker, dialog, autocomplete, tabs, accordion), interactions (draggable, droppable, sortable, resizable) and a theming system. jQuery UI does not set cookies and does not phone home. Like jQuery, the only privacy concern comes from whether the library is self-hosted or fetched from a US controlled public CDN.
jQuery UI is an open source widget and interaction library that builds on top of jQuery. Maintained under the OpenJS Foundation, it provides a date picker, autocomplete, dialog, slider, sortable list, draggable and droppable interactions, and a theming engine with the famous ThemeRoller. On a website jQuery UI appears as a JavaScript file plus an associated CSS stylesheet (and an image sprite for themes), loaded either bundled with the application or fetched from code.jquery.com, ajax.googleapis.com or cdnjs.cloudflare.com.
jQuery UI does not set cookies. It does not write to localStorage and it does not perform any browser fingerprinting. Some widgets may read user input or store state in JavaScript variables, but nothing is persisted in browser storage by the library itself. The only data exchanged with the network is the HTTP request that downloads the script and stylesheet from the hosting CDN.
As with any third party JavaScript file, the loading itself does not store information on the user device, so Article 5(3) ePrivacy strict consent rule for terminal storage does not apply. However, the request transmits the visitor IP to the CDN, which is personal data under the GDPR. The Bonn Regional Court ruling on Google Fonts confirmed that this kind of transmission requires a clear legal basis or prior consent when the CDN is in a third country.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All three main jQuery UI CDNs are US controlled: code.jquery.com (operated by jQuery Foundation through StackPath / Edgio), ajax.googleapis.com (Google) and cdnjs.cloudflare.com (Cloudflare). Google LLC and Cloudflare Inc. are certified under the EU-US Data Privacy Framework, providing an adequacy basis. Self-hosting on an EU server eliminates the transfer entirely.
Self-hosted jQuery UI relies on Article 6(1)(f) GDPR legitimate interest. A public CDN deployment should either gather opt-in consent before the script loads, or rely on a documented legitimate interest with a clear privacy notice. Self-hosting remains the simplest path for European websites.
Audit every page for jquery-ui script and stylesheet tags pointing to an external origin, download both files and the matching theme assets, host them on your own domain or on an EU CDN, add Subresource Integrity hashes, document the choice in the privacy notice, and consider whether jQuery UI is still required: many of its widgets have native HTML or modern framework alternatives.
Websites using jQuery UI must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not necessary for jQuery UI. A short transfer impact assessment is enough when the library is loaded from a non-EU CDN: document data minimisation (IP only), the EU-US Data Privacy Framework certification of the CDN provider, and the option of self-hosting.
Sample consent text
This website uses jQuery UI for interactive widgets such as date pickers and dialogs. jQuery UI does not set cookies. When the library is loaded from a third party content delivery network, your IP address is shared with the CDN provider; in that case we ask for your consent before requesting the script.
Third-party domains contacted
code.jquery.comajax.googleapis.comcdnjs.cloudflare.comjqueryui.comThis service may collect user data. Ensure GDPR compliance with FlowConsent.
No. jQuery UI does not set cookies, does not use localStorage and does not collect telemetry. It only manipulates the DOM for its widgets and interactions.
Self-hosted jQuery UI requires no specific consent. Loading the library from a public US CDN may require consent because the visitor IP is transmitted to a non-EU provider, per the Bonn Regional Court ruling on Google Fonts.
Legitimate interest under Article 6(1)(f) GDPR when self-hosted. Public CDN deployments need either prior consent or a documented legitimate interest with a clear privacy notice.
Only if loaded from a US CDN (code.jquery.com via StackPath / Edgio, ajax.googleapis.com via Google, cdnjs.cloudflare.com via Cloudflare). Self-hosting on an EU server avoids any cross-border transfer.
No. A short transfer impact assessment is enough for the CDN scenario.
Self-host the JavaScript, CSS and theme image sprite from your own domain or an EU CDN. Add Subresource Integrity hashes and a Content Security Policy that pins the script and stylesheet sources.
Native HTML elements (input type=date, dialog), modern UI libraries such as Headless UI, Radix UI, Shoelace and Material Web Components, or framework specific component sets in React, Vue, Svelte or Angular.
If self-hosted, no specific mention is needed. If a third party CDN is used, list the provider, mention the IP transfer on each load and the applicable EU-US Data Privacy Framework or Standard Contractual Clauses basis.