Driving Adoption of P3P

P3P Workshop Position Paper



Authors:  Andrew Bybee, Melissa Dunn, JC Cannon (Microsoft Corp)


In order to accelerate the ubiquitous adoption of P3P, key deployment and language issues will need to be resolved.



According to a recent Ernst & Young survey[1], as of August 2002 only 24% of the top 100 Internet domains had deployed complete P3P policy files.  In contrast, compact policy deployment appears to be close to 70%. A Cyber Dialog Survey from November 2001 indicates that $6.2 billion in sales were lost due to privacy issues.  Although there are certainly a number of factors behind these data points, and a number of conclusions that can be drawn, Microsoft believes that ubiquitous adoption of the full P3P policy will help build customer trust.  Further, broad adoption will provide both consumers and providers of privacy statements with a consistent expectation of clear disclosure and informed consent. In order to achieve this goal of ubiquitous adoption, however, key barriers to adoption with the current specification and deployment guidelines must be solved. These may be general categorized as:


Policy Granularity – Service providers want the ability to express what they need or want from the user with finely worded policies that can stand up to legal scrutiny and minimize liability.  Users want to express what they don’t want to happen in clear, simple language.  Addressing both of these needs requires a greater level of granularity in both vocabulary and format.  This paper will address possible solutions for correcting the policy granularity issues while considering the performance and serialization requirements of web navigation, state management, and web service interactions.


Policy Discovery and Deployment – Granularity issues also exist in the realm of discovery and deployment of policies across related domains or pages within a domain.  We will address possible solutions for describing multiple use and collection points within a single policy statement.