P3P Becomes a W3C Recommendation in April

On April 16, 2002 W3C released The Platform for Privacy Preferences 1.0 (P3P 1.0) as a Recommendation. P3P allows people to define and publish their Web site privacy policies, and helps automate how those policies are read. P3P also gives users control over the use of their personal information on Web sites they visit, thus promoting trust and confidence in the Web. According to Tim Berners-Lee, Director of W3C, "P3P serves as the keystone to resolving larger issues of both privacy and security on the Web."

At its most basic level, P3P is a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies. Taken together, the answers present a machine readable version of the site's privacy policy, a clear snapshot of how a site handles personal information about its users. P3P enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences.

According to Daniel J. Weitzner, W3C Technology and Society Domain Leader,"With P3P we are enabling the development of a whole new class of Web tools and services that will help users protect their privacy while streamlining ecommerce transactions. The fact that the Web now has a standard language for describing privacy practices will enable a new level of transparency in Web-based interactions. The added facility for dealing with privacy issues will be especially important with mobile and other new forms of Web access."

In addition to the release of P3P 1.0, W3C also released a Working Draft of A P3P Preference Exchange Language (APPEL) 1.0. The APPEL language describes collections of privacy policy preferences between P3P user agents. This document complements P3P 1.0 by specifying a language for describing collections of preferences regarding P3P policies between P3P agents. Using this language, a user can express her preferences in a ruleset, which can then be used by a user agent to make automated or semi-automated decisions regarding the acceptability of machine-readable privacy policies from P3P enabled Web sites.

The next steps for P3P will focus on implementations. The P3P Working Group plans to continue to provide resources and assistance to implementers who wish to make their sites P3P compliant. In addition to the P3P homepage, other useful resources include p3ptoolbox.org in cooperation with the Internet Education Foundation, and the JRC P3P demonstration and research platform.