Document last modified 5/20/2003
Reference links last updated 5/20/2003
On January 28, 2002, the W3C released a proposed specification of the Platform for Privacy Preferences Project or P3P. P3P is emerging as an industry standard providing a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. The recommended standard enables Web sites to express their privacy practices in a standardized format that can be retrieved and interpreted by user agents (other programs, browsers, and so on). For in-depth analysis and guidelines, please visit the W3C P3P site.
With the passage of Arkansas Act 1713, state and local government entities are now required to have machine readable privacy policies incorporated into their web sites. Act 1713 does not mandate the use of the P3P standards, but the fact that standards have been developed leads to the recommendation that Arkansas governmental entities follow the W3C P3P standards.
Description of P3P
The W3C describes P3P as:
"... a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users. P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences. P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see."
With an XML-based machine-readable privacy statement in place on a web sites, customers can set browsers or other tools to report on the ways personal information is used on web sites they visit. As an example, a person might decide they don't want to go to any site that sells information to third parties. Using a browser that understands P3P, it is possible to set up a rule that recognizes that policy. Then, whenever that person visited a site that indicated in the p3p.xml file the sale of information to third parties, the site would be blocked or the person visiting the site would receive a warning.
Another way that P3P helps consumers is through the mandatory ACCESS element. This element discloses how customers to the site can access personal data held by that site. The level of access may range from complete access to no access. But this allows the customers of the web site the chance to make an more informed choice.
Note that P3P does not solve all privacy issues on the Web. The main goal of the project is to encourage the disclosure of privacy practices by web sites. It would then allow the customer to compare the practices of a site with personal privacy preferences
Basic Steps to Implementing a P3P Policy On a Site
Create a Written Policy
Clarify any sub-policies
There may be portions of the site where cookies are allowed, or perhaps one site has stricter privacy policies than others. These should be understood, and written out as well.
Choose a P3P policy editor to build a policy
While it is possible to create the XML by hand, it is much simpler to use one of the policy generators. Some are listed in the table below.
Fill in all the fields in the generator
It's also a good idea to use any error checking supplied by the generator.
Upload the policy file(s) and policy reference file (p3p.xml) to a Web server
These files will be generated by the policy generator.
Validate the policy
Use the online validator at the W3C to verify that everything has been done correctly - available at http://www.w3.org/P3P/validator.html
Watch for changes to the specification
If the P3P specification changes, it may be necessary to change a P3P policy to keep it up-to-date.
Some Browsers that Support P3P Policy
Web browsers that support some or all of the P3P policy implementation: Microsoft Internet Explorer 6, Netscape 7.0, and Mozilla
Some P3P Policy Generators/Editors Available
|Product ||Description ||Cost ||Link |
|JRC P3P APPEL Privacy Preference Editor
Java P3P APPEL Privacy Preference Editor by JRC allows users to create/edit APPEL rulesets.
This easy-to-use Web-based Wizard quickly generates P3P policies that satisfy IE6's new privacy requirements. Available in both English and Spanish, P3PEdit generates: P3P policies (XML), P3P Compact Policies, Privacy Statements (HTML), and includes instructions and examples, technical support, staff review of the P3P implementation, and P3P Policy updates.
|P3P Policy Editor
P3P Policy Editor by IBM provides an easy-to-use interface for creating and updating Web site privacy policies using the P3P language, a standard currently under development at the W3C.
W3C provides the P3P Validator service, which checks if the web site is compliant with P3P.
Some Compact Policy Generators/Editors/Checkers
(These implementations deal with only compact policy)
|Name ||Description ||Link |
|Compact Policy Checker
|Compact Policy Validator
Utility to determine if your compact policy string is satisfactory using the P3P specification. Provides description of any errors in the compact policy.
|Name ||Description ||Link |
|Guide to Deployment
W3C instructions on how to deploy P3P on a website
|How to Create and Publish a P3P Policy (in 6 Easy Steps)
The P3P Implementation Guide by Laurel Jamtgaard and the Internet Education Foundation - Good resource for all issues surrounding creation and deployment of P3P privacy policies
Useful P3P Terminology
Character - Strings consist of a sequence of zero or more characters, where a character is defined as in the XML Recommendation [XML]. A single character in P3P thus corresponds to a single Unicode abstract character with a single corresponding Unicode scalar value (see [UNICODE]).
Compact Policy - Compact policies are summarized P3P policies that provide hints to user agents and are optional for either user agents or servers, but do not preclude the use of full privacy policies.
Data Element - An individual data entity, such as last name or telephone number. For interoperability, P3P1.0 specifies a base set of data elements.
Data Category - A significant attribute of a data element or data set that may be used by a trust engine to determine what type of element is under discussion, such as physical contact information. P3P1.0 specifies a set of data categories.
Data Set - A known grouping of data elements, such as "user.home-info.postal". The P3P1.0 base data schema specifies a number of data sets.
Data Schema - A collection of data elements and sets defined using the P3P1.0 DATASCHEMA element. P3P1.0 defines a standard data schema called the P3P base data schema.
Data Structure - A hierarchical description of a set of data elements. A data set can be described according to its data structure. P3P1.0 defines a set of basic datastructures that are used to describe the data sets in the P3P base data schema.
Equable Practice - A practice that is very similar to another in that the purpose and recipients are the same or more constrained than the original, and the other disclosures are not substantially different. For example, two sites with otherwise similar practices that follow different -- but similar -- sets of industry guidelines.
Identified Data - Data that reasonably can be used by the data collector to identify an individual.
Policy - A collection of one or more privacy statements together with information asserting the identity, URI, assurances, and dispute resolution procedures of the service covered by the policy.
Practice - The set of disclosures regarding data usage, including purpose, recipients, and other disclosures.
Preference - A rule, or set of rules, that determines what action(s) a user agent will take. A preference might be expressed as a formally defined computable statement (e.g., the [APPEL] preference exchange language).
Repository - A mechanism for storing user information under the control of the user agent.
Resource - A network data object or service that can be identified by a URI. Resources may be available in multiple representations (e.g. multiple languages, data formats, size, and resolutions) or vary in other ways.
Safe Zone - Part of a web site where the service provider performs only minimal data collection, and any data that is collected is used only in ways that would not reasonably identify an individual.
Service - A program that issues policies and (possibly) data requests. By this definition, a service may be a server (site), a local application, a piece of locally active code, such as an ActiveX control or Java applet, or even another user agent. Typically, however, a service is usually a Web site. In this specification the terms "service" and "Web site" are often used interchangeably.
Service Provider (Data Controller, Legal Entity) - The person or legal entity which offers information, products or services from a Web site, collects information, and is responsible for the representations made in a practice statement.
Statement - A P3P statement is a set of privacy practice disclosures relevant to a collection of data elements.
URI - A Uniform Resource Identifier used to locate Web resources. For definitive information on URI syntax and semantics, see [URI]. URIs that appear within XML or HTML have to be treated as specified in [CHARMODEL], section Character Encoding in URI References. This does not apply to URIs appearing in HTTP header fields; the URIs there should always be fully escaped.
User - An individual (or group of individuals acting as a single entity) on whose behalf a service is accessed and for which personal data exists. P3P policies describe the collection and use of personal data about this individual or group.
User Agent - A program whose purpose is to mediate interactions with services on behalf of the user under the user's preferences. A user may have more than one user agent, and agents need not reside on the user's desktop, but any agent must be controlled by and act on behalf of only the user. The trust relationship between a user and his or her agent may be governed by constraints outside of P3P. For instance, an agent may be trusted as a part of the user's operating system or Web client, or as a part of the terms and conditions of an ISP or privacy proxy.