Subscribe
About

New Internet privacy standard approved by W3C

By Staff Reporter, ITWeb
Johannesburg, 29 Apr 2002

The World Wide Web Consortium (W3C) approved a new standard last week that aims to protect Internet users` personal information by informing them of how well a Web site honours their privacy.

The standard, known as the Platform for Privacy Preferences (P3P), aims to give users the option of choosing which sites they transact with based on a set of predefined information-sharing criteria.

"At its most basic level, P3P is a standardised set of multiple-choice questions, covering all the major aspects of a Web site`s privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users," says the W3C.

The system has been widely compared to the nutritional labels printed on food products, except that the P3P "labels" can be read by Internet browsers. Microsoft already includes a limited form of P3P in its latest Internet Explorer browser.

"P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P-enabled browsers can `read` this snapshot automatically and compare it to the consumer`s own set of privacy preferences," says the W3C.

Internet users pre-select the amount and type of information they are prepared to disclose before browsing the Internet. Sites that require more information disclosure than the user specifies will be blocked. So, for example, users choosing not to divulge their home address will be warned when visiting a site that requires an address before being viewed.

However, P3P in no way prevents Web site owners from collecting the personal information provided by users and using it in any way they want. The system is primarily about disclosure by companies and rather than enforcing privacy rules, P3P aims to make Web site privacy statements easier for users to understand and manage. The standard is a voluntary system and its success will rest on the number of sites and users that use the technology.

"P3P 1.0 uses the normal HTTP 1.1 protocol for the exchange of policies, and the matching of policies to user preferences takes place on the client-side. Thus, P3P can be enabled on Web sites that use any HTTP server. Web sites can implement P3P 1.0 on their servers by translating their human-readable privacy policies into P3P syntax," according to the W3C.

Critics of the P3P standard have renamed the system "Pretty Poor Privacy" and they argue that a strictly technical solution to the problem of privacy will do nothing to protect users from privacy infringements.

The Electronic Privacy Information Centre (Epic) says: "Concerned users will configure their P3P user agents to reflect high privacy protections. However, when these users attempt to access the majority of commercial Web sites, endless pop-up windows warning them that a site wishes to go beyond their specified privacy preferences will result ... Consumers will likely respond to this frustrating situation by begrudgingly reverting to low P3P privacy protective configurations, thus maintaining the industry`s present privacy-invasive status quo.

"Many in the industry believe that the P3P standard will help solve the privacy problem because it will facilitate choice about privacy practices. But the real choice offered is not how to protect privacy, but how much privacy to give up," says Epic.

Share