Finally, users have control over how sites use their personal information.
One of the major sources of friction for e-commerce is privacy. In poll after poll, consumers consistently say they are most concerned about how their personal data is used by the Web sites they visit. Cookies get implanted onto users’ hard drives and used by any number of sites to help target marketing messages of all kinds. Any time a user fills out a form or surrenders her credit-card number, she risks that data being used in ways she had not intended. And the privacy policies posted on sites are hard to understand even for lawyers.
At its most basic level, P3P is a standardized set of multiple-choice questions covering all the major aspects of a Web site’s privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users. P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P-enabled browsers can read this snapshot automatically and compare it to the consumer’s own set of privacy preferences. If a site violates those preferences, the browser can issue alerts or even block sites that don’t conform.
“What makes P3P so good is that it empowers users to make choices on the information collected,” says Josh Freed, director of privacy technology for Washington, D.C.-based Internet Education Foundation. Because of the power it gives consumers, it will force sites not only to P3P-enable their privacy policies, but also to improve the policies they have, he adds. If a site does not cater to user privacy preferences, it will lose their business to sites that do.
“P3P is forcing sites to take a second look at data collection, storage, use, sharing, access, and security,” Freed adds. “Companies are discovering that they do things with user data that they don’t need to in order to make money. The end result is better policies.”
“A year from now, the major Web sites will be P3P-enabled,” says Lorrie Cranor, head of the W3C’s P3P working group. “By that time, it will not be a question of whether smaller sites make themselves compliant, but when.”
Unpaved way for privacy
As promising as P3P is, it still faces significant challenges before it becomes ubiquitous. To date only about one-third of the top 100 sites are P3P-enabled, according to Richard Purcell, director of corporate privacy for Microsoft and an active member of the P3P working group. Another third of those are in the process of becoming P3P-compliant, which could take up to six months. “The rest of the sites are more long-term prospects at this point,” he says.
Indeed, the adoption rate among sites is the big question mark. After all, several standards and sets of best practices for privacy have been released in the past without much effect on the actual privacy policies of such companies as Amazon.com, whose privacy policies seem to change with the seasons.
Jules Polonetsky, chief privacy officer for New York City-based DoubleClick and a member of the P3P specification group, contrasts P3P with the work on best-practices efforts, and with a notable failure in TV. “All that work on best practices was doomed to fail because adoption was entirely optional,” he explains. “But when Microsoft incorporated P3P into IE [Internet Explorer] 6, sites began to see it as necessary for future survival.”
“Clipper chips are installed on every new TV sold in America, yet no one bothers to use the technology to filter content and ads. Why? Because none of the networks have any incentive to program in clipper-enabled ways,” Polonetsky adds. “Few people even know about the technology. Fewer people know how to program their remotes for clipper-chip filtering. [In contrast], having P3P functionality in IE 6 forces sites to follow the spec. Coupled with education, this will ensure P3P’s success.”
Another barrier is criticism from privacy advocacy groups such as the Electronic Privacy Information Center (EPIC). In published reports, EPIC claims that P3P fails to comply with baseline standards for consumer privacy. It also says that P3P is a complex and confusing specification that will be almost impossible for users to implement.
Cranor says the specification was never intended to set privacy standards. “Our mission is self-regulatory,” she says. “It is up to legislative approaches to set regulations. We simply encourage sites to post privacy policies so that users can decide which ones they prefer, and we can let the market decide what the best practices are.”
As for the complexity of the standard, it was never intended to be implemented in its raw form, says Cranor. Rather, companies such as IBM, Microsoft, and AT&T (for which Cranor works as her day job) are creating tools that enable sites to more easily comply with the specification and enable users to more easily configure their privacy preferences in their browsers. AT&T’s solution–Privacy Bird–is a browser plug-in that checks sites’ privacy policies, compares them to user preferences, and notifies users about discrepancies. The free program is in beta as this story goes to press, but is expected to be fully released later this spring.
The Policy Editor runs under versions of Windows and Linux with Java 2 enabled.
Polonetsky says that though P3P is not perfect, it will have a positive impact on privacy policies throughout the industry. “This is a good practical solution to the privacy problem,” he says. “The idealists don’t want to concede to their vision of perfection. Ironically, they may do more damage to privacy by not compromising with practical solutions.”
