ACTION-73: Write-up Do Not Collect Identifiable Information

Write-up Do Not Collect Identifiable Information

Ninja Marnau
Due on:
February 1, 2012
Created on:
January 25, 2012
Associated Issue:
Related emails:
  1. post-call housekeeping & upcoming discussions (from on 2012-04-18)
  2. agenda: 18 April 2012 call (from on 2012-04-18)

Related notes:

When completing this action item, please make sure to:
- include issue-5 in the subject line
- describe specifically how you think this should work
- include use cases and examples that illustrate the edges

Aleecia McDonald, 26 Jan 2012, 10:38:34

Do Not Collect Identifiable Data

I try to sum up, what we've discussed so far:

1. Collection: Third parties Must Not collect data to the extent possible.

Don't set or collect unique identifiers (outside of exceptions or to answer a user-agent request).

2. Retention: Third parties must not retain any data which is identifiable outside
legitimate exceptions according to the DNT Compliance Document with a limited purpose

Problematic are longer retention periods for identifiable data (e.g. IP Adresses)
for purposes of security or litigation
We want to address this by data segregation, purpose limitation, retention periods

3. Correlation: Third Parties Must Not correlate anything for the purpose of identifying a user

Best regards,

Matthias Schunter, 1 Feb 2012, 22:59:35

From 18 April call, closed Action-73, action-74, action-76, action-77, action-78: these were the five views from Belgium (remember to forget me, etc.) which are incorporated in other drafts

Aleecia McDonald, 18 Apr 2012, 19:03:33

Display change log.

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: 73.html,v 1.1 2019/02/01 09:32:22 vivien Exp $