October 16, 2002
Martin Abrams
Center for Information Policy
at Hunton & Williams
The purpose of P3P has always been to create a common language and standard to allow browsers to communicate with servers to create an automated means of assuring consumers they are dealing with organizations that either match their individual privacy preferences, or have a different policy that they feel comfortable with for that session. This requires a machine readable language that precisely communicates with other machines. However, with data collection and use getting more and more complex, it is important for the P3P policy to be readable for the consumer not just the machine.
Currently there is no common language for translating those P3P policies into something that is person readable. Microsoft and AT&T have both created person readable translations for P3P policies, and other organizations may have done so as well. The lack of commonality is problem. Research from the 1980's shows that for notices to be effective they need to rely on short-term memory interacting with long-term memory. The consumer processes the notice in front of him or her based on the notices he or she has seen before. This works better if the notices are very short (not more than seven elements) and the elements are presented in a common layout. Furthermore, the language most use words that require no translation by the consumer.
The Short Notices Project at the Center for Information Policy Leadership has developed a template based prototype notice that works for both financial and non-financial organizations. The Financial Services Coordinating Council is also developing a short notice. These short notices will be combined with longer, enhanced notices for complex organizations. It is highly probable that privacy legislation over the next two years will mandate layered notices with a common template format. Furthermore, a number of international privacy officials have begun to show interest in layered notices.
The web community should consider two matters. First, the community should explore the concept of a common voice for P3P. This common voice should be consistent with the research on how notices work. Second, the community should consider whether the P3P voice should map to the evolving norms for printed notices.