Out-Law News 1 min. read

W3C issues web site privacy standard


Web standards body the World Wide Web Consortium (W3C) has issued the Platform for Privacy Preferences (P3P) 1.0 as a W3C Recommendation, representing cross-industry agreement on an XML-based language for expressing web site privacy policies. P3P is designed to standardise and automate privacy decisions on-line.

"Web site privacy policies are good, but understanding privacy policies is better," said Tim Berners-Lee, W3C Director and the man credited with inventing the World Wide Web. "P3P serves as the keystone to resolving larger issues of both privacy and security on the Web."

According to the W3C, P3P provides a standard, simple, automated way for users to gain more control over the use of personal information on web sites they visit. At its most basic level, P3P is a standardised set of multiple-choice questions, covering all the major aspects of a web site's privacy policies. Taken together, the answers present a machine readable version of the site's privacy policy, basically a snapshot of how a site handles personal information about its users. P3P-enabled web sites make this information available in a standard, machine-readable format.

The W3C explains that P3P enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences. P3P puts privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see.

"With P3P we are enabling the development of a whole new class of web tools and services that will help users protect their privacy while streamlining e-commerce transactions," explained Daniel Weitzner, W3C Technology and Society Domain Leader. "The fact that the web now has a standard language for describing privacy practices will enable a new level of transparency in web-based interactions. The added facility for dealing with privacy issues will be especially important with mobile and other new forms of web access."

Declaring P3P a W3C Recommendation indicates that it is a stable document, contributes to web interoperability, and has been reviewed by the W3C Membership, who favour its widespread adoption.

P3P was designed by a Working Group composed of privacy advocates, web technology leaders, data protection commissioners, and global e-commerce companies. However, it appears that there was no involvement by any European Union Data Protection Commissioner, which could limit P3P's usefulness within the EU.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.