RealTime IT News

Finally, Agreement on P3P

The World Wide Web Consortium (W3C), which launched its first public working draft of P3P 1.0 way back in 1998, has made it an official recommendation.

The move represents cross-industry agreement on an XML-based language for expressing Web site privacy policies.

Declaring P3P a W3C Recommendation indicates that it is a stable document, contributes to Web interoperability, and has been reviewed by the W3C membership, which favor its widespread adoption, the group said.

Of course, it was already being adopted and just this month technology giants AT&T and IBM introduced new tools that promote the P3P standard.

Six of the top 10 Web sites have P3P-compatible privacy technology now, as well as 30 percent of the top 100 Web sites, according to Lorrie Cranor, a developer at AT&T Research Labs and chair of the P3P Specification Working Group.

P3P was designed by a working group composed of privacy advocates, Web technology leaders, data protection commissioners and global e-commerce companies.

"Web site privacy policies are good, but understanding privacy policies is better," said Tim Berners-Lee, W3C director. "P3P serves as the keystone to resolving larger issues of both privacy and security on the Web."

At its most basic level, P3P is a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies. Taken together, the answers present a machine-readable version of the site's privacy policy.

P3P-enabled Web sites make this information available in a format such that P3P enabled browsers can "read" the privacy policy and compare it to the consumer's own set of privacy preferences. Consumers can then make informed decisions on whether to continue interacting with a particular site.