Finally, Agreement on P3P

The World Wide Web Consortium (W3C), which launched its first
public working draft
of P3P 1.0 way back in 1998, has made it an official

The move represents cross-industry agreement on an XML-based language for
expressing Web site privacy policies.

Declaring P3P a W3C Recommendation indicates that it is a stable document,
contributes to Web interoperability, and has been reviewed by the W3C membership, which favor its widespread
adoption, the group said.

Of course, it was already being adopted and just this month technology giants
AT&T and IBM
introduced new tools
that promote the P3P standard.

Six of the top 10 Web sites have P3P-compatible privacy technology now, as
well as 30 percent of the top 100 Web sites, according to Lorrie Cranor, a
developer at AT&T Research Labs and chair of the P3P Specification Working

P3P was designed by a working group composed of privacy advocates, Web
technology leaders, data protection commissioners and global e-commerce

“Web site privacy policies are good, but understanding privacy policies is
better,” said Tim Berners-Lee, W3C director. “P3P serves as the keystone to
resolving larger issues of both privacy and security on the Web.”

At its most basic level, P3P is a standardized set of multiple-choice
questions, covering all the major aspects of a Web site’s privacy policies.
Taken together, the answers present a machine-readable version of the site’s
privacy policy.

P3P-enabled Web sites make this information available in a format such that
P3P enabled browsers can “read” the privacy policy and compare it to the
consumer’s own set of privacy preferences. Consumers can then make informed
decisions on whether to continue interacting with a particular site.

News Around the Web