Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
vxe-table is an open source Vue.js data table component published under the MIT license by the x-extends community. It renders rich tables, grids, editable cells, virtual scrolling and tree views entirely on the client and does not set cookies, fingerprint visitors or call vendor servers. Because no personal data leaves the browser, embedding vxe-table in a European website carries minimal GDPR and ePrivacy exposure as long as the bundle is self hosted rather than loaded from a public third party CDN.
vxe-table is a feature rich data grid component for Vue.js, maintained by the x-extends community and distributed under the permissive MIT license. It targets developers who need editable tables, virtual scrolling, grouping, filtering, tree grids and form integration without paying for a commercial library. Because every feature runs in the visitor browser using JavaScript shipped with the page, vxe-table belongs to the family of pure UI libraries that have almost no privacy footprint of their own.
vxe-table is published as an npm package and bundled into the consumer application during the build step. At runtime the compiled JavaScript executes inside the user browser, reads data that the host application already holds in memory, and renders rows, columns and editors. No vendor controlled server takes part in the request lifecycle. Optionally the library can be loaded from a public content delivery network, but most production deployments ship it inside the main application bundle on the publisher own domain.
vxe-table does not write to document.cookie, does not use localStorage or sessionStorage for any vendor purpose, does not generate device fingerprints and does not phone home. The component receives the data the application chooses to display (for example a customer list, a product catalogue or an internal report) and renders it; that data never leaves the page. As a result the library itself does not create any cookie that needs to appear in a consent banner.
Article 5(3) of the ePrivacy Directive only requires consent when an operator stores information on, or accesses information already stored on, the user terminal. Because vxe-table performs neither operation it falls outside the scope of the cookie rule. Under GDPR the library is not a separate processor: it is a piece of code that runs within the controller own application, comparable to a charting library or a date picker. The processing of personal data shown inside the grid is governed by the application data flow, not by vxe-table.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No consent banner entry is mandatory for vxe-table when it is bundled with the application and served from the publisher own domain. If the team chooses to load the script from a public CDN such as jsDelivr or unpkg, the CDN operator will see the visitor IP and the URL of the requested asset. That transfer should be mentioned briefly in the privacy notice under technical delivery providers, but legitimate interest is normally the appropriate legal basis and a banner opt in is not needed.
Self host the bundle through the application build pipeline rather than loading it from a third party CDN; pin a specific version, verify the integrity hash, and review the MIT license text in the project documentation. If sensitive personal data is shown inside the grid, apply the same access controls, retention rules and minimisation principles to that screen as to any other view in the application. Document the library in the software bill of materials so that future security advisories can be triaged quickly.
Websites using vxe-table must obtain user consent under GDPR regulations.
DPIA considerations
A formal Data Protection Impact Assessment under Article 35 GDPR is not triggered by vxe-table because the library does not process personal data on behalf of the controller. Standard records of processing activities should still mention the rendering of any personal data shown inside the table (for example customer lists), but the responsibility sits with the application logic, not with the component itself. If the library is fetched from a public CDN the controller should document that transfer of the visitor IP to the CDN provider.
Sample consent text
No consent banner entry is required for vxe-table when the bundle is served from the publisher own domain. If the operator loads the script from a public CDN such as jsDelivr or unpkg, list that CDN in the privacy notice under technical delivery providers and rely on legitimate interest, no opt in is needed because no cookies or identifiers are placed.
Third-party domains contacted
cdn.jsdelivr.netunpkg.comregistry.npmjs.orgThis service may collect user data. Ensure GDPR compliance with FlowConsent.
None. vxe-table is a pure client side Vue.js component that does not write to document.cookie, localStorage or sessionStorage for any vendor purpose. It only renders the data that the application passes to it.
No. Article 5(3) of the ePrivacy Directive applies only when a service stores or reads information on the user device. Because vxe-table does neither, it can be loaded without a prior opt in.
No GDPR legal basis is required for the library itself because no personal data is processed by vxe-table. The personal data that the application chooses to render inside the grid relies on whatever basis already covers the underlying business processing.
No, provided that the bundle is self hosted. If the publisher loads vxe-table from a public CDN such as jsDelivr or unpkg, the visitor IP address transits to that CDN operator; choose a CDN with EU points of presence or self host the asset to avoid any third country transfer.
No. A Data Protection Impact Assessment under Article 35 GDPR is not triggered by vxe-table because the library does not process personal data on behalf of the controller. A DPIA may still be required because of the underlying business processing shown inside the table.
Install the package via npm or yarn, pin a specific version, run a license audit to confirm MIT compatibility, bundle and serve the asset from your own domain, and apply your standard application access controls to any screen that displays personal data inside the grid.
Other Vue.js data grid libraries with a similar privacy footprint include element plus table, naive ui data table, primevue data table and ag grid community edition. All of them run client side and do not introduce vendor servers; license terms and feature parity should drive the choice.
There is nothing to add to the cookie banner because vxe-table sets no cookies. If the script is loaded from a public CDN, add a short paragraph in the privacy notice describing that CDN as a technical service provider and the legitimate interest basis used to deliver static assets.