Privacy/TPWG/Change Proposal Unique Identifiers

From W3C Wiki
< Privacy‎ | TPWG

Proposal: Limits on unique identifiers in permitted uses

Proposal from Dan Auerbach; issue-199

New text

For the permitted uses, except for short-term debugging:

Parties must not collect or use unique identifiers of users, user agents or devices in association with this data.

Proposal: Persistent identifiers

Proposal from Mike O'Neill; issue-199

New text

Propose referring to "persistent identifier" instead of "unique identifiers" in each case, with the following definition:

A persistent identifier is an arbitrary value held in, or derived from other data in, the user agent whose purpose is to identify the user agent in subsequent transactions to a particular web domain. It may be encoded for example as the name or value attribute of an HTTP cookie, as an item in localStorage or recorded in some way in the cache.

The duration of a persistent identifier is the maximum period of time it will be retained in the user agent. This could be implemented for example using the Expires or Max-Age attributes of an HTTP cookie so that it is automatically deleted by the user agent after the specified time period is exceeded.

Browser fingerprinting is a method of tracking based on creating a persistent identifier from other information either inherent in the content request or already stored in the user agent. Such an identifier may not need itself to be stored in the user-agent as it can be calculated again in subsequent transactions. It follows from this that its duration is effectively unlimited.


With the duration definition, restrictions on permitted uses could then be made that limit the duration of persistent identifiers. Because browser fingerprinting cannot be given a finite duration this tracking method should not be used when DNT is set even if it is for a permitted use. In reality browser fingerprinting solely based on examining initial content requests is usually not an effective tracking method because the combination of IP addresses and other headers are not sufficiently user specific, but we should rule out at least the more complex form when DNT is set.

Editors' Draft Text

Third parties MUST make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained, and MUST NOT rely on unique identifiers for users or devices if alternative solutions are reasonably available.