White Paper:

Platform for Privacy Preferences Project (P3P)
& Citibank


Kenneth Lee

Gabriel Speyer

Citibank Advanced Development Group





 Disclaimer: The original purpose of this email was for internal circulation. It is being volunteered to the members of the P3P Implementation and Deployment Working Group of the W3C, and all other interested parties. The opinions expressed below are simply a statement of position or opinion of two Citibank employees, and do not necessarily reflect the positions or opinions of Citibank (or Citigroup) as a whole, nor any of its subsidiaries or agents.



Executive Summary


The purpose of this White Paper is to briefly explain what P3P is, and more importantly to examine its benefits and drawbacks as they relate to Citibank. In conclusion:

  1. From a consumer standpoint using P3P may be quite confusing, as the user may feel inundated with "legalese" and too many choices.
  2. Implementing P3P might limit the amount of marketing information, commerce and cross-selling a company can conduct online.
  3. P3P is just one component of what should be a full framework for online privacy. For P3P to be widely deployed and properly used, other (perhaps costly) measures must be bundled with P3P implementation to reconcile consumersí and companiesí preferences. Such measures would include: self-auditing, a process of recourse for users, education/enforcement and authentication.







All information in this white paper is based on the Working Draft of P3P (Platform for Privacy Preferences), dated July 2, 1998. This working draft is merely a guide, or standard, that vendors should follow when implementing P3P into browsers, etc. The final implementation may vary.


Summary of P3P:

P3P (Platform for Privacy Preferences) is a way for users to specify the conditions they are willing to divulge personal information to web sites. It is also a way for users to know what the web siteís privacy policies are (how it will use the personal information it collects from users) and to reconcile the preferences of the users with the policies of the web site.

Note: Users always have the option to not use P3P at all on their browsers. So, in the worst case, the release of P3P would have no effect.

Note: Any changes that a user makes to his/her privacy conditions are valid from that point in time onward- future web sites the users visit will deal with the new settings, but old ones will have to be re-visited in order for the changes to be realized.

Note: There has been no concrete consumer research or study done on how users might react to the concept or usage of P3P.





Some Advantages:

Some Issues:

For all of P3Pís complexity, it can not stand alone, either in reality or in user perception. All users know that a protocol like P3P is a promise that may not be kept. Therefore internal processes are required at a fulfillment level. These measures (which come at a cost) could include, but are not limited to:

  1. Self-Auditing
  2. Process of recourse for a user who thinks that his/her privacy preferences may have been violated
  3. Training of company personnel and internal enforcement.
  4. Authentication of the web site operator

Companies with less integrity may claim erroneously to be another company altogether, or a subsidiary of a different company.

Web sites may request new items of information that they want from the user (e.g., household income) that is not included in the standard P3P profile. It is possible that many web sites will request additional items, and thus inundate the user with many prompts to fill in such information. There is no regulation as to this process, but again, it is in the best interest of web sites not to needlessly trouble the user, because the user ultimately may choose not to use P3P at all.

It is possible that multiple web sites may request the same information, but call them different names (e.g. foot size or shoe size). The user might be faced with filling out identical bits of information for different web sites. However, there are ways around this, namely improving the logic in the browser to check for similar bits of information, or making it easier for web site authors to re-use names that are commonplace.