W3C home > Mailing lists > Public > w3c-news@w3.org > April to June 2002

News Release: World Wide Web Consortium Issues P3P 1.0 as a W3C Recommendation

From: Janet Daly <janet@w3.org>
Date: Tue, 16 Apr 2002 07:44:08 -0700
Message-ID: <3CBC38B8.A29FEC20@w3.org>
To: w3t-pr@w3.org, janet@w3.org, w3c-news@w3.org

W3C announces that the Platform for Privacy Preferences, an XML language
for describing privacy policies of Web sites, is now a Recommendation.
For more information, please contact Janet Daly, +1.617.253.5884.


World Wide Web Consortium Issues P3P 1.0 as a W3C

P3P gives people more control over use of personal information on the

Contact Americas, Australia -- 
     Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613 
Contact Europe -- 
     Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94 
Contact Asia -- 
     Saeko Takeuchi <saeko@w3.org>, +81.466.49.1170 

This press release and 20 testimonials in support of P3P are 
available on the Web at:


The P3P Recommendation:

http://www.w3.org/ -- 16 April 2002 -- The World Wide Web Consortium
(W3C) has issued the Platform for Privacy Preferences (P3P) 1.0 as a W3C
Recommendation, representing cross-industry agreement on an XML-based
language for expressing Web site privacy policies. Declaring P3P a W3C
Recommendation indicates that it is a stable document, contributes to
Web interoperability, and has been reviewed by the W3C Membership, who
favor its widespread adoption. P3P was designed by a Working Group
composed of privacy advocates, Web technology leaders, data protection
commissioners, and global ecommerce companies.

"Web site privacy policies are good, but understanding privacy policies
is better," remarked Tim Berners-Lee, W3C Director. "P3P serves as the
keystone to resolving larger issues of both privacy and security on the

P3P Helps People Make Informed Choices

The Platform for Privacy Preferences Project (P3P) 1.0, developed by
W3C, provides a standard, simple, automated way for users to gain more
control over the use of personal information on Web sites they visit.

At its most basic level, P3P is a standardized set of multiple-choice
questions, covering all the major aspects of a Web site's privacy
policies. Taken together, the answers present a machine readable version
of the site's privacy policy, a clear snapshot of how a site handles
personal information about its users. P3P-enabled Web sites make this
information available in a standard, machine-readable format.

P3P enabled browsers can "read" this snapshot automatically and compare
it to the consumer's own set of privacy preferences. P3P enhances user
control by putting privacy policies where users can find them, in a form
users can understand, and, most importantly, enables users to act on
what they see.

"With P3P we are enabling the development of a whole new class of Web
tools and services that will help users protect their privacy while
streamlining ecommerce transactions," explained Daniel J. Weitzner, W3C
Technology and Society Domain Leader, "The fact that the Web now has a
standard language for describing privacy practices will enable a new
level of transparency in Web-based interactions. The added facility for
dealing with privacy issues will be especially important with mobile and
other new forms of Web access."

P3P Results from International Cooperation

P3P is created through the consensus-based W3C Process. Participants 
in the development of P3P represent leadership in industry, government, 
and research. Chaired by Dr. Lorrie Cranor of AT&T Labs-Research; they 
include Akamai Technologies; American Express; America Online, Inc.;
AT&T; AvenueA; University of California, Irvine; Center for Democracy 
and Technology, USA; Charles Schwab Consultants; Citigroup; Doubleclick
Inc.; Electronic Network Consortium (ENC), Japan; Engage; Ericsson; 
GMD/Fraunhofer; Hewlett Packard Company; IBM; IDcide; Independent Center 
for Privacy Protection Schleswig-Holstein, Germany; Internet Education 
Foundation; Joint Research Center of the European Commission; Microsoft; 
NCR; NEC; Ontario Office of Information and Privacy; PrivacyBank; along 
with invited experts. Many organizations have provided statements of 
support, some are announcing implementations.

"International representation was key to providing a privacy vocabulary 
that meets diverse needs and requirements," explained Rigo Wenning, 
W3C Privacy Activity Lead. "The Working Group also benefitted from the 
joint presence of industry, public authorities and academics. The design 
of P3P takes into account the multitude of privacy frameworks
all over the world."

