1 / 18

P3P: User Empowerment Tools for Web Privacy

P3P: User Empowerment Tools for Web Privacy. Daniel J. Weitzner <djweitzner@w3.org> World Wide Web Consortium 23 April 2001 National Association of Attorneys General. Overview: Approaching Web Privacy. Unique Web Privacy Challenges Web Community Response: P3P

dinesh
Download Presentation

P3P: User Empowerment Tools for Web Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. P3P: User Empowerment Tools for Web Privacy Daniel J. Weitzner <djweitzner@w3.org> World Wide Web Consortium 23 April 2001 National Association of Attorneys General

  2. Overview: Approaching Web Privacy • Unique Web Privacy Challenges • Web Community Response: P3P • P3P: Necessary but not sufficient • Conclusion: Empowering users to address privacy problems

  3. Loss of Control: The Unique Web Privacy Challenge • Intel Pentium ID • Windows Registry ID • Doubleclick ID matching

  4. P3P: W3C's Platform for Privacy Preference The Goal of P3P -- Meet Increasing User Privacy Demands • Use the power of the Web to • enhance notice • enable choice • Streamline ecommerce transactions • Framework for global privacy

  5. About the W3C • Mission: realize the full potential of the Web • Product: Technical standards and guidelines • HTML, XML, Style Sheets • Founded in 1994 by Tim Berners-Lee • Global Reach: MIT, INRIA (France), Keio University(Japan), Offices • 500+ members from industry, research, non-profit, user communities

  6. P3P Functional Overview • Notice: Easy access to the service's privacy practices through standard privacy vocabulary (in XML) • Choice: machine-assisted policy guidance comparing user preferences with site practices • Assurance: Reference to assuring organizations – government, self-regulatory body

  7. Personal Data Customer Information P3P In Operation Service User Choice Notice Privacy Preferences Personal profile Privacy Policy

  8. P3P Status at W3C and in the market • P3P is W3C Candidate Recommendation (Draft Standard) • Active participation from vendor & user communities - financial services, data warehousing, mobile communications • Implementation Commitments: support from 25 companies; 8 companies with implementation plans

  9. P3P Implementations • Web Sites • Web Software • Browsers: AOL/Netscape, Microsoft • Servers: IBM • Browser plug-ins: IDCide, YouPowered • Data mining/CRM: NCR

  10. www.aol.com www.att.com www.cdt.org www.engage.com www.hp.com www.ibm.com www.idcide.com www.microsoft.com www.pg.com www.ttuhsc.edu www.youpowered.com www.vineyard.net www.w3.org www.whitehouse.gov P3P enabled web sites And many more….

  11. P3P Implementations • IDcide Privacy Companion • IBM P3P Policy Editor • Create privacy policies in P3P and human-readable format • Available from IBM AlphaWorks site: http://www.alphaworks.ibm.com/tech/p3peditor • Microsoft Internet Explorer v6 – P3P for cookie control

  12. Double clicking on the P3P icon indicates where the site’s policy differs from the user’s preferences

  13. IDcide P3P Icons Searching for a P3P policy No P3P policy found P3P policy isNOT acceptable P3P policy isacceptable

  14. Sites can list the typesof data theycollect And view the correspondingP3P policy

  15. P3P: Necessary but not Sufficient • Necessary… • Statutes/regulations cannot make all choices or anticipate new relationships • Statutes/regulations should not make all choices • Lots of choices – machines can help • The Web is trans-jurisdictional

  16. P3P: Necessary but not Sufficient • ..but not sufficient • 2 or 4 FTC Fair Information Practices • Notice • Choice • Security • Enforcement • 2 of 8 OECD FIPS • Procedural Rights: notice, enforcement • Minimum standards for sensitive information: financial, medical, …

  17. P3P & the Law • Law alone won’t suffice • Build user trust through privacy empowerment tools • Combined effort by vendors & web services needed

  18. Next Steps for P3P • Deployment in major browsers • Target Top 100 Web Sites • No blinking VCRs on the Web – Consumer Education More information: http://www.w3.org/P3P

More Related