W3C-LogoT-and-S Logo

W3C - Event on P3P and Enterprise Privacy Languages

to be held on 9 September 2003 in Sydney, Australia

Minutes of this event are available.

I. Introduction

This Event gives the occasion for attendees of the 25th International Conference of Data Protection and Privacy Commissioners and all other interested parties to have a tutorial/introduction to P3P from inside of W3C, to get some update about new developments and challenges for privacy enhanced technologies in the sector of web services and mobile applications.

The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. P3P adds transparency about privacy implications to the Web's Architecture. W3C has issued P3P 1.0 as a Recommendation on 16 April 2002.

After having finished P3P 1.0, we are now seeking input and insight on the next steps. There were already two Workshops done: The first Workshop on short-term goals (P3P 1.1) was held in Dulles/Virginia on 12/13 November 2002, a second Workshop on long-term goals was held in Kiel on 19/20 June 2003 in Kiel/Germany. Many new ideas and many new challenging opportunities are based upon the metadata approach to privacy. By adding interoperable privacy metadata to applications, these applications become privacy aware changing them ultimately to privacy enhanced applications to use the terms of Michael Waidner from IBM Zürich. With privacy metadata aware back-ends, computers will help address the challenges for privacy that they created.

In the afternoon, we will discuss the counterpart to the P3P server-side declarations: Privacy Preferences can be specified using APPEL. This allows e.g. data commissioners to specify preferences that can be imported into browsers and steer the privacy behaviour of that browser. APPEL is not a Recommendation and it has still some issues. We will look for input from participants about this language.

Finally, IBM will present EPAL, a new language they developed to get a higher level of granularity for the back-end systems.

II. Venue and Registration

Date: 9 September 2003

Location: The Event will take place at:

IBM Center
Level 13, Room 13.08
601 Pacific Highway
St Leonards NSW 2065

Reservations/Registration by email to rigo@w3.org

See here for a list of people already registered

III. Agenda

8:30 - 9:00 Registration

9:00 - 9:30 Introduction and Welcome - Rigo Wenning & Steven Adler

9:30 - 10:15 P3P Tutorial - Rigo Wenning, W3C

10:25 - 11:00 continued..

11:00 - 11:15 Break

11:15 - 12:30 P3P beyond HTTP - Web Services Privacy - Patrick Hung and

Christine O'Keefe, CSIRO

12:30 - 13:30 Lunch

13:30 - 14:30 APPEL: Consent and Choice Standards - Kathy Bohrer (IBM)

14:30 - 15:00 An Introduction to EPAL - Steven Adler

15:00 - 15:15 Break

15:15 - 17:15 EPAL in Action: Case Studies from Customers - Dr. Paul Ashley (IBM)

17:15 - 17:30 Conclusions

IV. Background material