Cranor echoes those sentiments. “Sure, there is room for improvement, most notably in the data security area,” she says. “But it is a necessary first step to improving privacy practices throughout the industry.”
Given its central role in future Web services developments, Microsoft’s long-term commitment to P3P speaks volumes about the specification’s importance to future technology. Purcell says Microsoft has been active in the P3P working group from the beginning, but it was not until the specification embraced XML (two and a half years ago) that the company saw the specification as central to the progress of privacy-enabling technology.
“In the last two years, we’ve made the decision to adopt P3P,” Purcell says. “Before we made the commitment, we wanted to make sure that P3P could be adopted in a real-world setting. We’ve been very keen on XML for some time; so the intersection of the W3C’s decision to implement the specification in XML was critical to our commitment.”
Part and parcel of that commitment was the company’s decision to P3P-enable Internet Explorer 6, which was released in August 2001 and also was the browser integrated into Windows XP. “There are approximately 100 million installations of IE 6 in use [at the time of writing],” Purcell says. “Sixty percent of all traffic to Microsoft.com Web sites comes from IE 6 users.”
But IE 6 implementation is only the start of Microsoft’s long-term strategy. Purcell says Microsoft is prepared to release a P3P statement generator after the specification is finalized around the time this article hits newsstands. And the statement generator is indicative of the role P3P will play in much of Microsoft’s future technology.
Purcell says the new emphasis on trustworthy computing puts a premium on privacy not only in the products Microsoft releases henceforth, but in the services it provides through Microsoft.com and MSN. “The four tenets of trustworthy computing are availability, integrity, privacy, and reputation,” Purcell says. “Central to all of these tenets is security. You can’t have privacy without security. I’ve been given expected deliverables in every quarter in the next two years related to making our [Microsoft.com] systems more trustworthy.”
As chief privacy officer, all of Purcell’s deliverables relate to privacy-enabling technologies processes, procedures, and training. Of course, Microsoft’s vision is only one perspective among many regarding the future of privacy technology. These perspectives run the gamut of information technology, from local-area networks of PCs to wireless Internet access. Regardless of the perspective or platform, P3P enjoys widespread support in industry. Part of that support is based on the specification’s flexibility.
“As we see e-commerce move from the desktop to the palmtop, P3P is the only way sites can provide notice of privacy policies to users,” the Internet Education Foundation’s Freed says. “Imagine trying to read one of those long and tedious policies on a Palm handheld. If it is hard on a PC, it is impossible for a palmtop.”
Human-readable privacy policies
P3P implementation guide
ComputerUser has obtained a working draft of the Internet Education Foundation’s P3P Implementation Guide. The guide helps Web site owners and administrators to implement P3P-enabled privacy policies. Following is a five-step plan, which should serve as a starting point for privacy officers and webmasters to develop P3P-enabled policies (paraphrased with permission).
Describe data collected on the site using P3P base data schema or data categories.
The P3P specification provides an XML template for all the user data your site collects. P3P gives site owners a great deal of flexibility as to the level of detail of the data description. The level of detail will ultimately affect how users interact with the data collected.
Categorize the purposes for which your organization collects and uses user data.
There is a variety of things you could do with the data you collect. Do you sell aggregate data? Do you use user demographics to sell ads? Do you sell specific user data to telemarketers? Etc. Compiling all the ways in which you use data and putting them into P3P “purpose” templates enables users to see how their data are used.
Categorize recipients of data you collect.
Chances are your user data doesn’t just sit in a database at your location. In order for it to be commercially useful, you need to share it with organizations such as DoubleClick or other partners of your site. P3P recipient “categories” help users know where their data goes.
Clarify opt-in or opt-out options available to your Web site visitors.
Whether you allow users to merely opt-in to promotional opportunities or force them to opt out of them is a crucial feature of any P3P policy.
Clarify dispute resolution, data retention, and access policies.
How will you resolve conflicts with users or partners regarding use and sharing of personal information? Where and how is this data stored and secured? Who has legitimate access to this data? P3P allows these policies to become machine readable.