This is the P3P vision of online commerce. P3P is designed to provide Internet users with a clear understanding of how personal information will be used by a particular Web site. Web site operators will be able to use the P3P language to explain their privacy practices to visitors. Users will be able to configure their browsers or other software tools to provide notifications about whether Web site privacy policies match their preferences. Parents will also be able to set privacy-related rules that govern their children's activities online. Once Web sites and Internet users can better communicate about privacy, consumers will be able to make better judgments about how Web sites respect their privacy concerns.
P3P 1.0 creates the framework for standardized, machine-readable privacy policies, and consumer products that read these policies. Web sites express their privacy policies in a simple standardized format that can be downloaded automatically and read by web browsers and other end-user software tools. These tools can display information about a site's privacy policy to end users, and take actions based on a user's preferences. Such tools might provide positive feedback to users when the sites they visit have privacy policies matching their preferences, and provide warnings when a mismatch occurs. They may also notify users when a site's privacy policy changes.
While P3P does not alone resolve all online privacy issues, users' confidence in online transactions will increase when they are presented with meaningful information and choices about web site privacy practices.
There are two key components to the successful implementation of P3P, the web site component and the "client" software component.
The web site component: P3P enables web sites to "translate" their human-readable privacy practices into a standard, machine-readable format (XML) that can be retrieved automatically and interpreted easily by a user's browser. Web sites can use the P3P specification to perform this translation manually. However, automated tools can be used to make this process much simpler. Once the translation has been completed, some simple server configurations are necessary for a Web site to inform visitors automatically that it uses P3P.
The "client" software component: P3P clients automatically fetch and "read" P3P privacy policies on web sites. A user's browser that is equipped for P3P can check a web site's privacy policy automatically and inform the user of a web site's information practices. P3P client software can be built into a web browser, or built into plug-ins, browser helper objects, proxies, or other application software.
While earlier drafts of the P3P specification attempted to address a broader range of issues, it was decided to keep P3P 1.0 a sleeker, simpler specification. This will make P3P implementation easier, while still allowing developers to innovate and build new global solutions. In fact, there have been early implementations in the U.S., Germany, and Japan that are focused on the unique situations in each country.
Last update $Date: 2000/07/01 01:39:15 $ by $Author: massimo $.
Copyright © 1997-1999 W3C (MIT, INRIA, Keio ), All Rights Reserved. W3C liability,trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.