disclosures of all keys used in storage in build process

[patmmccann]

Article 5(3) of e-privacy directive requires clear and comprehensive information provided to users on all use of strorage. We'd like to consider a documentation requirement that anyone using storage lists the keys used and what the use is.

[patmmccann]

Additional scope could include generation of all the keys prebid sets in the build process or download process for the selected adapters.

[jwrosewell]

There are two developments that will likely impact the detailed implementation and use cases for this improvement.

1. UK ICO have a consultation open until mid March concerning ePrivacy. Once ICO publish their position then it will inform how to address this in a future proof manner. A specific example is how much TCF can be relied upon.
2. The SRB appeal is due to be settled. The AG opinion is now available. It's now clear what the conditions are for data to be personal data and thus if consent for storage alone is needed.

[dgirardi]

Additional scope could include generation of all the keys prebid sets in the build process or download process for the selected adapters.

I expect this to be much harder (and less well defined) than just disclosing the use and purpose of storage. Should we go with just the latter for 10?