P3P Guiding Principles

W3C NOTE 21-July-1998

This Version:
Latest Version:
Previous Version:
Lorrie Faith Cranor (AT&T Labs-Research) lorrie@research.att.com
[See below]

Copyright © 1998 W3C (MIT, INRIA, Keio ), All Rights Reserved. W3C liability , trademark, document use and software licensing rules apply.

Status of This Document

This document is part of the Platform for Privacy Preferences Project Activity. This document describes the intent of P3P development and recommends guidelines regarding the responsible use of P3P technology. It is one section of the P3P Implementation Guide. Comments to the editor or endorsements are welcome.

The Platform for Privacy Preferences Project (P3P) has been designed to be flexible and support a diverse set of user preferences, public policies, service provider polices, and applications. This flexibility will provide opportunities for using P3P in a wide variety of innovative ways that its designers had not imagined. The P3P Guiding Principles were created in order to: express the intentions of the undersigned members of the P3P working groups when designing this technology and suggest how P3P can be used most effectively in order to maximize privacy and user confidence and trust on the Web. In keeping with our goal of flexibility, this document does not place requirements upon any party. Rather, it makes recommendations about 1) what should be done to be consistent with the intentions of the P3P designers and 2) how to maximize user confidence in P3P implementations and Web services. We invite organizations, individuals, policy-makers, and companies who use P3P to join us in supporting these principles.

Information Privacy

P3P has been designed to promote privacy and trust on the Web by enabling service providers to disclose their information practices, and enabling individuals to make informed decisions about the collection and use of their personal information. P3P user agents work on behalf of individuals to reach agreements with service providers about the collection and use of personal information. Trust is built upon the mutual understanding that each party will respect the agreement reached.

Service providers should preserve trust and protect privacy by applying relevant laws and principles of data protection and privacy to their information practices. The following is a list of privacy principles and guidelines that helped inform the development of P3P and may be useful to those who use P3P:

In addition, service providers and P3P implementers should recognize and address the special concerns surrounding children's privacy.

Notice and Communication

Service providers should provide timely and effective notices of their information practices, and user agents should provide effective tools for users to access these notices and make decisions based on them.

Service providers should:

User agents should:

Choice and Control

Users should be given the ability to make meaningful choices about the collection, use, and disclosure of personal information. Users should retain control over their personal information and decide the conditions under which they will share it.

Service providers should:

User agents should:

Fairness and Integrity

Service providers should treat users and their personal information with fairness and integrity. This is essential for protecting privacy and promoting trust.

Service providers should:

User agents should:


While P3P itself does not include security mechanisms, it is intended to be used in conjunction with security tools. Users' personal information should always be protected with reasonable security safeguards in keeping with the sensitivity of the information.

Service providers should:

User agents should:


The following definitions reflect the way these terms are used in this document.

personal information - Data relating to an identified or identifiable user that is transferred to a service under a P3P agreement or stored in a user's P3P data repository. Note, the term personal information in this document does not refer to information exchanged in the course of interactions inherent to the operation of the HTTP protocol or related protocols.

preferences - A set of rules that determines what action(s) a user agent will take or allow when involved in an interaction or negotiation with a service.  Users' P3P preferences should reflect their attitudes towards the use and disclosure of their personal information.

proposal - A series of P3P statements that describe the privacy-related terms (practices) under which a service proposes to interact with a user or user agent.

service provider - The person or organization that offers information, products, or services from a Web site, collects information, and is responsible for the representations made in a practice statement. Note, the term service provider in this document does not refer to Internet Service Providers (ISPs), except where ISPs also provide services from Web sites.

user - An individual (or group of individuals acting as a single entity) on whose behalf a service is accessed and for which personal data exists.

user agent - A program that acts on a user's behalf. The agent may act on preferences (rules) for a broad range of purposes, such as content filtering, trust decisions, or privacy. For P3P purposes, a user agent acts on a user's privacy preferences. Users may use different user agents at different times.