Platform for Privacy Preferences (P3) Project

P3 Project Overview
Dr. Jim Miller, MIT
Presented at the 26 June 1997 Kickoff Meeting

[Project Announcement] [Privacy Activity Statement] [FAQ]
W3C Privacy Overview] [P3 Public Pages] [Member Only P3 Links]

The World Wide Web Consortium’s goal is to "realize the full potential of the Web." We see the Web as a critical piece of global infrastructure and work to make sure that its overall architecture is flexible and will support long-term evolution as well as short-term goals. The protection of personal privacy is critical in any communications medium, and the P3 Project is intended to address this particular need.

The term "privacy" covers a very wide range of concerns, and it is important that we understand from the outset the precise scope of the P3 work. P3 is intended to allow the implementation of a range of policies centering around the controlled release of personally identifying information. The goal is to create a framework that allows end users to trust the infrastructure by allowing verifiable control of this information -- both its initial release and, most importantly, subsequent use of that information. Based on discussions with the German government, the European Commission (DGXIII and DGXV), and the U.S. Federal Trade Commission, we believe that the key ideas are:

The general framework, proposed to the W3C membership as well as to representatives of the direct marketing industry and government regulatory authorities is straightforward:

It is important to bear in mind that the P3 Project is only one facet of the W3C’s work on the Web infrastructure, and that the Project must collaborate closely with other work that also affects the infrastructure. In particular, W3C has active work on metadata for providing machine-understandable information about the contents of the Web (sites, parts of sites, or individual pages). It also has a separate group working on digitally signing this metadata. The P3 Project is seen as a source of requirements and deadlines for these other activities; but the autonomy of all three activities must be mutually respected. It is the job of the W3C staff to coordinate these activities.

The P3 Project is expected to last approximately 18 months. During that time, it should deliver four major products:

1.A detailed architecture illustrating the various various components of the P3 infrastructure and how they integrate into the Web infrastructure.

2. A set of technical specifications specifically relevant to privacy protection. This can include, but is not limited to, interoperability protocols, recommended vocabularies, minimum implementation requirements, required default values of parameters, and requirements on behavior under adverse circumstances (e.g., requested release of information from unlabelled sites).

3. Products available to the marketplace that adhere to the architecture and technical specifications. These are expected to be proprietary to the vendors involved, but tested for compliance and interoperability. They should meet the minimum specifications, but may have limitations imposed by engineering or time-to-market constraints.

4. A demonstration to government regulators of the capabilities of a complete implementation of the specifications. This may be based in part on proprietary products and in part on W3C sample code. This demonstration is intended to show that the technical solutions are complete, even if not yet fully deployed.

jmiller@w3.org 25 June, 1997