Privacy/TPWG/Change Proposal Retention Permitted Uses
Proposal: Limits on unique identifiers in permitted uses
Regardless of DNT signal, protocol information may be collected, retained and used for up to 4 weeks to limit the number of times that a user sees a particular advertisement, often called frequency capping, as long as the data retained do not reveal the user’s browsing history. Parties must not construct profiles of users or user behaviors based on their ad frequency history, or otherwise alter the user’s experience.
Billing and auditing
Security and Fraud
It is a best practice to approach security and fraud issues with a graduated response where appropriate, retaining the minimal amount of data that is necessary for security and fraud purposes, and expanding the scope of data retention only when it becomes necessary to do so once a particular issue has been discovered.
Proposal: Limit duration of persistent identifiers
To be added to the section "Data Minimization, Retention and Transparency":
If persistent identifiers are used then their duration SHOULD be limited to the maximum necessary for such permitted use.