On January 28, 2002, the W3C released a proposed specification of the Platform for Privacy Preferences Project or P3P. This recommendation enables Web sites to express their privacy practices in a standardized format. These files can then be retrieved and interpreted by user agents.
P3P is an XML Specification
XML is a logical language to write privacy policies in. Tags can be created to cover the common elements involved, and these tags can be converted to human readable and computer parseable text. So, if you have an XML editor, you can write P3P privacy policies. And XML can be read and interpreted by computers as well as people.
Why Should I Use P3P?
With this in place on a Web site, customers could get browsers or other tools to report on Web sites they visit. For example: I might decide that I don't want to go to any site that sells my information to third parties. Using a browser that understands P3P, I might be able to set up that rule. Then, whenever I went to a site that indicated in their p3p.xml file that they sell information to third parties, the site would be blocked or I would receive a warning.
Another way that P3P helps consumers is through the mandatory ACCESS element. This element discloses how customers to the site can access personal data held by that site. The level of access may range from complete access to no access. But this allows the customers of the Web site the chance to make an more informed choice about the sites they visit.
P3P does not solve all privacy issues on the Web. The main goal of the project is to encourage the disclosure of privacy practices by Web sites. It would then allow the customer to compare the practices of a site with their own personal preferences.
How To Implement a P3P Policy On Your Site
- Create a written, human-readable policy.
Before you create a P3P policy, you should have a clear idea of what the policies are for your Web site. By writing them down, you can make sure that everyone involved with your Web site is aware of them, so that violations don't happen by accident.
- Clarify sub-policies or sub-sections where different policies apply.
There may be portions of your site where you allow cookies, or perhaps your European site has stricter privacy policies than your US one. These should be understood, and written out as well.
- Choose a P3P policy editor to build your policy.
While it is possible to create the XML by hand, it is much simpler to use one of the many policy generators available.
- Fill in all the fields in the generator.
It's also a good idea to use any error checking supplied by the generator.
- Upload the policy file(s) and policy reference file (p3p.xml) to your Web server.
These files are generated by the policy generator.
- Validate your policy.
Use the online validator to verify that you've done everything correctly.
- Watch for changes to the specification.
If the P3P specification changes, you may need to change your P3P policy to keep it up-to-date.
How to Use a P3P Policy While Browsing
There are currently two Web browsers that support the P3P policy implementation:
If you use Internet Explorer 5 or 6 for Windows, you can download the free plug-in Privacy Bird. (Their Web site doesn't mention if it works with IE 7.) The audio warnings get old after a while, but for the moment, I like having that angry little bird at the top of my window.
If you use Firefox, you can install the plugin PrivacyFox that has similar functionality to Privacy Bird.