1 / 14

The Platform for Privacy Preferences Project

The Platform for Privacy Preferences Project. Lorrie Faith Cranor AT&T Labs-Research Co-Chair, P3P Interest Group http://www.research.att.com/~lorrie/ http://www.w3.org/P3P/. Empowerment Tools. Prevent your actions from being linked to you Crowds - AT&T Labs

stephenfreeman
Download Presentation

The Platform for Privacy Preferences Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Platformfor Privacy Preferences Project Lorrie Faith CranorAT&T Labs-ResearchCo-Chair, P3P Interest Group http://www.research.att.com/~lorrie/http://www.w3.org/P3P/

  2. Empowerment Tools • Prevent your actions from being linked to you Crowds - AT&T Labs • Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs • Make informed choices about how your information will be used Platform for Privacy Preferences Project- W3C • Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and CommerceNet

  3. Platform for Privacy Preferences Project (P3P) A framework for automated privacy discussions under development by W3C • Services communicate about practices • Users exercise preferences over those practices • User agent can facilitate automated decision making, prompt user, exchange data, etc.

  4. useragent service user datarepository datapractices preferences user Basic P3P Concepts proposal agreement

  5. useragent service A Simple P3P Conversation User agent: Get index.html Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index.html

  6. More Complicated Conversations • Service offers choice of proposals • User agent makes counter proposal • User agent rejects proposal and asks service for another offer • Upon agreement, user agent automatically sends requested data • No agreement is reached

  7. Where we are and where we’re going . . . • Overall architecture • Proposal grammar • Harmonized vocabulary • Protocol structure • Syntax (encoded in RDF or XML) • Implementation guide • Preference interchange language October 1997 March 1998 May 1998?

  8. Experience space Service provider’s identity URL for privacy policy Consequence Qualified data set data set/element data category Purpose Qualifiers Required P3P Grammar

  9. Purpose Data category Qualifiers identifiable use recipients (domain of use) general disclosures access to identifiable information assurance (accountability) other disclosures change agreement retention P3P Vocabulary

  10. Physical contact information Online contact information Unique identifiers Financial account identifiers Computer information Navigation and click-stream data Transaction data Demographic and socio-economic data Preference data Content Data Categories

  11. Completion and support of current activity Web site and system administration Customization of site to individuals Research and development Contacting visitors for marketing of services or products Other uses Purposes

  12. Guiding principles Guidelines for user agent implementers Guidelines for service providers Guidelines for users Guidelines for server implementers Guidelines for creators of recommended settings Implementation Guide

  13. Guiding Principles • Information Privacy • Notice • Choice and Control • Fairness and Integrity • Security

  14. Good end-user implementations easy to use easy to plug in “recommended settings” not annoying use incremental adoption model privacy friendly Good server implementations and tools Adoption by many Web sites Users find it useful Endorsement by government-regulatory and self-regulatory organizations Keys to Success

More Related