display | more...
The Platform for Privacy Preferences Protocol (P3P) is a W3C specification for a web site to encode its privacy policy into a machine readable format. This XML file can then be parsed by the end user's browser agent, which has been preprogrammed with the user's privacy preferences, and may take actions based on these preferences.

As an enduser, Alice goes to www.connect.example.com. Her browser fetches the P3P policy file for the root area, which tells her agent that the only data collected is normal webserver logs. A few clicks later, Alice reaches the members section, where logon IDs are user's email addresses. Her browser agent has fetched the relevant policy file, and, as programmed by Alice, warns her of the about to be requested email address, and the purpose, as specified in the policy file, "to maintain a userbase, and allow targeted membership mailings."

Alice chooses to enter, and later decides to buy a membership. Again, her browser agent has fetched the relevant policy, and warns her that her name, address, telephone number, and credit card will all be collected, for the company sales list.

P3P is not an enforcement or regulatory standard. It is a simply a mechanism for the clear, concise, communication of a privacy policy. However, in many regulatory environments, the publication of a privacy policy can make it a binding contract.

The W3C deferred including a data transfer specification in P3P 1.0, to allow the 1.0 specification to be published in a reasonable timeframe.


Log in or register to write something here or to contact authors.