P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003
Download
Report
Transcript P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003
P3P:
Platform for Privacy
Preferences
Charlin Lu
Sensitive Information in a Wired World
November 11, 2003
What is P3P?
The Platform for Privacy Preferences is a
standard, computer-readable format for
privacy policies and a protocol allowing
web browsers and other tools to read and
process privacy policies automatically.
Who created P3P?
World Wide Web Consortium (W3C) – a
nonprofit, industry-supported consortium
including researchers and engineers from over 420
institutions.
Participants in the development of P3P came from
around the world, including representatives from
industry, government, nonprofit organizations, and
academia.
Why was P3P created?
To increase consumer trust.
“If the ability to spend is the fuel that propels the economic engine, then
consumers’ trust and confidence in that engine is the lubricant.”
To protect privacy by allowing informed choice.
Privacy is the ability of individuals to exercise control over the disclosure
and subsequent uses of their personal information. Hence notice is
fundamental to the individual’s ability to protect his or her privacy.
To make choice easy.
Privacy policies are difficult and time-consuming to locate, to read, and to
understand; and they change frequently without notice.
How does P3P work?
1.
User sets
personal
privacy
preferences on a
tool such as a
browser.
How does P3P work?
2. Browser requests privacy policy from a (P3Pcompliant) Web site.
3. Browser compares the privacy policy with the
user’s privacy preferences and acts accordingly.
(Symbols, pop-up prompts, etc.)
P3P Policies Include:
Who is collecting this data?
What information is being collected?
For what purpose?
Which information is being shared with others?
Who are these data recipients?
Can users access their identified data?
Can users make changes in how their data is used?
What is the policy for retaining data?
How are disputes resolved?
Where can the detailed policies be found?
Purpose Specifications:
Completion and support of activity for which data was provided
Web site and system administration
Research and development
One-time tailoring
Pseudonymous analysis
Pseudonymous decision
Individual analysis
Individual decision
Contacting visitors for marketing of services or products
Historical preservation
Contacting visitors for marketing of services or products via
telephone
Other purpose
What P3P Accomplishes
Makes privacy notices easy to locate and easy to
understand.
Allows users to specify their privacy preferences once
so that they can be automatically compared to a web
site’s privacy policy.
Assists users in making decisions about when to
disclose personal information, how much, and to
whom.
What P3P Does NOT
Accomplish
Does NOT replace privacy regulations.
Can NOT protect the privacy of users in jurisdictions
with insufficient data privacy laws.
Can NOT ensure the companies or organizations follow
their stated privacy policies.
“P3P does not protect privacy, in and of itself. It does, however,
help create a framework for informed choice on the part of
consumers. Any efficacy that P3P has is dependent upon the
substantive privacy rules established through other processes – be
they a result of regulatory, self-regulatory, or public pressure.”
Controversy over P3P
“In the context of proper legislation, P3P is the most
promising solution to cyberspace privacy. It will
make it easy for companies to explain their practices
in a form that computers can read, and make it easy
for consumers to express their preferences in a way
that computers will automatically respect.”
– Professor Lawrence Lessig, Stanford Law School.
Controversy over P3P
P3P is:
a) Pretty Poor Privacy,
b) a Pretext for Privacy Procrastination, and
c) “a tacit acceptance of the great increase in the
tracking and monitoring of our minor activities that
take place over the Web.”
– Karen Coyle, Information Technology Specialist,
University of California
Support for P3P
Provides notice and consent
Promotes transparency and accountability
Intuitive
Flexible and global
Worthwhile process
Criticism of P3P
Lack of enforcement
Used as a procrastination tool
Unclear legal consequences
Importance of default settings
Unable to maintain current experience
Expensive to implement and maintain
Overly broad and vague purpose specifications
Ultimatum-style communication
More Criticism of P3P
Consumer and business confusion
Rejected by the European Union
Lack of actual choice
Assumes the need to gather information
Does not address third party data collection
Lack of control over an irreversible choice
Basic Conflict
What is the real problem?
Lack of knowledge about how
information will be used?
OR
The gathering of the data itself?
Universal Agreement
Enforcement mechanisms are needed.
“A technical platform for privacy protection…must be
applied within the context of a framework of enforceable
data protection rules, which provide a minimum and nonnegotiable level of privacy protection for all individuals.
Use of P3P in the absence of such a framework risks
shifting the onus primarily onto the individual user to
protect himself” – European Commission, 1998.