Silicon Press Logo
Spacer Spacer

Platform for Privacy Preferences (P3P)
Technology Brief


PDF Version
Get Acrobat Reader

Privacy Concerns

Many Web users worry about the personal information that is being collected by websites. Many other users do not even know that websites are collecting personal information. Websites not only collect personal information but they also use sophisticated tools to correlate the information collected by them and others to form comprehensive user profiles. Users do not know what the websites will do with this information and they worry that their privacy is being compromised. Websites collect user information to understand user preferences and use it personalize the content delivered and to enhance sales. Some websites also sell or share this information with other businesses. Websites develop user profiles by assembling and correlating information that they get from
  • using cookies (to track the user's identity and website interaction),
  • the browser, which supplies information such as IP address, operating system and browser types,
  • determining the referring site,
  • tracking pages visited by the user,
  • purchases made by the user, and
  • other voluntary actions of the user such as registering at the websites.
Incidentally, behind the scenes, advertising networks collect and correlate information about their affiliate websites visited by users. Sophisticated users are turning off cookies. Although this makes the user of a website anonymous (except when the user voluntarily provides identifying information), this also makes it hard for the website to personalize content for the user. Moreover, many services offered by websites are not available to users who refuse to divulge personal information when registering. Some Web sites state their privacy policies specifying what will the collected information be used for, whether this information may be sold to third parties, and whether the data collected is stored in individual records or only in statistical aggregates.

What is P3P?

P3P is a protocol standard being developed by W3C, to address user privacy concerns. P3P provides a framework for specifying, publishing, and reading privacy policies, which are specified using XML. Web browsers can match these policies against user preferences and alert the user in case of conflicts. Some P3P goals:
  • Allow users to control the data that websites collect about them.
  • Allow users to easily find and understand a website's privacy polices.
  • Increase trust between the website and its users.
P3P addresses the following items relating to data collection:
  • Who is collecting the data?
  • Why is the data being collected?
  • What will the data be used for?
  • Which information will be shared with others?
  • Who are these data recipients?
P3P also addresses the following items relating to a company's privacy policies:
  • Can website visitors make changes regarding the use of their data?
  • How can disputes relating to data collection and its use be resolved?
  • What is the policy for the length of time the data will be kept?
  • Where can the details of a company's privacy policies be found in a human-readable form?

How does P3P Work?

P3P works at follows:
  • P3P-compliant websites use the P3P framework to describe, publish, and implement privacy policies.
  • P3P-enabled browsers allow users to specify privacy preferences indicating the data that websites can collect and how this data can be used. Browsers will provide a simple interface, such as a standardized set of multiple-choice questions that users answer, to specify their preferences.
  • P3P-enabled browsers read the privacy policies of a website and compare them with the user's privacy preferences. Users are automatically alerted in case of conflicts.
A P3P-compliant website will provide a policy reference file that contains the URLs of policy files specifying privacy policies for different parts of the website. Incidentally, P3P files can be generated using P3P policy generators, which provide a graphical user interface (GUI) to enter information about a website's privacy practices.

P3P-enabled browsers operate as follows. When a user enters a URL, the browser requests the website for its privacy policy. Upon getting the privacy policy, the browser compares it with the user's preferences. If there are no conflicts, the browser requests the Web page. The browser then ensures that the Web page does not conflict with the user's preferences (for example, it may have cookies even though the privacy policy says otherwise). In case of a conflict, the browser alerts the user who can then decide how to proceed. Incidentally, the latest version of Microsoft's popular web browser, the Internet Explorer, implements P3P.

What Does a P3P Policy File Contain?

A P3P policy file, which is an XML file, contain elements (items) such as
  • entity: Identifies the company specifying the privacy policy.
  • disputes-group: Information about the processes used for resolving disputes relating to privacy.
  • consequence: A text description of the privacy policy.
  • purpose: A formal listing of the uses for the data being collected.
  • recipient: The person who will get the data (could be just the website, its shipper).
  • retention: The duration for which the data be kept (for example, indefinitely).
  • data-group: The data being collected (for example, the Web pages visited by the user and the type of user's browser).

What are Some Advantages of P3P?

Some of advantages of using P3P are:
  • Users can control the data about them that websites can collect and what they can do with it.
  • Makes privacy policies of websites transparent by making them easier to publish, find, read, and check against user preferences.

What are Some P3P Issues?

Some issues relating to the use of P3P are:
  • Users may get a false sense of security since there is no automatic way of enforcing P3P compliance. Websites can misrepresent the true purpose of the data collection.
  • Most websites collect little or no data about users. Implementing P3P will not benefit them and they will be reluctant to incur the extra cost.
  • Critics say that by advocating P3P companies want to avoid government regulation to ensure that companies do not violate user's privacy rights.

Where Can I Find More Information About P3P?


Google
 
Web www.silicon-press.com
About SP   FAQs   Authors   Custom Reports   Our Partners   For Partners