DoubleClick, Inc. Position Paper
W3C Workshop Future of P3P
November 12-13, 2002
Dulles, Virginia

Submitted by DoubleClick, Inc. Author: Brooks Dobbs

DoubleClick's Involvement with P3P

The attention given to DoubleClick by consumer privacy groups and regulators is well known. In direct response to public demand for greater privacy sensitivity by DoubleClick, we are now more than ever committed to being active participants in privacy related efforts and organizations including P3P. We are also committed to examining all our product offerings to insure that we are ever mindful of the consumer privacy perspective.

DoubleClick is involved in a number of businesses directly impacted by current User Agent, UA, implementations of P3P. Among these are:

Web Advertising

Both ASP and software

ASP E-commerce site analytics tools

Commercial Email

DoubleClick's high level perspective on P3P is that its near term evolution and popular UA implementation will determine if P3P becomes a device manipulated to provide competitive advantage or a tool to provide consumers with transparency and choice as to data practices.

This paper will discuss:

The positives of transparency enabled for 3rd parties by P3P

P3P has provided a mechanism for companies, like DoubleClick, who's interaction with the end user is typically confined to a 3rd party context to directly make statements to the user about the privacy practices in place for the treatment of the end user's data. Prior to P3P this was an exceptionally difficult communication to make. However, at least in IE's implementation of P3P, a user can easily retrieve a translation of the full policy in place for a given cookie or request transaction.

Even in absence of a direct request for the exact policy covering a transaction, user confidence has been increased by the knowledge that the UA has restrictions in place against "bad actors".

We view this new opportunity for 3rd parties to express their privacy statements directly to the user as overwhelmingly positive.

What P3P "compliance" has come to mean

DoubleClick is concerned by the by the growing popular and media impression that "P3P" is only about 3rd party cookie handling. As the popular UAs have only addressed cookies in their implementation, there seems to be a popular belief that P3P is solely about cookies and Compact Policies. Even the term "P3P compliance" is now generally understood to mean, "issuing an IE6 acceptable under medium setting Compact Policy"

Accuracy requirements and conflicts forced by 1.0

Related to the earlier discussion of Compact Policies becoming the de facto meaning of P3P. One of the requirements of P3P is "accuracy". P3P further suggests/requires that a Compact Policy with its terse syntax be derived from a Full XML policy which itself is derived from a natural language policy. A natural language policy can be tens of thousands of words long, while a Compact Policy is limited to approximately 50 tokens with fixed meanings. It is exceptionally easy, and indeed likely, for a natural language policy to say Company A collects "X" but absolutely not "Z", but the lack of nuance and granularity of current CPs requires an implementer to state, for instance, a CATEGORY encompassing both X AND Y. This, in turn, has lead to UA implementations to pass on to the user that Company A collects both X and Z, when the natural language policy from which all was derived specifically precludes that.

This problem is likely to be exacerbated by future possible compliance requirements of initiatives such as Layered Notices.

DoubleClick rejects the idea that "accuracy" should have meaning within P3P that "any of the following somehow equals all of the following". We do not feel that overstatements forced by overly broad categories are inherently more accurate than understatements. For mechanisms such as Compact Policies to function properly they should allow the extensibility to "accurately" address a data collectors practices.

CP vagaries leading to leading to inconsistent implementations

DoubleClick is concerned that there is insufficient understanding in the implementing community and indeed insufficient clarity within the specification itself as to what must be declared by a CP. P3P requires:

4. Cookie

[must declare], and also to data linked to the cookies.

Vagaries such as these have lead to wide spread interpretations of what a correct implementation is, often resulting in a mockery of the "intended" meaning. What does linked mean? Is it a key in a data table? A foreign key? Is it a one to one correspondence? Is it being logged together?

Requirements such as these arguably place a requirement on P3P policies that are not requirements of a natural language policy, those being: while a natural language policy usually talks about what you actually do, P3P seems to be asking what you COULD do. Granted these are subtle distinctions in the age of the database, but they nonetheless need to be clarified.

DoubleClick's future involvement with P3P

As a vested stakeholder in the outcome of future P3P versions and implementations, DoubleClick is committed to all future development of the specification and to the widespread understanding and accurate adoption of the specification