[hedora]

In the eyes of the law, how is storing and sending the guid later different from storing and sending a cookie?

Edit: the GPDR link specifically says identifier numbers are personal information, and I don’t see a carve out for allowing targeted marketing campaigns to use them to measure/improve targeting performance.

Wrong link, maybe?

[yllus]

Sorry, use of the term GUID confused things - I meant that if an identifier string is generated when you click on the ad, and the purpose is to simply see if that identifier completes the app install and first use - that's not against GPDR. (In my head GUID means "unique identifier string".) Storing the GUID tells you nothing other than some device clicked on an ad and some device did or did not complete the app install.