Next Steps for P3P Focus on Implementation

W3C's lists of P3P-enabled Web sites and P3P software continue to grow, 
including both plug-ins and browser-based implementations, P3P policy 
generators, and a P3P validator.

W3C's P3P Working Group plans to continue to provide resources and 
assistance to implementers who wish to make their sites P3P compliant. 
In addition to the P3P homepage, other useful resources include 
p3ptoolbox.org in cooperation with the Internet Education Foundation, 
and the JRC P3P demonstration and research platform. W3C
continues to maintain discussion fora for implementers and those 
interested in P3P.

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing 
common protocols that promote its evolution and ensure its 
interoperability. It is an international industry consortium jointly 
run by the MIT Laboratory for Computer Science (MIT LCS) in the USA, 
the National Institute for Research in Computer Science and Control 
(INRIA) in France and Keio University in Japan. Services provided by 
the Consortium include: a repository of information about the World 
Wide Web for developers and users, and various prototype and sample 
applications to demonstrate use of new technology. To date, nearly 
500 organizations are Members of the Consortium. For more 
information see http://www.w3.org/

P3P is a registered trademark of the World Wide Web Consortium.

These testimonials are in support of P3P 1.0. 

America Online Inc.; AT&T; Carnegie Mellon University; Center for 
Democracy and Technology, USA; DoubleClick; Ericsson, 
Hewlett Packard Company; Information Commissioner for the 
United Kingdom; Information and Privacy Commissioner, Ontario, 
Canada; Joint Research Centre of the European Commission; IBM; 
Microsoft; NEC; Privacy Council; The Proctor & Gamble Company; 
Independent Centre for Privacy Protection, 
Schleswig-Holstein, Germany; Commissioner for Data Protection, 
Brandenburg, Germany; University of Kassel; and Vanderbilt University

In French: INRIA

In German: Unabhängiges Landeszentrum, Datenschutz Schleswig-Holstein

          AOL has always regarded consumer privacy as one of our most
important values. In addition to supporting robust self-regulatory 
initiatives and industry best practices, we strongly support
technologies like P3P that empower consumers to personalize
their online experience and make informed choices about their privacy. 
We commend W3C for the work it has done on this important issue, 
and we look forward to continuing to work with W3C and other 
interested organizations on ways to enhance and implement the P3P
standard and other similar technologies.
         -- Tatiana Gau, Senior Vice President, Integrity Assurance,
            America Online Inc.

          Customers have long relied on AT&T as a privacy leader to make
responsible decisions about how to use and protect customer information.
P3P takes privacy control to the next level, by empowering consumers to
make their own privacy decisions in real time as they surf the Web. AT&T
is proud to have been a leader in the W3C efforts to develop and support
P3P. We encourage consumers to try our free Privacy Bird software, which
uses P3P to automatically read online privacy policies and compare them
with the user's privacy preferences.
        -- Michael C. Lamb, Chief Privacy Officer, AT&T

          Our study of P3P suggests that it provides an important first
step in automating personal information privacy assurances on the web.
My grandfather once told me, "never take a move back in Chess." I
believe that P3P is a move that can be confidently made forward that we
will not have to take back. While P3P lacks a number of features that
must ultimately be a part of automating personal information privacy
assurances, our studies, in analysis, software, and in teaching, have
suggested that P3P can be adopted with confidence that the essential 
characteristics of the platform will be carried forward. I certainly 
recommend its adoption by any group seeking to facilitate communications 
about privacy assurances.
        -- Bob Thibadeau, Director, Internet Systems Laboratory, 
           School of Computer Science, Carnegie Mellon University

          CDT believes that the P3P 1.0 Specification is an important
step in data protection and privacy because it promotes greater
transparency among Web sites and their privacy practices. While P3P
alone will not resolve each and every critical aspect surrounding
privacy issues, the use of automated privacy policies will help
facilitate the clear understanding of privacy practices before users
agree to hand over personal information to Web sites, which is an 
essential first step. P3P provides the reliable foundation for much 
needed frameworks incorporating additional privacy enhancing 
technologies; better consumer education; and baseline legislation 
to create a national standard for privacy expectations online.
        -- Ari Schwartz, Policy Analyst, Center for Democracy and
           Technology (USA)

