Logo         Community
  Trog
Services
The Company
Community
Columns
Your Account
Contact Us
 
 
Understanding P3P
Learn how P3P hopes to bring greater transparency to the way personal information is used over the Web.

| Private Thoughts |

Currently, privacy policies (when they exist) tend to be written in non-standard ways - some sites publish extremely precise privacy policies, crammed with so much legalese and fine print that reading it makes your head hurt, while others favour the spartan approach, providing next to no information on how they use personal information. Some sites merely log each client request, with no specific user information collected, while others ask for demographic data or track user clicks to generate a user profile. Similarly, some sites save user information to provide better service to the user when (s)he comes back the next time, while others collect user information and share it with other agencies in either aggregate or individual form.

P3P attempts to bring some standards and structure to the party, enabling sites to clearly and effectively communicate to users exactly how the information they provide will be used, and leaving it to the user to decide how to proceed.

Typically, a P3P-compliant Web site creates and publishes a privacy policy, using standard P3P-defined constructs, and places it on its Web site. This policy specifies, in clear and simple terms, the type of information collected by the site during the user's visit, as well as how the site plans to use the information. When a P3P-enabled Web browser connects to the Web site, it first looks for the site's privacy policy, analyzes it and then, depending on whether or not the site's published policy matches the user's comfort level, consummates or aborts the transaction.

This isn't necessarily a perfect solution - it implies, for one thing, that a user needs to specify his or her personal privacy preferences before attempting to access any Web site - but it does have merits. It allows the user to be aware of how personal information is going to be used *before* submitting it, offers him or her greater control over the process, and, by forcing a site to make its privacy policies public, implies greater accountability and transparency than is currently prevailing.

It's important to note, though, that P3P does not provide any mechanism to enforce the statements made in a site's privacy policy. Its focus is more on communicating stated policy accurately, thereby allowing for more knowledgeable decisions on the part of the user, and less on verifying the implementation of the policy. Enforcement of a site's privacy policy has more to do with the current legal framework than with P3P. As the W3C's P3P FAQ clearly states, "... P3P is intended to be complementary to legislative and self-regulatory programs...there is no reason why P3P and legislation should be exclusionary of each other..." (P3P and Privacy FAQ, W3C, 06/2001)

As a W3C project that is likely to impact Web users across the planet, P3P is a pretty important effort. Consequently, the W3C's P3P Working Group has solicited input from a large number of organizations to ensure that the specification is balanced and fair to all parties involved. Contributors to this process include some of the world's largest corporations, including AT&T, Citibank, Microsoft, IBM, and HP, as well as privacy advocates like Trust, and Privacy Alliance and TRUSTe.  As a result of all this input, P3P has taken a while to come to fruition...and the effort hasn't been helped by the rapid changes in XML-based technologies (P3P uses XML as its expression language), which have in turn necessitated changes to the P3P specification.


How to do Everything with PHP & MySQL
How to do Everything with PHP & MySQL, the best-selling book by Melonfire, explains how to take full advantage of PHP's built-in support for MySQL and link the results of database queries to Web pages. You'll get full details on PHP programming and MySQL database development, and then you'll learn to use these two cutting-edge technologies together. Easy-to-follow sample applications include a PHP online shopping cart, a MySQL order tracking system, and a PHP/MySQL news publishing system.

Read more, or grab your copy now!


previous page more like this  print this article  next page
 
Search...
 
In trog...
Logging With PHP
Building A Quick-And-Dirty PHP/MySQL Publishing System
Output Buffering With PHP
Date/Time Processing With PHP
Creating Web Calendars With The PEAR Calendar Class
more...
 
In the hitg report...
Crime Scenes
Animal Attraction
Lord Of The Strings
more...
 
In boombox...
Patience - George Michael
Think Tank - Blur
My Private Nation - Train
more...
 
In colophon...
Hostage - Robert Crais
The Dead Heart - Douglas Kennedy
Right As Rain - George Pelecanos
more...
 
In cut!...
American Chai
The Core
Possession
more...
 
Find out how you can use this article on your own Web site!


Copyright © 1998-2018 Melonfire. All rights reserved
Terms and Conditions | Feedback