The privacy of an individual's personal data on the Internet is a top concern for business, government, media and the public. Opinion surveys consistently show that privacy concerns are a leading impediment to the further growth of Web-based commerce. Initial efforts by Web sites to publicly disclose their privacy policies have had some impact. But these policies are often difficult for users to locate and understand, too lengthy for users to read, and change frequently without notice.
P3P 1.0, developed by the World Wide Web Consortium, is emerging as an industry standard providing a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. At its most basic level, P3P is a standardized set of multiple-choice questions covering all the major aspects of a Web site's privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users.
P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P-enabled browsers can"read" this snapshot automatically and compare it to the consumer's own set of privacy preferences.
P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see.
In short, the P3P specification brings ease and regularity to Web users wishing to decide whether and under what circumstances to disclose personal information. User confidence in online transactions increases as they are presented with meaningful information and choices about Web site privacy practices.
"The World Wide Web Consortium, the group that designs standards
for the Web, is creating a new way [P3P] for Web sites to transmit the site's
privacy policy automatically, and allow users to signal only the information
they are willing to share."
-- The New York Times 2/22/2000
The P3P standard is designed to do one job and do it well - to communicate to users, simply and automatically, a Web site's stated privacy policies, and how they compare with the user's own policy preferences. This, in itself, is a major step forward.
P3P does not set minimum standards for privacy, nor can it monitor whether sites adhere to their own stated procedures. Addressing all of the complicated, fundamental issues surrounding privacy on the Web will require the appropriate combination of technology, a legal framework and self-regulatory practices.
The P3P 1.0 specification is now advancing through the W3C process towards its final state as a W3C recommendation over the next year. The experience of implementers and feedback from businesses, policy makers and users around the world will be critical in shaping the final technology design.
"In the context of proper legislation, P3P is the most promising
solution to cyberspace privacy. It will make it easy for companies to explain
their practices in a form that computers can read, and make it easy for
consumers to express their preferences in a way that computers will
automatically respect."
-- Professor Lawrence Lessig, Stanford Law School
Nine aspects of online privacy are covered by P3P. Five topics detail the data being tracked by the site.
The remaining four topics explain the site's internal privacy policies.
"P3P will help responsible online businesses empower users to
choose the privacy relationship best for them."
-- Christine Varney, former
FTC Commissioner
P3P enables Web sites to translate their privacy practices into a standardized, machine-readable format (Extensible Markup Language XML) that can be retrieved automatically and easily interpreted by a user's browser. Translation can be performed manually or with automated tools. Once completed, simple server configurations enable the Web site to automatically inform visitors that it supports P3P. See the P3P technical report for complete technical specifications.
On the user side, P3P clients automatically fetch and read P3P privacy policies on Web sites. A user's browser equipped for P3P can check a Web site's privacy policy and inform the user of that site's information practices. The browser could then automatically compare the statement to the privacy preferences of the user, self-regulatory guidelines, or a variety of legal standards from around the world. P3P client software can be built into a Web browser, plug-ins, or other software.
"The Platform for Privacy Preferences (P3P) is the most
sophisticated proposal that has been made from a technical perspective so far to
enhance privacy protection on the Web... [while] it cannot replace a regulatory
framework of legislation, contracts, or codes of conduct... it [can] operate
within such a framework."
-- Dr. Alexander Dix, LL.M., Commissioner for Data
Protection and Access to Information, State of Brandenburg, Germany
The following companies and organizations have been active participants in developing P3P.
|
|
The World Wide Web Consortium (W3C) was founded in 1994 by Tim Berners-Lee, the inventor of the Web, to promote universal access and to guide the Web's development with careful consideration for the novel legal, commercial, and social issues raised by this technology.
A non-profit, industry-supported consortium it includes researchers and engineers from more than 420 participating institutions W3C is jointly administered by MIT's Laboratory for Computer Sciences (MIT-LCS) in the U.S., the National Institute for Research in Computer Science and Control (INRIA) in France, and Keio University in Japan. W3C has developed and published more than twenty technological recommendations for the Web, including HTML, XML, and CSS.
If you are interested in implementing P3P, visit the P3P Home Page. For more information on joining the W3C or its P3P Working Groups, please contact any of the following:
Lorrie Cranor, Specification Working Group Chair, AT&T, lorrie@research.att.com
Janet Daly, Head of Communications, W3C,janet@w3.org
Harriet Pearson, Policy Outreach Working Group Co-Chair, IBM, hpearson@us.ibm.com
Ari Schwartz, Policy Outreach Working Group Co-Chair, Center for Democracy and Technology, ari@cdt.org
Daniel Weitzner, Technology and Society Domain Leader, W3C, djweitzner@w3.org
Rigo Wenning, Policy Analyst, W3C, rigo@w3.org
This brochure was prepared for the June 21, 2000 P3P interop event. It is available as a single PDF file or as separate PDF files for each page. The single file version must be reduced in order to print on 8.5 x 11 or A4 paper.
Individual pages in PDF
Copyright © 1997-2003 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.
last revised $Date: 2003/06/16 14:32:13 $ by $Author: slesch $