Download
1 / 14
140 likes | 157 Views
Join the P3P Project to prevent linkages, develop relationships, and make informed choices about data use. Understand the automated privacy discussions and basic P3P concepts. Learn about simple and complex P3P conversations, implementation guides, and privacy principles for users, service providers, and implementers.
E N D
The Platformfor Privacy Preferences Project Lorrie Faith CranorAT&T Labs-ResearchCo-Chair, P3P Interest Group http://www.research.att.com/~lorrie/http://www.w3.org/P3P/
Empowerment Tools • Prevent your actions from being linked to you Crowds - AT&T Labs • Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs • Make informed choices about how your information will be used Platform for Privacy Preferences Project- W3C • Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and CommerceNet
Platform for Privacy Preferences Project (P3P) A framework for automated privacy discussions under development by W3C • Services communicate about practices • Users exercise preferences over those practices • User agent can facilitate automated decision making, prompt user, exchange data, etc.
useragent service user datarepository datapractices preferences user Basic P3P Concepts proposal agreement
useragent service A Simple P3P Conversation User agent: Get index.html Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index.html
More Complicated Conversations • Service offers choice of proposals • User agent makes counter proposal • User agent rejects proposal and asks service for another offer • Upon agreement, user agent automatically sends requested data • No agreement is reached
Where we are and where we’re going . . . • Overall architecture • Proposal grammar • Harmonized vocabulary • Protocol structure • Syntax (encoded in RDF or XML) • Implementation guide • Preference interchange language October 1997 March 1998 May 1998?
Experience space Service provider’s identity URL for privacy policy Consequence Qualified data set data set/element data category Purpose Qualifiers Required P3P Grammar
Purpose Data category Qualifiers identifiable use recipients (domain of use) general disclosures access to identifiable information assurance (accountability) other disclosures change agreement retention P3P Vocabulary
Physical contact information Online contact information Unique identifiers Financial account identifiers Computer information Navigation and click-stream data Transaction data Demographic and socio-economic data Preference data Content Data Categories
Completion and support of current activity Web site and system administration Customization of site to individuals Research and development Contacting visitors for marketing of services or products Other uses Purposes
Guiding principles Guidelines for user agent implementers Guidelines for service providers Guidelines for users Guidelines for server implementers Guidelines for creators of recommended settings Implementation Guide
Guiding Principles • Information Privacy • Notice • Choice and Control • Fairness and Integrity • Security
Good end-user implementations easy to use easy to plug in “recommended settings” not annoying use incremental adoption model privacy friendly Good server implementations and tools Adoption by many Web sites Users find it useful Endorsement by government-regulatory and self-regulatory organizations Keys to Success
