June change proposal: permitted uses

*

De-identified data use


A third party MAY use de-identified data for any purposes whatsoever.


Short-term use and debugging


A third party MAY use protocol information (e.g. HTTP header information
and IP address information) for any purpose, subject to a one week
retention period. Limited retention of data beyond this period for
debugging purposes may occur, provided the data is only used for
debugging purposes and only retained as long as necessary for those
purposes. If data is being retained for more than 6 months for debugging
purposes, notice must be given in the privacy policy that some data is
being retained for greater than 6 months for debugging.


Frequency capping


Regardless of DNT signal, protocol information maybe collected, retained
and used for up to 4 weeks to limit the number of times that a user sees
a particular advertisement, often called frequency capping, as long as
the data retained do not reveal the user's browsing history. Parties
must notcollect or use unique identifiers of users, user agents or
devices in association with this data. Parties must notconstruct
profiles of users or user behaviors based on their ad frequency history,
or otherwise alter the user's experience.


Billing and auditing


*

**

*Regardless of DNT signal, protocol information maybe collected,
retained and used for billing and auditing for up to 6 months, or longer
if notice is given in the privacy policy with an explanation of why the
extra retention is necessary. Parties must notcollect or use unique
identifiers of users, user agents or devices in association with this
data. This may include, for example, counting ad events, verifying
positioning and quality of ad impressions, or data that an auditor
explicitly requires to be retained.*

**

*

Security and Fraud


To the extent proportionate and reasonably necessary for detecting
security risks and fraudulent or malicious activity, parties maycollect,
retain, and use protocol data regardless of a DNT signal for up to 6
months, or longer if notice is given in the privacy policy with an
explanation of why the extra retention is necessary. Parties must
notcollect or use unique identifiers of users, user agents or devices in
association with this data. This includes data reasonably necessary for
enabling authentication/verification, detecting hostile and invalid
transactions and attacks, providing fraud prevention, and maintaining
system integrity. In the context of this specific permitted use, this
information maybe used to alter the user's experience in order to
reasonably keep a service secure or prevent fraud. Data maybe kept
beyond 6 months or the published retention period for a specific ongoing
investigation or for legal purposes, but general data collection for
security and fraud mustbe limited to 6 months or the published retention
period.


It is a best practice to approach security and fraud issues with a
graduated responsewhere appropriate, retaining the minimal amount of
data that is necessary for security and fraud purposes, and expanding
the scope of data retention only when it becomes necessary to do so once
a particular issue has been discovered.*

-- 
Dan Auerbach
Staff Technologist
Electronic Frontier Foundation
dan@eff.org
415 436 9333 x134

Received on Wednesday, 26 June 2013 06:34:41 UTC