This appendix was contributed by Lorrie Cranor of AT&T Labs—Research. It is copyright AT&T and reprinted with permission.
The Platform for Privacy Preferences Project (P3P), introduced in Chapter 24, provides a standard way for web sites to communicate about their data practices. Developed by the World Wide Web Consortium (W3C), P3P includes a machine-readable privacy policy syntax as well as a simple protocol that web browsers and other user agent tools can use to fetch P3P privacy policies automatically. P3P-enabled browsers can allow users to do selective cookie blocking based on site privacy policies, as well as to get a quick “snapshot” of a site’s privacy policies.
This appendix provides an overview of how P3P works and how you can obtain and use it. For more information about P3P, see http://www.w3.org/P3P/. That site includes pointers to the complete P3P specification, lists of P3P software and P3P-enabled web sites, and more detailed instructions for using P3P on your web site. For a complete discussion of P3P and how you can use it to best advantage, see the forthcoming book, P3P, by Lorrie Cranor.
The P3P specification includes a standard vocabulary for describing a web site’s data practices, a set of base data elements that web sites can refer to in their P3P privacy policies, and a protocol for requesting and transmitting web site privacy policies.
The P3P protocol is a simple extension to the HTTP protocol. As shown in Figure C-1, P3P user agents use standard HTTP requests to fetch a P3P policy reference file from a “well-known location” on the web site to which a user is making a request.[231] The policy reference file indicates the location of the P3P policy file that applies to each part of the web site. There might be one policy for the entire site, or several different policies, each of which covers a different part of the site. The user agent can then fetch the appropriate policy, parse it, and take action according to the user’s preferences.
P3P also allows sites to place policy reference files in locations other than the well-known location. In these cases, the site must declare the location of the policy reference file using a special HTTP header or by embedding a <LINK> tag in the HTML files to which the P3P policies apply.
Here’s a plain English example of the kind of disclosure a web site might make in a P3P policy:
Steve’s Store strives to protect your privacy. When you come to our site to browse our catalog, we will not ask you to tell us who you are, and we will use data about your visit only to help us improve and secure our site. When you browse our site, we collect basic information about your computer and connection. We purge this information on a weekly basis. We also collect aggregate information on what pages consumers visit on our site.
Steve’s Store is a licensee of the PrivacySealExample Program. The PrivacySealExample Program ensures your privacy by holding web site licensees to high privacy standards and confirming with independent auditors that these information practices are being followed.
Questions regarding this statement should be directed to: Steve’s Store, 123 Steve Street, Bethesda, MD 20814 USA, Email: steve@stevesstore.com, Telephone (301) 392-6753. If you are not satisfied with our response to your inquiry, you may contact PrivacySealExample at http://www.privacyseal.example.org. Steve’s Store will correct all errors or wrongful actions arising in connection with the privacy policy.
And here’s what this policy would look like using the P3P syntax and encoding:
<POLICIES xmlns="http://www.w3.org/2000/12/P3Pv1">
<POLICY discuri="http://www.stevesstore.com/privacy.html"
name="policy1">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">Steve's Store</DATA>
<DATA ref="#business.contact-info.postal.street">
123 Steve Street</DATA>
<DATA ref="#business.contact-info.postal.city">Bethesda</DATA>
<DATA ref="#business.contact-info.postal.stateprov">MD</DATA>
<DATA ref="#business.contact-info.postal.postalcode">20814</DATA>
<DATA ref="#business.contact-info.postal.country">USA</DATA>
<DATA ref="#business.contact-info.online.email">
steve@stevesstore.com</DATA>
<DATA ref="#business.contact-info.telecom.telephone.intcode">1</DATA>
<DATA ref="#business.contact-info.telecom.telephone.loccode">301</DATA>
<DATA ref="#business.contact-info.telecom.telephone.number">
3926753</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS><nonident/></ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="independent"
service="http://www.PrivacySeal.example.org"
short-description="PrivacySeal.example.org">
<IMG src=http://www.PrivacySeal.example.org/Logo.gif
alt="PrivacySealExample logo"/>
<REMEDIES><correct/></REMEDIES>
</DISPUTES>
</DISPUTES-GROUP>
<STATEMENT>
<PURPOSE><admin/><develop/></PURPOSE>
<RECIPIENT><ours/></RECIPIENT>
<RETENTION><stated-purpose/></RETENTION>
<DATA-GROUP>
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>If you are familiar with XML (Extensible Markup Language), this encoding may look familiar to you. It is important to note that P3P policies are not designed to be read by end users. User agents will interpret these policies on a user’s behalf. In addition, every policy should contain the URL of the web site’s human-readable privacy policy.