180 likes | 293 Views
P3P: User Empowerment Tools for Web Privacy. Daniel J. Weitzner <djweitzner@w3.org> World Wide Web Consortium 23 April 2001 National Association of Attorneys General. Overview: Approaching Web Privacy. Unique Web Privacy Challenges Web Community Response: P3P
E N D
P3P: User Empowerment Tools for Web Privacy Daniel J. Weitzner <djweitzner@w3.org> World Wide Web Consortium 23 April 2001 National Association of Attorneys General
Overview: Approaching Web Privacy • Unique Web Privacy Challenges • Web Community Response: P3P • P3P: Necessary but not sufficient • Conclusion: Empowering users to address privacy problems
Loss of Control: The Unique Web Privacy Challenge • Intel Pentium ID • Windows Registry ID • Doubleclick ID matching
P3P: W3C's Platform for Privacy Preference The Goal of P3P -- Meet Increasing User Privacy Demands • Use the power of the Web to • enhance notice • enable choice • Streamline ecommerce transactions • Framework for global privacy
About the W3C • Mission: realize the full potential of the Web • Product: Technical standards and guidelines • HTML, XML, Style Sheets • Founded in 1994 by Tim Berners-Lee • Global Reach: MIT, INRIA (France), Keio University(Japan), Offices • 500+ members from industry, research, non-profit, user communities
P3P Functional Overview • Notice: Easy access to the service's privacy practices through standard privacy vocabulary (in XML) • Choice: machine-assisted policy guidance comparing user preferences with site practices • Assurance: Reference to assuring organizations – government, self-regulatory body
Personal Data Customer Information P3P In Operation Service User Choice Notice Privacy Preferences Personal profile Privacy Policy
P3P Status at W3C and in the market • P3P is W3C Candidate Recommendation (Draft Standard) • Active participation from vendor & user communities - financial services, data warehousing, mobile communications • Implementation Commitments: support from 25 companies; 8 companies with implementation plans
P3P Implementations • Web Sites • Web Software • Browsers: AOL/Netscape, Microsoft • Servers: IBM • Browser plug-ins: IDCide, YouPowered • Data mining/CRM: NCR
www.aol.com www.att.com www.cdt.org www.engage.com www.hp.com www.ibm.com www.idcide.com www.microsoft.com www.pg.com www.ttuhsc.edu www.youpowered.com www.vineyard.net www.w3.org www.whitehouse.gov P3P enabled web sites And many more….
P3P Implementations • IDcide Privacy Companion • IBM P3P Policy Editor • Create privacy policies in P3P and human-readable format • Available from IBM AlphaWorks site: http://www.alphaworks.ibm.com/tech/p3peditor • Microsoft Internet Explorer v6 – P3P for cookie control
Double clicking on the P3P icon indicates where the site’s policy differs from the user’s preferences
IDcide P3P Icons Searching for a P3P policy No P3P policy found P3P policy isNOT acceptable P3P policy isacceptable
Sites can list the typesof data theycollect And view the correspondingP3P policy
P3P: Necessary but not Sufficient • Necessary… • Statutes/regulations cannot make all choices or anticipate new relationships • Statutes/regulations should not make all choices • Lots of choices – machines can help • The Web is trans-jurisdictional
P3P: Necessary but not Sufficient • ..but not sufficient • 2 or 4 FTC Fair Information Practices • Notice • Choice • Security • Enforcement • 2 of 8 OECD FIPS • Procedural Rights: notice, enforcement • Minimum standards for sensitive information: financial, medical, …
P3P & the Law • Law alone won’t suffice • Build user trust through privacy empowerment tools • Combined effort by vendors & web services needed
Next Steps for P3P • Deployment in major browsers • Target Top 100 Web Sites • No blinking VCRs on the Web – Consumer Education More information: http://www.w3.org/P3P