W3CTechnology and Society

[Workshop Homepage] [Participants] [Position Papers] [Agenda] [Minutes]

Future of P3P Workshop

November 12, 2002

Perspectives on P3P Goals

Lorrie Cranor

Put different view points on the goals.

Christine Varney

Beginnings: 1995 What did privacy mean in the information age, was privacy a societal value and how should it be protected. Looked at government regulation, Find beginnings of framework in technology. Present end user rules, genesis of P3P. Gov't framework.

We have achieved our goals, regarding capabilities and limits of what technology can add to this debate.

Let technology (and industry) lead, rather than government regulation.

Danny Weitzner:

What Is legal import and meaning of P3P/XML as opposed to human readable?


P3P have legal consequence, because when you can write a deceptive P3P policy still have possibility to prosecute for deception.

Answer by Cavoukian, Alonso-Blas and Stampley:

if tendency to deceive, then bodies that have mandate to protect have to act.

Ruchika Agrawal:

Challenge to take a step back, look at privacy threats on the internet. Survey of privacy policies inadequate. Solution then PETs. Standards, protocols, tools that protect privacy : eg. Blind signatures, anonymous remailers, websurfing anonymisers.

Review of FIPs, thus PETS are those technologies that implement FIPs.

So how does P3P fit into this framework. P3P does not implement FIPS nor act as a PET. P3P adopts a separate set of principles than FIPs.


why have PETs not flourished, PETs do not handle privacy needs. The other technologies have not made much progress, open question as to why.


P3P is not being adopted either.


but that is why we are here.

Matthias Schunter

P3P tool for conveying privacy promises, not a PET, so not really an issue. A bit too black and white about a good PET or a bad technology. It is all a matter of trust PET's assumes cannot trust any enterprise underlying it.

Important to discuss the trust model. Only technologies that do not put any trust are PETs, that might be too limiting?


need to step back that P3P is not a PET then that should be made clear.


P3P should be a technical way for user to push consumer privacy preferences.

Deirdre Mulligan

Concerns about push model, varying levels of comfort depending on website. Does my PP exposure be a violation of privacy. Commerce trust, contractual agreement, service, data requested. In financial sector, change of use is finable.

Lorrie Cranor

If data collectors don't have to listen to Privacy preferences.

Rigo Wenning

P3P is a building block to build more privacy, now what do we want to achieve. P3P underlying solution.

Andrew Bybee

a lot of components of PETs, P3P enables awareness of choice so is a PET or component. Where do want P3P to go. Have a metaphor: the cash transaction, What does that mean in the online world: identity based. Persistence of digital data also a concern. Portability in digital world.

How to keep reasonable gatekeepers. How to keep persistence and identity.

First step is notice.

Lorrie Cranor

What can P3P have an impact on of the FIPs and what should we be trying to do.

Andrew Bybee

it is inappropriate to compare PETs and P3P. P3P allows you to compare privacy policy.

Ruckika Agrawal

why not have minimum baseline.

Deirdre Mulligan

P3P never designed to answer all FIPs so lets not derail the conversation.

Daniel Schutzer

What other applications might use P3P, eg cookie managers, privacy bird. Rules for improvement. What to build on top of current P3P functionalities. What consumers need.

Danny Weitzner

Limitations have resonance with a great number of people. People don't care about transparency of no greater control. Take next step seriously, happy that liberty and passport to extend protocol.

Deirdre Mulligan

Clarity, Competition, Convergence, Consistency? Notion of transparency, limitations, a modest proposal, give people an automated way to figure out what was going to happen to their information.

Clarity: issues, some general enough, so that they can be included. If core can support extensions, need to develop how they handle information and feed back in to system.

Need to make core language more robust.

Consitency: user agents, top level to start, now policies and compact policies, do need to think about clarity and consitency of those statements.

