The following is a proposal for future work on P3P submitted following the November 2002 Workshop on the Future of P3P
While many sites have adopted P3P, adoption has been slower than hoped for because companies are unsure of their liabilities for statements made in P3P and compact policies given the limitations of the technology at this time. No one is suggesting that sites are not liable or should be given immunity for mistakes or misrepresentations in their P3P statements. However, everyone recognizes that P3P does not allow a site to describe every nuance of its privacy practices and that the specification is a work in progress. The purpose of this item is to clarify the current state of the specification as to what privacy practices can and cannot be expressed in the lexicon of P3P.
The work is limited to descriptive text only. The text would more explicatedly describe what privacy practices can and cannot be described in a P3P or compact policy and other limitations of the technology. For instance, P3P with its limited vocabulary cannot be expected to represent every nuance of a site's privacy policy. The additional text may also recognize, without rendering P3P irrelevant, that the human readable privacy policy is the authoritative statement of a site's privacy policies.
Minimal resources required to complete this item. A draft of proposed language could be drafted by a small group of P3P Specification Working Group members and circulated broadly for comment by the remaining members.
Based on the discussion at the P3P Workshop, there appeared to be some common ground on this issue and it should be relatively easy to resolve. It should be possible to reach consensus on language within the timeframe for version 1.1 of the specification.
Last update $Date: 2003/03/17 09:50:38 $ by $Author: rigo $