P3P - Platform for Privacy Preferences Project
by the W3C
Document last modified 5/20/2003
Reference links last updated 5/20/2003
Executive Summary
On January 28, 2002, the W3C released
a proposed specification of the Platform for Privacy Preferences
Project or P3P. P3P is emerging as an
industry standard providing a simple, automated way
for users to gain more control over the use of personal
information on Web sites they visit. The recommended
standard enables Web sites to express their privacy
practices in a standardized format that can be retrieved
and interpreted by user agents (other programs, browsers,
and so on). For in-depth analysis and guidelines,
please visit the W3C P3P site.
With the passage of Arkansas Act
1713, state and local overnment entities are
now required to have machine readable privacy policies
incorporated into their web sites. Act 1713 does
not mandate the use of the P3P standards, but the
fact that standards have been developed leads to
the recommendation that Arkansas governmental entities
follow the W3C
P3P standards.
Description of P3P
The W3C describes P3P as:
"... a standardized set of multiple-choice questions,
covering all the major aspects of a Web site's privacy
policies. Taken together, they present a clear snapshot
of how a site handles personal information about its
users. P3P-enabled Web sites make this information
available in a standard, machine-readable format. P3P
enabled browsers can "read" this snapshot automatically
and compare it to the consumer's own set of privacy
preferences. P3P enhances user control by putting privacy
policies where users can find them, in a form users
can understand, and, most importantly, enables users
to act on what they see."
Benefits of a Machine Readable Privacy Policy
With an XML-based machine-readable privacy statement
in place on a web sites, customers can set browsers
or other tools to report on the ways personal information
is used on web sites they visit. As an example, a
person might decide they don't want to go to any
site that sells information to third parties. Using
a browser that understands P3P, it is possible to
set up a rule that recognizes that policy. Then,
whenever that person visited a site that indicated
in the p3p.xml file the sale of information to third
parties, the site would be blocked or the person
visiting the site would receive a warning.
Another way that P3P helps consumers is through
the mandatory ACCESS element. This element discloses
how customers to the site can access personal data
held by that site. The level of access may range
from complete access to no access. But this allows
the customers of the web site the chance to make
an more informed choice.
Note that P3P does not solve all privacy issues
on the Web. The main goal of the project is to encourage
the disclosure of privacy practices by web sites.
It would then allow the customer to compare the practices
of a site with personal privacy preferences
Basic Steps to Implementing
a P3P Policy On a Site
Create a Written Policy
Before creating a P3P policy, clear ideas
are needed of what the web site privacy policies
are - and preferably they should be written in a
human-readable privacy policy already available on
the web site.
Clarify any sub-policies
There may be portions of the site where
cookies are allowed, or perhaps one site has stricter
privacy policies than others. These should be understood,
and written out as well.
Choose a P3P policy editor
to build a policy
While it is possible to create the XML by
hand, it is much simpler to use one of the policy
generators. Some are listed in the table below.
Fill in all the fields
in the generator
It's also a good idea to use any error checking
supplied by the generator.
Upload the policy file(s)
and policy reference file (p3p.xml) to a Web server
These files will be generated by the policy
generator.
Validate the policy
Use the online validator at the W3C to verify
that everything has been done correctly - available
at http://www.w3.org/P3P/validator.html
Watch for changes to the
specification
If the P3P specification changes, it may
be necessary to change a P3P policy to keep it up-to-date.
Some Browsers that Support P3P
Policy
Web browsers that support some or all of the P3P
policy implementation: Microsoft Internet Explorer
6, Netscape 7.0, and Mozilla
Some P3P Policy Generators/Editors
Available
| Product |
Description |
Cost |
Link |
|
Customer Paradigm
|
Customer Paradigm's full-service P3P Privacy
Policy Creation creates & delivers P3P-complaint
privacy policy in XML. Also, it uploads (or
assist uploading) the files into the proper
directories.
|
$225
|
http://www.customer
paradigm.com/p3p
|
|
JRC P3P APPEL Privacy Preference Editor
|
Java P3P APPEL Privacy Preference Editor
by JRC allows users to create/edit APPEL
rulesets.
|
$0
|
http://p3p.jrc.it/downloadP3P.php
|
|
P3PEdit
|
This easy-to-use Web-based Wizard quickly
generates P3P policies that satisfy IE6's
new privacy requirements. Available in both
English and Spanish, P3PEdit generates: P3P
policies (XML), P3P Compact Policies, Privacy
Statements (HTML), and includes instructions
and examples, technical support, staff review
of the P3P implementation, and P3P Policy
updates.
|
$49
|
http://p3pedit.com
|
|
P3P Editor
|
P3P Editor by Abrantix AG allows users to
add an official privacy policy to users'
web sites which will satisfy the IE6 cookie
management function.
|
$29.90
|
http://www.p3peditor.com/
|
|
P3P Policy Editor
|
P3P Policy Editor by IBM provides an easy-to-use
interface for creating and updating Web site
privacy policies using the P3P language,
a standard currently under development at
the W3C.
|
$0
|
http://www.alphaworks.ibm.
com/tech/p3peditor
|
|
P3P Validator
|
W3C provides the P3P Validator service,
which checks if the web site is compliant
with P3P.
|
$0
|
http://www.w3.org/P3P/validator.html
|
|
P3Pwriter
|
Real-time Privacy Policy generator for the
novice to the most experienced programmer.
