ACTION-73: Write-up Do Not Collect Identifiable Information
Write-up Do Not Collect Identifiable Information
- State:
- closed
- Person:
- Ninja Marnau
- Due on:
- February 1, 2012
- Created on:
- January 25, 2012
- Associated Issue:
- ISSUE-5
- Related emails:
- post-call housekeeping & upcoming discussions (from aleecia@aleecia.com on 2012-04-18)
- agenda: 18 April 2012 call (from aleecia@aleecia.com on 2012-04-18)
Related notes:
When completing this action item, please make sure to:
- include issue-5 in the subject line
- describe specifically how you think this should work
- include use cases and examples that illustrate the edges
Do Not Collect Identifiable Data
I try to sum up, what we've discussed so far:
1. Collection: Third parties Must Not collect data to the extent possible.
Don't set or collect unique identifiers (outside of exceptions or to answer a user-agent request).
2. Retention: Third parties must not retain any data which is identifiable outside
legitimate exceptions according to the DNT Compliance Document with a limited purpose
Problematic are longer retention periods for identifiable data (e.g. IP Adresses)
for purposes of security or litigation
We want to address this by data segregation, purpose limitation, retention periods
3. Correlation: Third Parties Must Not correlate anything for the purpose of identifying a user
Best regards,
Ninja
--
From 18 April call, closed Action-73, action-74, action-76, action-77, action-78: these were the five views from Belgium (remember to forget me, etc.) which are incorporated in other drafts
Aleecia McDonald, 18 Apr 2012, 19:03:33Display change log.