Shane,
Thanks for the clarification of these carve-outs. I have a couple of questions/ comments about the normative part.
Capping data collection and use SHOULD be limited to only campaign IDs and frequency counters where possible.
What would it take to make that a MUST? What are the other collected data that can be required for frequency capping?
Information such as what targeting criteria existed for a particular ad campaign MAY need to be retained for audit purposes to demonstrate an ad server met its obligations to an advertiser.
Could we have more detailed about these criteria. As I understand it, an ad campaign may be targeted on the following criteria:
- IP address (location and language),
- User Agent (take for instance the Chrome ad campaign),
- The visited website (contextual advertising).
Also could this sentence be rephrased "Information such as what targeting criteria existed for a particular ad campaign MAY need to be retained for audit purposes to demonstrate an ad server met its obligations to an advertiser."
Thanks,
Vincent