Competition, consumers need user agents that go above the minimum requirements. Encourage comp. Among privacy policies and implemtation by co.s

Is it more than an expression language, we need dto think long and hard. Need to make information on deliberations leading to V.1 P3P need be put out there more.

In past 5 years Ppolicies have gotten less confusing, but more complex business relationships have become more complex.

How to couple PETs with P3P etc.

Rigo Wenning

Sectorial approach might be dangerous in privacy sector: why sectoral approach, root set, for every single institution, etc. means that get into dynamics, respective lobbiest get exceptions, so many rules and different regs. Lose any overview. Referenced a paper by Andreas Pfitzmann and Alexander Rossnagel? [report for the german minister of interior (PDF)]

Deirdre Mulligan

Purpose specification could use more work, there might be certain purposes relevant to certain domains.

Rigo Wenning

can't have non-ending ontology of purposes


Sectorialization, may eviscerate consumer interests. What's the big pic, for consumers voice in whole process, e.g. user studies. Comment invites,

Diana Alonso-Blas:

EU perspective: mixed emotion about P3P, in beginning not clearly understood. Later on realise not a classical PET, but a tool for transparency and consumer awareness., Think it is on the right track. User need more user friendly tools. Still too complicated for ave. user. Option, download various sets of preferences rather than going through protocol to set his preference. Then default position, and related to EU legislation.

How do we see P3P, a tool box to be used in various environments, P3P will only be useful if useful at the international level not just in one country's context.

Cornerstone: security and legal requirements under EU Directive Article 10, P3P needs to address and support this.

Compliance, needs to be addressed, eg using IBM model of Tivoli privacy manager

Implementation, criticised, need a fuller implementation.

Rigo Wenning

more encouragement of PETs' by commissioner (some EU commissioner?)

Diana Alonso-Blas

we need to promote, Article 6 and 17 already say technology measures, reference core ideas of PETs use. Upcoming report, discuss what to do to promote PETs, and how to use them. Integrate PET in current technologies. Still thinking what to do about that.

Helena Lindskog

Need a wholistic approach to privacy. Need to put P3P in context of PETs and legislation.

Michael Waidner

Future of P3P what should come after.

See picture in presentation. Michael goes on to describe picture.

What we should do: Privacy Practices we need to describe the practices, the technical activities regarding the information. What happens if we send info to various data holders.

What does this mean. P3P is for platform for privacy promises. P3p NEEDs a companion that can map with new language, re: enterprise privacy authorization lange, internal enforcement. An EPAL, enterprise privacy authorization language.


excellent presentation: take context into b2b or b2g context. To get outside http and cookies. EPAL language, enforcement across repositories.

Michael Waidner

just look within enterprise to start. There are naming problems, (didn't get this part).

Lorrie Cranor

heard transparency original goals, we are achieving that, choice need to look at that more, enforcement to keep track of a co.'s own policies, making P3P part of other privacy tools. What kinds of compelling apps could there be? Need to think of that.

Deirdre Mulligan

P3P increases transparency because most people don't know or care as a starting point, so help them make better decision, be more politically active. To have choices, transparency helps to move to choices. We are seeing some impact P3P makes companies rethink their policies so they don't look so bad. Can get a privacy policy comparison in the mix.

Sunlight is the best disinfectant, to help us get a better understanding and options. What are the legal consequences, whole bunch of things to look at that. Charge to legal community regarding consequences and risks.


Transparency why? Users view transparency as good in of itself. The more you can see the more you can understand and then even take some control of interests.

Steve Adler

Transparency good if you know what you have inside. P3P achieved a great deal. Companies, more is more, we want more, that is PI, we have collected 2k terabytes in one company, they don't know what they are doing with it. Compare time of data collection and P3P, making companies rethink data collection.

Ari P3P has gotten companies to make improvements in their privacy policies it is anecdotal.

[Workshop Homepage] [Participants] [Position Papers] [Agenda] [Minutes]

Last update $Date: 2002/11/29 17:57:25 $ by $Author: rigo $