P3 Prototype Script

Author: Joseph Reagle
Version 3.0 (final)


0 Platform for Privacy Preferences

The W3C's Platform for Privacy Preferences, often referred to as P3, addresses some of the key technical aspects of Web privacy concerns. P3 will allow sites to easily describe their privacy practices and allow users to set preferences about the release and use of their data. We call the description of privacy practices or preferences a "privacy assertion" or "privacy policy." Between the site's practices and the user's preferences, a flexible "negotiation" allows services to offer the preferred level of service and data protection to the user. Consequently, P3 promotes user confidence on the Web by enabling the fair information practice principles of "notice" and "choice." This presentation briefly describes the salient characteristics of a P3 prototype using a preliminary privacy "language" developed by the Internet Privacy Working Group.

1 user is shown interface

Here we see a prototype of what a user sees (a user interface) when configuring P3. It is actually generated from an underlying syntax and vocabulary from which the computer can automatically describe and read privacy policies. Having the computer be able to understand the privacy policies is crucial since the computer can then act on behalf of its user to seamlessly access sites which fall within the user's preferences, or notify the user if a sites practices do not meet their preferences.

Configuring all of these options may be time consuming to a beginning user. A number of steps can be taken to simplify the setting of preferences. Organizations can offer individuals "recommended" or "automated" settings that they feel represent advisable settings for a typical adult or child browsing the Web.

2 user is shown a Web page with recommended settings

To grab one of these settings, a user can go to a Web page that they feel is reputable and offers "recommended settings." Anyone, including organizations like browser developers, Internet service providers, trade organizations, governments, or privacy advocates can provide settings to users.

Users may also be able to download recommended settings for their children:

Upon arriving at the site, the user browses for the most appropriate settings.

2.1 user examines the on line "recommended setting" descriptions

Seeing a description of interest, the user can click on the description and see a fuller explanation as well as the specific settings.

2.2 user examines the full descriptions

If the user finds a recommended setting they like, they download it to their computer for their own personal use.

2.3 user downloads the "ok to share with third parties" recommended setting to disk

3 user is shown profile editor interface, user selects IPWG and saves profile

Once the recommended setting is in place, the user can always change it or tune to it to his or her specific preferences as the become more experienced. Afterwards, the user is ready to browse the Web.

4 user sees a "P3 Demo Home" page with a link to the Princeton Review www.review.com

In this example, the user goes to a site that has privacy practices that fall within the scope of their preferences. For most of this page this may include the collection of clickstream data for system administration purposes.

4.1 user navigates two links on the site (top go to college banner).

Nothing out of the ordinary occurs! This is because there was a direct match between the user's preferences and the site's practices, hence we had a direct match and seamless interaction.

4.2 when the user hits the last go to college button, she is shown the redirect for consent page

In this case, the site is asking for more information than the user allows for. Hence we have a "mediated interaction." The site can choose to not admit the user since it cannot comply with her preferences, it may inform the user of its practices and ask the user to consent to them, or it may be willing to be responsive to the user's specific preferences. The option to turn this capability to "over-ride" or "consent" may disable for child profiles.

4.3 clicks consent page, and we can see that information is solicited by a form.

5 return to user interface

This demonstration has been a very simple display of how the Platform for Privacy Preferences may be realized. It is important to note that users have a great deal of control and choice in which practices are accepted. And that sites can offer multiple practices depending on what service the user wants. For instance, a customized news service requires the collection of more information than a simple Web page. Also, client technologies (like browsers) are developing to allow family members to set up their own preferences and that parents could set password-protected preferences for their children.

In this demonstration we do not fully represent the benefits trusted third parties can play in the P3 scheme. They can offer recommended privacy settings, their own opinion of a site's practices, or auditing services and icon programs to increase the confidence users place in P3 assertions. Privacy assertions made using P3 are only a piece of the puzzle but an important one. P3 is a platform on which other technologies can interoperate and a bridge to social and market concerns about user privacy on the Web. P3 is a platform on which technical, market and social solutions for protecting privacy on the World Wide Web can be built.


Thanks To: The W3C Staff gratefully acknowledge the help and support of the Member Organizations of the W3C and especially for this demo: AT&T,CDT,The DMA,IBM, and Microsoft. We thank The Princeton Review for permission to use their Website content. David Shapiro wrote the Profile Creator while also earning his MIT SB degree.