P3P - Platform for Privacy Preferences Project by the W3C 

Document last modified 5/20/2003
Reference links last updated 5/20/2003

Executive Summary

On January 28, 2002, the W3C released a proposed specification of the Platform for Privacy Preferences Project or P3P. P3P is emerging as an industry standard providing a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. The recommended standard enables Web sites to express their privacy practices in a standardized format that can be retrieved and interpreted by user agents (other programs, browsers, and so on). For in-depth analysis and guidelines, please visit the W3C P3P site.

With the passage of Arkansas Act 1713, state and local overnment entities are now required to have machine readable privacy policies incorporated into their web sites. Act 1713 does not mandate the use of the P3P standards, but the fact that standards have been developed leads to the recommendation that Arkansas governmental entities follow the W3C P3P standards.

Description of P3P

The W3C describes P3P as:
"... a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users. P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences. P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see."

Benefits of a Machine Readable Privacy Policy

With an XML-based machine-readable privacy statement in place on a web sites, customers can set browsers or other tools to report on the ways personal information is used on web sites they visit. As an example, a person might decide they don't want to go to any site that sells information to third parties. Using a browser that understands P3P, it is possible to set up a rule that recognizes that policy. Then, whenever that person visited a site that indicated in the p3p.xml file the sale of information to third parties, the site would be blocked or the person visiting the site would receive a warning.

Another way that P3P helps consumers is through the mandatory ACCESS element. This element discloses how customers to the site can access personal data held by that site. The level of access may range from complete access to no access. But this allows the customers of the web site the chance to make an more informed choice.

Note that P3P does not solve all privacy issues on the Web. The main goal of the project is to encourage the disclosure of privacy practices by web sites. It would then allow the customer to compare the practices of a site with personal privacy preferences

Basic Steps to Implementing a P3P Policy On a Site

Create a Written Policy

Before creating a P3P policy, clear ideas are needed of what the web site privacy policies are - and preferably they should be written in a human-readable privacy policy already available on the web site.

Clarify any sub-policies

There may be portions of the site where cookies are allowed, or perhaps one site has stricter privacy policies than others. These should be understood, and written out as well.

Choose a P3P policy editor to build a policy

While it is possible to create the XML by hand, it is much simpler to use one of the policy generators. Some are listed in the table below.

Fill in all the fields in the generator

It's also a good idea to use any error checking supplied by the generator.

Upload the policy file(s) and policy reference file (p3p.xml) to a Web server

These files will be generated by the policy generator.

Validate the policy

Use the online validator at the W3C to verify that everything has been done correctly - available at http://www.w3.org/P3P/validator.html

Watch for changes to the specification

If the P3P specification changes, it may be necessary to change a P3P policy to keep it up-to-date.

Some Browsers that Support P3P Policy

Web browsers that support some or all of the P3P policy implementation: Microsoft Internet Explorer 6, Netscape 7.0, and Mozilla

Some P3P Policy Generators/Editors Available

Product Description Cost Link
Customer Paradigm Customer Paradigm's full-service P3P Privacy Policy Creation creates & delivers P3P-complaint privacy policy in XML. Also, it uploads (or assist uploading) the files into the proper directories.
$225 http://www.customerparadigm.com/?s=P3P
JRC P3P APPEL Privacy Preference Editor

Java P3P APPEL Privacy Preference Editor by JRC allows users to create/edit APPEL rulesets.

 

$0 http://sourceforge.net/projects/jrc-policy-api/
P3PEdit

This easy-to-use Web-based Wizard quickly generates P3P policies that satisfy IE6's new privacy requirements. Available in both English and Spanish, P3PEdit generates: P3P policies (XML), P3P Compact Policies, Privacy Statements (HTML), and includes instructions and examples, technical support, staff review of the P3P implementation, and P3P Policy updates.

$49 http://p3pedit.com/
P3P Editor

P3P Editor by Abrantix AG allows users to add an official privacy policy to users' web sites which will satisfy the IE6 cookie management function.

$29.90 http://www.p3peditor.com/
P3P Policy Editor

P3P Policy Editor by IBM provides an easy-to-use interface for creating and updating Web site privacy policies using the P3P language, a standard currently under development at the W3C.

$0 http://www.alphaworks.ibm.
com/tech/p3peditor
P3P Validator

W3C provides the P3P Validator service, which checks if the web site is compliant with P3P.

$0 http://www.w3.org/P3P/validator.html
P3Pwriter

Real-time Privacy Policy generator for the novice to the most experienced programmer. Automatic data element generation makes creating a policy a snap. The Cookie Wizard and Installation Wizard will allow the site to be P3P compliant in no time. The readable HTML policy includes elements from COPPA, server security, ads/links, data protection, and more.

$29.95 http://www.p3pwriter.com/
PrivacyBot

For $100 US, a privacy policy is created for a site in HTML and XML, instructions are supplied for setting up the privacy policy, a trustmark icon is supplied for the site and more. Plus, PrivacyBot will help mediate complaints against the site's policy.

