P3P and the Future of PETs
Wednesday, November 11th, 2009I will be speaking on Thursday at the European Commission’s Workshop on the Economic Benefits of Privacy-enhancing Technologies in Brussels. With many calling for a revamping of ideas using metadata to help protect privacy, I felt that it was important to use the occasion to write a short paper entitled “Looking Back at P3P: Lessons for the Future,” which details the successes and failures of P3P (The Platform for Privacy Preferences).
P3P is a standard of the World Wide Web Consortium (W3C), the main standard setting body for the Web. It was created to allow privacy policies to be expressed as machine-readable statements. The history of P3P dates to a period when the privacy debate, in the United States and elsewhere, began to focus on encouraging companies to post human-readable privacy policies. As criticism increased about the complexity of those notices, there was a call to simplify them through standardization. If policies could be narrowed down to the equivalent of a multiple-choice set of options, then they could be made machine-readable.
The theory held considerable promise, if such statements would provide a clear, standardized means of rendering potentially complex privacy policies into a format that could be automatically parsed and instantly acted upon. Consumers could compare policies, enterprising companies or individuals could use P3P to develop more accurate means of rating and blocking sites, and governments could use the policies to instantaneously enforce data privacy laws.
(more…)


