P3P: Platform for Privacy Preferences

1
P3PPlatform for Privacy Preferences

• Charlin Lu
• Sensitive Information in a Wired World
• November 11, 2003

2
What is P3P?

• The Platform for Privacy Preferences is a
  standard, computer-readable format for privacy
  policies and a protocol allowing web browsers and
  other tools to read and process privacy policies
  automatically.

3
Who created P3P?

• World Wide Web Consortium (W3C) a nonprofit,
  industry-supported consortium including
  researchers and engineers from over 420
  institutions.
• Participants in the development of P3P came from
  around the world, including representatives from
  industry, government, nonprofit organizations,
  and academia.

4
Why was P3P created?

• To increase consumer trust.
• If the ability to spend is the fuel that
  propels the economic engine, then consumers
  trust and confidence in that engine is the
  lubricant.
• To protect privacy by allowing informed choice.
• Privacy is the ability of individuals to
  exercise control over the disclosure and
  subsequent uses of their personal information.
  Hence notice is fundamental to the individuals
  ability to protect his or her privacy.
• To make choice easy.
• Privacy policies are difficult and
  time-consuming to locate, to read, and to
  understand and they change frequently without
  notice.

5
How does P3P work?

1. User sets personal privacy preferences on a tool
   such as a browser.

6
How does P3P work?

• 2. Browser requests privacy policy from a
  (P3P-compliant) Web site.
• 3. Browser compares the privacy policy with the
  users privacy preferences and acts accordingly.
  (Symbols, pop-up prompts, etc.)

7
P3P Policies Include

• Who is collecting this data?
• What information is being collected?
• For what purpose?
• Which information is being shared with others?
• Who are these data recipients?
• Can users access their identified data?
• Can users make changes in how their data is used?
• What is the policy for retaining data?
• How are disputes resolved?
• Where can the detailed policies be found?

8
Purpose Specifications

• Completion and support of activity for which data
  was provided
• Web site and system administration
• Research and development
• One-time tailoring
• Pseudonymous analysis
• Pseudonymous decision
• Individual analysis
• Individual decision
• Contacting visitors for marketing of services or
  products
• Historical preservation
• Contacting visitors for marketing of services or
  products via telephone
• Other purpose

9
What P3P Accomplishes

• Makes privacy notices easy to locate and easy to
  understand.
• Allows users to specify their privacy preferences
  once so that they can be automatically compared
  to a web sites privacy policy.
• Assists users in making decisions about when to
  disclose personal information, how much, and to
  whom.

10
What P3P Does NOT Accomplish

• Does NOT replace privacy regulations.
• Can NOT protect the privacy of users in
  jurisdictions with insufficient data privacy
  laws.
• Can NOT ensure the companies or organizations
  follow their stated privacy policies.
• P3P does not protect privacy, in and of itself.
  It does, however, help create a framework for
  informed choice on the part of consumers. Any
  efficacy that P3P has is dependent upon the
  substantive privacy rules established through
  other processes be they a result of regulatory,
  self-regulatory, or public pressure.

11
Controversy over P3P

• In the context of proper legislation, P3P is
  the most promising solution to cyberspace
  privacy. It will make it easy for companies to
  explain their practices in a form that computers
  can read, and make it easy for consumers to
  express their preferences in a way that computers
  will automatically respect.
• Professor Lawrence Lessig, Stanford Law
  School.

12
Controversy over P3P

• P3P is
• a) Pretty Poor Privacy,
• b) a Pretext for Privacy Procrastination, and
• c) a tacit acceptance of the great increase in
  the tracking and monitoring of our minor
  activities that take place over the Web.
• Karen Coyle, Information Technology
  Specialist,
• University of California

13
Support for P3P

• Provides notice and consent
• Promotes transparency and accountability
• Intuitive
• Flexible and global
• Worthwhile process

14
Criticism of P3P

• Lack of enforcement
• Used as a procrastination tool
• Unclear legal consequences
• Importance of default settings
• Unable to maintain current experience
• Expensive to implement and maintain
• Overly broad and vague purpose specifications
• Ultimatum-style communication

15
More Criticism of P3P

• Consumer and business confusion
• Rejected by the European Union
• Lack of actual choice
• Assumes the need to gather information
• Does not address third party data collection
• Lack of control over an irreversible choice

16
Basic Conflict

• What is the real problem?
• Lack of knowledge about how information will be
  used?
• OR
• The gathering of the data itself?

17
Universal Agreement

• Enforcement mechanisms are needed.
• A technical platform for privacy
  protectionmust be applied within the context of
  a framework of enforceable data protection rules,
  which provide a minimum and non-negotiable level
  of privacy protection for all individuals. Use
  of P3P in the absence of such a framework risks
  shifting the onus primarily onto the individual
  user to protect himself European Commission,
  1998.