P3P and Short Notices
Rigo Wenning
Presentation at 25th International Conference of Data Protection and
Privacy Commissioners
Sydney, 11 September 2003
Rigo Wenning <rigo@w3.org>
W3C/ERCIM
Sophia Antipolis, France
Why Transparency?
- Transparency increases users confidence
- Confidence generates trust
- Trust generates revenue online
Platform for Privacy Preferences Project (P3P)
- P3P was developed by W3C
- Final P3P1.0 Recommendation issued 16 April 2002
- Currently working on Version 1.1
- Easy communication of privacy policies in a machine readable format
- Can be deployed using existing web servers
- P3P is the basis for new tools (e.g.)
- Summarize privacy policies
- Displaying exact mismatch
- Alert and advice users
P3P is part of the solution
P3P1.0 helps users understand privacy policies but is not a complete
solution
- Seal programs and self-regulations
- Anonymity tools / Encryption tools
- Laws and codes of practice
- Identity management tools (mostly based on P3P)
Basic components
- P3P provides a standard XML format that web sites use to encode their
privacy policies
- Sites also provide XML "policy reference files" to indicate which
policy applies to which part of the site
- Sites can optionally provide a "compact policy" by configuring their
servers to issue a special P3P header when cookies are set
- No special server software required
Some minimum disclosures
- A human readable privacy policy <discuri />
- Contact Info on data controller <entity>
- Dispute resolution <disputes-group>
- Purpose and retention <purpose> <retention>
- Ways to access personal data <access>
Privacy Policy I
- Designed to be read by a human
- Can contain fuzzy language with "wiggle room"
- Can include as much or as little information as a site wants
Privacy Policy II
- Easy to provide detailed explanations
- Sometimes difficult for users to determine boundaries of what it
applies to and when it might change
- Web site controls presentation
Short Notice I
- Designed to be read by human
- standardized containers
- still wiggle room in those containers
Short Notice II
- does not provide details
- layering → notice → full policy
- replaces the user's concern by content providers assumption of
concern
P3P I
- Designed to be read by a computer
- Mostly multiple choice - sites must place themselves in one "bucket" or
another
- Must include disclosures in every required area
P3P II
- Limited ability to provide detailed explanations
- Precisely scoped
- User agent controls presentation
P3P increases transparency
- Discover/advice on any third party cookies
- Discover/advice on third party content (Web-bugs e.g.)
- Display the exact mismatch
P3P and third party content
Discovering the exact mismatch
P3P User Interface works (1.1)
User interface issues
- separation of content and layout
- new challenges on UI from mobile sector
- unsolved: how to handle smart dust (ubiquituous computing)
The Future: EPAL
- Enforce the assertations made outside to the inside infrastructure
- more fine grained
- able to help control the complexity of privacy management inside
- Currently only IBM, gathering a community for further work in W3C
Conclusion
- P3P requires presence of privacy policy
- P3P is technically the better way to do short notices
- Short notices can be generated (in many languages) using P3P
- P3P committments can be brought into the company using EPAL
Further information