Title: P3P A New Standard in Online Privacy
1P3PA New Standard in Online Privacy
Overview and Demos from Summer 2000
2P3P1.0 A first step
- Offers an easy way for web sites to communicate
about their privacy policies in a standard
machine-readable format - Can be deployed using existing web servers
- This will enable the development of tools (built
into browsers or separate applications) that - Provide snapshots of sites policies
- Compare policies with user preferences
- Alert and advise the user
3P3P is part of the solution
- P3P1.0 helps users understand privacy policies
but is not a complete solution - Seal programs and regulations
- help ensure that sites comply with their policies
- Anonymity tools
- reduce the amount of information revealed while
browsing - Encryption tools
- secure data in transit and storage
- Laws and codes of practice
- provide a base line level for acceptable policies
4Using P3P on your Web site
- Formulate privacy policy
- Translate privacy policy into P3P format
- Use a policy generator tool
- Place P3P policy on web site
- One policy for entire site or multiple policies
for different parts of the site - Associate policy with web resources
- Place P3P policy reference file (which identifies
location of relevant policy file) at well-known
location on server - Configure server to insert P3P header with link
to P3P policy reference file or - Insert link to P3P policy reference file in HTML
content
5P3P policies
- Machine-readable (XML) version of web site
privacy policies - Use P3P Vocabulary to express data practices
- Use P3P Base Data Set to express type of data
collected - Capture common elements of privacy policies but
may not express everything (sites may provide
further explanation in human-readable policies)
6The P3P vocabulary
- Who is collecting data?
- What data is collected?
- For what purpose will data be used?
- Is there an ability to opt-in or opt-out of some
data uses? - Who are the data recipients (anyone beyond the
data collector)?
- To what information does the data collector
provide access? - What is the data retention policy?
- How will disputes about the policy be resolved?
- Where is the human-readable privacy policy?
7P3P informs Web surfers
privacymanagerbutton
8Transparency
- P3P clients can check a privacy policy each time
it changes - P3P clients can check privacy policies on all
objects in a web page, including ads and
invisible images
http//www.att.com/accessatt/
http//adforce.imgis.com/?adlink2685231146ADF
ORCE
9A simple HTTP transaction
WebServer
10 with P3P 1.0 added
WebServer
11P3P today
- Intuitive promotes a seamless browsing
experiences while addressing privacy concerns - Transparent makes privacy policies clear to Web
users - Flexible compatible with both regulatory and
self-regulatory approaches, and with other
technology tools - Global developed with international diversity
in mind - End-to-End provides tools to more easily create
policies and checks sites for privacy assurance
seals - Expandable future versions could support
automatic negotiation of privacy agreements and
digital signature-based authentication - Available demos currently available
12P3P enabled web sites
- www.aol.com
- www.att.com
- www.cdt.org
- www.engage.com
- www.hp.com
- www.ibm.com
- www.idcide.com
- www.microsoft.com
- www.pg.com
- www.ttuhsc.edu
- www.youpowered.com
- www.vineyard.net
- www.w3.org
- www.whitehouse.gov
And many more.
13P3P User Agent Demos
- Microsoft/ATT P3P Browser Helper Object
- Idcide Privacy Companion
- YOUpowered Orby Privacy Plus
14Microsoft/ATT P3P browser helper object
- A prototype tool designed to work with Microsoft
Internet Explorer Browser - Not yet fully tested, still missing some features
15Preference settings
16(No Transcript)
17When preferences are changed to Disallow
profiling, the privacy checkwarns us that this
site profiles visitors
18IDcide Privacy Companion
- A browser plug-in that adds functionality to
Netscape or Internet Explorer browsers - Includes icons to let users know that sites use
first- and/or third-party cookies - Enables users to select a privacy level that
controls the cookie types allowed (1st or 3rd
party) - Prevents data spills to 3rd parties through
referer - Lets users view tracking history
- Prototype P3P-enabled Privacy Companion allows
for more fine-grained automatic decision making
based on P3P policies - http//www.idcide.com
19IDcide P3P Icons
Searching for a P3P policy
No P3P policy found
P3P policy isNOT acceptable
P3P policy isacceptable
20Double clicking on the P3P icon indicates
where the sites policy differs from the users
preferences
21YOUpowered Orby Privacy Plus
- A tool bar that sits at the top of a users
desktop and allows a user to - Accept or deny cookies while surfing
- Decide how, when and where to share personal
information - Store website passwords
- Enjoy the convenience of "one-click" form-fill
- P3P features in prototype automatically rate web
sites based on their P3P policies
22(No Transcript)
23Orby cookie prompt
24Orby preference setting menu
25Policy Generator Demos
- IBM P3P Policy Editor
- PrivacyBot.com
- YOUPowered Consumer Trust Policy Manager
Wizard
26IBM P3P Policy Editor
- Allows web sites to create privacy policies in
P3P and human-readable format - Drag and drop interface
- Available from IBM AlphaWorks site
http//www.alphaworks.ibm.com/tech/p3peditor
27Sites can list the typesof data theycollect
And view the correspondingP3P policy
28Propertieswindows allowssites to specify
detailed informationabout how eachtype of data
isused.
29PrivacyBot.com
Allows webmasters to fill out an online
questionnaire to automatically create a
human-readable privacy policy and a P3P policy
30YOUpowered Consumer Trust Policy Manager wizard
31For more information about P3P, please visit our
web site