$100 http://www.privacybot.com

Some Compact Policy Generators/Editors/Checkers

(These implementations deal with only compact policy)

Name Description Link
Compact Policy Checker

P3P Checker is a simple web-based tool that generates a third-party cookie using the provided compact privacy policy. It can be used to quickly find out what privacy policy settings are satisfactory in Internet Explorer 6.

http://www.webentrust.com/cpp.html
Compact Policy Validator

Utility to determine if your compact policy string is satisfactory using the P3P specification. Provides description of any errors in the compact policy.

http://www.p3pwriter.com/LRN_091.asp

Reference Links

Name Description Link
Guide to Deployment

W3C instructions on how to deploy P3P on a website

http://www.w3.org/TR/p3pdeployment
How to Create and Publish a P3P Policy (in 6 Easy Steps)

W3C basic walk-through on the steps to create and publish a P3P privacy policy

 

http://www.w3.org/P3P/details.html
P3P Toolbox

The P3P Implementation Guide by Laurel Jamtgaard and the Internet Education Foundation - Good resource for all issues surrounding creation and deployment of P3P privacy policies

http://p3ptoolbox.org/guide/

Useful P3P Terminology

Character - Strings consist of a sequence of zero or more characters, where a character is defined as in the XML Recommendation [XML]. A single character in P3P thus corresponds to a single Unicode abstract character with a single corresponding Unicode scalar value (see [UNICODE]).

Compact Policy - Compact policies are summarized P3P policies that provide hints to user agents and are optional for either user agents or servers, but do not preclude the use of full privacy policies.

Data Element - An individual data entity, such as last name or telephone number. For interoperability, P3P1.0 specifies a base set of data elements.

Data Category - A significant attribute of a data element or data set that may be used by a trust engine to determine what type of element is under discussion, such as physical contact information. P3P1.0 specifies a set of data categories.

Data Set - A known grouping of data elements, such as "user.home-info.postal". The P3P1.0 base data schema specifies a number of data sets.

Data Schema - A collection of data elements and sets defined using the P3P1.0 DATASCHEMA element. P3P1.0 defines a standard data schema called the P3P base data schema.

Data Structure - A hierarchical description of a set of data elements. A data set can be described according to its data structure. P3P1.0 defines a set of basic datastructures that are used to describe the data sets in the P3P base data schema.

Equable Practice - A practice that is very similar to another in that the purpose and recipients are the same or more constrained than the original, and the other disclosures are not substantially different. For example, two sites with otherwise similar practices that follow different -- but similar -- sets of industry guidelines.

Identified Data - Data that reasonably can be used by the data collector to identify an individual.

Policy - A collection of one or more privacy statements together with information asserting the identity, URI, assurances, and dispute resolution procedures of the service covered by the policy.

Practice - The set of disclosures regarding data usage, including purpose, recipients, and other disclosures.

Preference - A rule, or set of rules, that determines what action(s) a user agent will take. A preference might be expressed as a formally defined computable statement (e.g., the [APPEL] preference exchange language).

Repository - A mechanism for storing user information under the control of the user agent.

Resource - A network data object or service that can be identified by a URI. Resources may be available in multiple representations (e.g. multiple languages, data formats, size, and resolutions) or vary in other ways.

Safe Zone - Part of a web site where the service provider performs only minimal data collection, and any data that is collected is used only in ways that would not reasonably identify an individual.

Service - A program that issues policies and (possibly) data requests. By this definition, a service may be a server (site), a local application, a piece of locally active code, such as an ActiveX control or Java applet, or even another user agent. Typically, however, a service is usually a Web site. In this specification the terms "service" and "Web site" are often used interchangeably.

Service Provider (Data Controller, Legal Entity) - The person or legal entity which offers information, products or services from a Web site, collects information, and is responsible for the representations made in a practice statement.

Statement - A P3P statement is a set of privacy practice disclosures relevant to a collection of data elements.

URI - A Uniform Resource Identifier used to locate Web resources. For definitive information on URI syntax and semantics, see [URI]. URIs that appear within XML or HTML have to be treated as specified in [CHARMODEL], section Character Encoding in URI References. This does not apply to URIs appearing in HTTP header fields; the URIs there should always be fully escaped.

User - An individual (or group of individuals acting as a single entity) on whose behalf a service is accessed and for which personal data exists. P3P policies describe the collection and use of personal data about this individual or group.

User Agent - A program whose purpose is to mediate interactions with services on behalf of the user under the user's preferences. A user may have more than one user agent, and agents need not reside on the user's desktop, but any agent must be controlled by and act on behalf of only the user. The trust relationship between a user and his or her agent may be governed by constraints outside of P3P. For instance, an agent may be trusted as a part of the user's operating system or Web client, or as a part of the terms and conditions of an ISP or privacy proxy.