The World Wide Web Consortium (W3C) is developing a standard, Platform for Privacy Preferences Project (P3P), that will let Web sites communicate their privacy practices to end users (see www.w3.org/TR/P3P). UAs (user agents) built into browsers and other Internet applications will be able to read this format automatically. If a site's privacy practices are not in agreement with individual, user-set preferences, the discrepancies will be displayed. P3P's goal is to build trust between users and Web site operators without requiring users to read and interpret the site's privacy policies. However, it holds no guarantees that sites adhere to the policies (see "Monitoring and Privacy: Is Your Head Still in the Sand?").
P3P does not have the force of law, but it does complement legislative efforts to protect privacy. It also does not secure personal data in transit or storage, and leaves data-transfer mechanisms for future revisions (for a critical take on P3P, see www.epic.org/reports/prettypoorprivacy.html).
Despite these limitations, many organizations -- including Akamai Technologies, America Online, AT&T, Hewlett-Packard, IBM, IDcide, Microsoft, Netscape and Truste -- see P3P as a step toward protecting privacy on the Internet (see www.w3.org/P3P/implementations).
The P3P Promise
P3P comprises a standardized set of questions for privacy policies that, when answered, give a user a clear view of how a site collects and uses personal information without that user's reading a detailed policy. P3P provides a way for sites to encode data-collection and data-use practices in a machine-readable XML (Extensible Markup Language) format, known as a P3P policy. P3P policies can be retrieved and interpreted automatically by UAs incorporated into browsers.
The P3P specification transforms human-readable privacy policies into machine-readable policies using XML. A P3P policy identifies an entity responsible for the privacy policy, details the types of data collected by the entity and explains how the data is used. It also identifies data recipients and makes other disclosures pertinent to privacy, such as a dispute-resolution process and the location of the site's human-readable privacy policy. P3P policies are affirmative, stating what they do, not what they don't do.
UAs that parse P3P policies can be built into browsers, browser plug-ins or proxy servers. They also can be implemented as Java applets or JavaScript and included with electronic wallets or other data-management tools. UAs fetch (get) a P3P policy and compare it with preferences configured by the user; preferences are expressed in APPEL, a P3P Preferences Exchange Language (see www.w3.org/TR/P3P-preferences).
If the policy is consistent with the user's preference and the proposed transfer complies with the stated policy, the UA authorizes the transfer of data. Otherwise, the user is informed of the discrepancy and given the option of releasing the data. UAs can play sounds, display symbols and even generate dialog boxes to inform users that a privacy policy is consistent or inconsistent with set preferences.
Let's say, for example, I'm using a P3P-enabled browser and surf to a site called syr-real-world.com to subscribe to a newsletter about Network Computing's labs. Our fictitious site has placed
a link to a P3P policy
<link rel="p3pv1"href="http://www.syr-realworld.com/P3P/privacy.xml">
in the source code of each page and collects information by reading cookies and access logs. My browser fetches the P3P policy, parses it and compares the policy with my preconfigured preferences. If my preferences find cookies and data gathered from access logs acceptable, the page displays normally. If not, a pop-up box warns me that the site is not in agreement with my privacy preferences.
|
 |
RSS
