Introduction to P3P
© Copyright O'Reilly & Associates. All rights reserved.
Introduction to P3P
Web sites might email you to say that their privacy policies are changing, but most of us find it difficult and time-consuming to read and understand privacy policies or to figure out how to request that the use of our personal information be restricted. Privacy concerns are making consumers nervous about going online, but current privacy policies for web sites tend to be so long and difficult to understand that consumers rarely read them.1
The Platform for Privacy Preferences (P3P) project addresses this problem by providing both a standard, computer-readable format for privacy policies and a protocol that enables web browsers to read and process privacy policies automatically. The World Wide Web Consortium (W3C) developed P3P as a standard way for web sites to communicate about their privacy policies. P3P enables machine-readable privacy policies that can be retrieved automatically by web browsers and by other user agent tools that can display symbols, prompt users, or take other appropriate actions. Some of these tools can also compare each policy against the user's privacy preferences and assist the user in deciding when to exchange data with web sites.
Unlike anonymity tools, which seek to prevent any transfer of personally identifying information, the P3P project seeks to enable the development of tools for making informed decisions about when and if personal information should be revealed.
These tools may work hand-in-hand with anonymity software or filters that actually prevent the transmission of personal information in situations when users do not want their information revealed.
P3P tools are currently available that allow users to configure their web browsers with their personal privacy preferences. P3P-enabled web browsers check for P3P privacy policies at web sites and display symbols to alert users at sites that do not match their preferences. They can also provide summaries of web site privacy policies and use P3P policies to make decisions about cookies.2
How P3P Works
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification is the authoritative source for information on the P3P protocol and vocabulary. Throughout this book, I generally refer to it simply as the "P3P specification." You can retrieve the specification from http://www.w3.org/TR/P3P/.
P3P was developed through a consensus process involving several dozen W3C working group members. Participants came from around the world and included representatives from industry, government, nonprofit organizations, and academia. In addition, public comments on the many P3P working drafts helped shape the final P3P specification. This section gives a brief summary of how P3P works.
Privacy policies are intended to describe a company's data practices—what they do with the information they collect from individuals (usually customers and potential customers, but sometimes also employees and others). The P3P specification includes a standard vocabulary for describing these data practices and a base data schema for describing the kinds of information collected. A P3P policy is a collection of vocabulary and data elements that describes the data practices of a particular web site (or section of a web site).
Figure 1-1. The basic protocol for fetching a P3P policy
P3P also allows sites to place policy reference files in locations other than the well-known location. In these cases, the site must declare the location of the policy reference file by using a special HTTP header or by embedding a LINK tag in the HTML files to which the P3P policies apply. Special HTTP headers are also used to transmit an optional P3P compact policy whenever cookies are set. Compact policies are very short summaries of full P3P policies that describe only the data practices related to cookies.They do not have the full expressive capabilities of P3P policies.
Here's a plain English example of the kind of disclosure a web site might make in a P3P policy:
And here's what this policy would look like using the P3P syntax and encoding:
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1"> <POLICY discuri="http://p3pbook.com/privacy.html" name="policy"> <ENTITY> <DATA-GROUP> <DATA ref="#business.contact-info.online.email">email@example.com </DATA> <DATA ref="#business.contact-info.online.uri">http://p3pbook.com/ </DATA> <DATA ref="#business.name">Web Privacy With P3P</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <STATEMENT> <CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE> <PURPOSE><admin/><current/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.clickstream"/> <DATA ref="#dynamic.http"/> </DATA-GROUP> </STATEMENT> </POLICY> </POLICIES>
The example policy above is fairly brief, because this web site does not collect much information from visitors. Commercial web sites typically have lengthier policies that describe their more complicated data practices.