Automatic data element generation makes creating
a policy a snap. The Cookie Wizard and Installation
Wizard will allow the site to be P3P compliant
in no time. The readable HTML policy includes
elements from COPPA, server security, ads/links,
data protection, and more.
|
$29.95
|
http://www.p3pwriter.com/
|
| PrivacyBot |
For $100 US, a privacy policy is created
for a site in HTML and XML, instructions
are supplied for setting up the privacy policy,
a trustmark icon is supplied for the site
and more. Plus, PrivacyBot will help mediate
complaints against the site's policy.
|
$100
|
http://www.privacybot.com
|
Some Compact Policy Generators/Editors/Checkers
- (These implementations deal with only compact policy)
| Name |
Description |
Link |
| Compact
Policy Checker |
P3P Checker is a simple web-based tool that
generates a third-party cookie using the
provided compact privacy policy. It can be
used to quickly find out what privacy policy
settings are satisfactory in Internet Explorer
6.
|
http://www.entraspan.com
/p3p/compact.html
|
| Compact
Policy Validator |
Utility to determine if your compact policy
string is satisfactory using the P3P specification.
Provides description of any errors in the
compact policy.
|
http://www.p3pwriter.com/LRN_091.asp
|
Reference Links
| Name |
Description |
Link |
|
Guide to Deployment
|
W3C instructions on how to deploy P3P on
a website
|
http://www.w3.org/TR/p3pdeployment
|
|
How to Create and
Publish a P3P Policy (in 6 Easy Steps)
|
W3C basic walk-through on the steps to create
and publish a P3P privacy policy
|
http://www.w3.org/P3P/details.html
|
|
P3P Toolbox
|
The P3P Implementation Guide by Laurel Jamtgaard
and the Internet Education Foundation - Good
resource for all issues surrounding creation
and deployment of P3P privacy policies
|
http://p3ptoolbox.org/guide/
|
Useful P3P Terminology
Character - Strings
consist of a sequence of zero or more characters,
where a character is defined as in the XML Recommendation
[XML]. A single character in P3P thus corresponds
to a single Unicode abstract character with a single
corresponding Unicode scalar value (see [UNICODE]).
Compact Policy -
Compact policies are summarized P3P policies that
provide hints to user agents and are optional for
either user agents or servers, but do not preclude
the use of full privacy policies.
Data Element -
An individual data entity, such as last name or telephone
number. For interoperability, P3P1.0 specifies a
base set of data elements.
Data Category -
A significant attribute of a data element or data
set that may be used by a trust engine to determine
what type of element is under discussion, such as
physical contact information. P3P1.0 specifies a
set of data categories.
Data Set - A
known grouping of data elements, such as "user.home-info.postal".
The P3P1.0 base data schema specifies a number of
data sets.
Data Schema -
A collection of data elements and sets defined using
the P3P1.0 DATASCHEMA element. P3P1.0 defines a standard
data schema called the P3P base data schema.
Data Structure -
A hierarchical description of a set of data elements.
A data set can be described according to its data
structure. P3P1.0 defines a set of basic datastructures
that are used to describe the data sets in the P3P
base data schema.
Equable Practice -
A practice that is very similar to another in that
the purpose and recipients are the same or more constrained
than the original, and the other disclosures are
not substantially different. For example, two sites
with otherwise similar practices that follow different
-- but similar -- sets of industry guidelines.
Identified Data -
Data that reasonably can be used by the data collector
to identify an individual.
Policy - A collection
of one or more privacy statements together with information
asserting the identity, URI, assurances, and dispute
resolution procedures of the service covered by the
policy.
Practice - The
set of disclosures regarding data usage, including
purpose, recipients, and other disclosures.
Preference -
A rule, or set of rules, that determines what action(s)
a user agent will take. A preference might be expressed
as a formally defined computable statement (e.g.,
the [APPEL] preference exchange language).
Repository -
A mechanism for storing user information under the
control of the user agent.
Resource - A
network data object or service that can be identified
by a URI. Resources may be available in multiple
representations (e.g. multiple languages, data formats,
size, and resolutions) or vary in other ways.
Safe Zone - Part
of a web site where the service provider performs
only minimal data collection, and any data that is
collected is used only in ways that would not reasonably
identify an individual.
Service - A program
that issues policies and (possibly) data requests.
By this definition, a service may be a server (site),
a local application, a piece of locally active code,
such as an ActiveX control or Java applet, or even
another user agent. Typically, however, a service
is usually a Web site. In this specification the
terms "service" and "Web site" are often used interchangeably.
Service Provider (Data
Controller, Legal Entity) - The person or
legal entity which offers information, products
or services from a Web site, collects information,
and is responsible for the representations made
in a practice statement.
Statement - A
P3P statement is a set of privacy practice disclosures
relevant to a collection of data elements.
URI - A Uniform
Resource Identifier used to locate Web resources.
For definitive information on URI syntax and semantics,
see [URI]. URIs that appear within XML or HTML have
to be treated as specified in [CHARMODEL], section
Character Encoding in URI References. This does not
apply to URIs appearing in HTTP header fields; the
URIs there should always be fully escaped.
User - An individual
(or group of individuals acting as a single entity)
on whose behalf a service is accessed and for which
personal data exists. P3P policies describe the collection
and use of personal data about this individual or
group.
User Agent -
A program whose purpose is to mediate interactions
with services on behalf of the user under the user's
preferences. A user may have more than one user agent,
and agents need not reside on the user's desktop,
but any agent must be controlled by and act on behalf
of only the user. The trust relationship between
a user and his or her agent may be governed by constraints
outside of P3P. For instance, an agent may be trusted
as a part of the user's operating system or Web client,
or as a part of the terms and conditions of an ISP
or privacy proxy.
|
