Issue-5: Do Not Collect Identifiable Data

Issue 5

Do Not Collect Identifiable Data

I try to sum up, what we've discussed so far:

1. Collection: Third parties Must Not collect data to the extent possible.

	Don't set or collect unique identifiers (outside of exceptions or to 
answer a user-agent request).

2. Retention: Third parties must not retain any data which is 
identifiable outside
legitimate exceptions according to the DNT Compliance Document with a 
limited purpose

	Problematic are longer retention periods for identifiable data (e.g. IP 
Adresses)
	for purposes of security or litigation
	We want to address this by data segregation, purpose limitation, 
retention periods

3. Correlation: Third Parties Must Not correlate anything for the 
purpose of identifying a user


Best regards,
Ninja
-- 

Ninja Marnau
mail: NMarnau@datenschutzzentrum.de - http://www.datenschutzzentrum.de
Telefon: +49 431/988-1285, Fax +49 431/988-1223
Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein
Independent Centre for Privacy Protection Schleswig-Holstein

Received on Thursday, 26 January 2012 13:54:40 UTC