          P3P has already had a dramatic effect on the practices of Web
sites by causing thousands of companies to take a hard look at their
data practices. Businesses that never addressed data retention in their
privacy policies are now realizing that they need to address this in
their P3P statements. Just being required to make the statement "I keep
your data forever" has prodded many businesses to implement purging
policies! Similarly, sites are now more carefully self-auditing and
describing their cookie practices. The result in just a few months has 
been much more accuracy and transparency for users.
          -- Jules Polonetsky, Chief Privacy Officer, DoubleClick

Privacy is important to Ericsson. We have been working on ways to make 
sure that the users privacy is safeguarded, while enabling convenience. 
There is often a trade-off between convenience and the user's right to 
privacy and control. Users in the mobile Internet are extra sensitive
to privacy violations, as well as extra interactions. We believe that 
any standard must address these questions, and we feel P3P is a good 
first step.

Ericsson has been involved in the development of P3P. We have been 
working at how to use P3P to make sure that user data delivery in 
the mobile Internet is done in a way that safeguards the users privacy. 
Ericsson looks forward at continuing to assist the P3P working
group as P3P gains more traction in the mobile Internet.
	-- Helena Lindskog, System Manager and Lecturer, Ericsson Infotech

          P3P 1.0 is the set of building blocks for consistency in
declaring data collection practices across the World Wide Web. We
believe it will be become the standard for privacy interoperability. HP
has implemented P3P on its major e-commerce sites, including
hpshopping.com, and will complete our implementation across
hp.com over the next several months. HP believes that P3P is a key piece
of the solution for better serving customer privacy needs through
technology, baseline privacy legislation, third party oversight and
consumer education. 
          -- Barbara Lawler, Chief Privacy Officer, 
             Hewlett Packard Company

          Can I say how much I welcome this work which is a practical
step to providing individuals with control over their information? I
hope P3P will prove to be a useful part of the package of technical,
self-regulatory and legal measures to protect personal privacy on the
World Wide Web.
          -- Elizabeth France, Information Commissioner 
             for the United Kingdom

          The Platform for Privacy Preferences (P3P) provides a valuable
service to those online - it provides openness and transparency of 
privacy policies, where they were once lacking. P3P also gives users 
increased control over their personal information and brings a common 
vocabulary to Web privacy policies. Awareness of online privacy issues 
among Web site developers has risen considerably due to the work of the 
P3P team. Consequently, an ever-increasing number of Web sites are 
becoming P3P-enabled. Consumer privacy expectations continue to remain 
high, and P3P plays an important role in addressing some of those 
expectations. My office remains committed to the development of P3P 
and other privacy enhancing tools for the Web.
          -- Ann Cavoukian, Ph.D., Information and Privacy Commissioner,
             Ontario, Canada

          P3P is proving itself to be a workable tool for individuals to
better manage their privacy preferences online. IBM is pleased to have 
supported this effort through the development of the standard itself 
as well as P3P-compliant software.
          -- Martin Presler-Marshall, P3P Working Group co-chair and
             co-author, IBM

          As an active participant on the W3C P3P working group, the
Joint Research Centre welcomes the P3P standard as one important 
technical solution in improving trust relationships between consumers 
and e-business, in particular as a way of providing unambiguous, machine 
processable information on privacy practices. We will be continuing to
contribute to support the standard and its implementations through work 
on our P3P demonstration and research platform. Related to this, we are
also maintaining a P3P Resource center which aims to give users hands 
on experience of the standard's implications.

          -- Giles Hogben and Marc Wilikens, 
             Cybersecurity Research Group, Joint Research
             Centre of the European Commission

          Microsoft salutes the W3C P3P committee. We've been pleased to
be part of this industry effort to produce a technology that helps 
Internet surfers select their own level of privacy protection in dealing 
with Web sites. P3P takes a step towards providing consumers with more 
choices, so they have a better understanding about the information that 
is collected about them. In Microsoft's implementation of P3P in our
browser technology, the settings facilitate an understanding of what 
takes place in the background when consumers visit sites on the Web. 
>From a design perspective, it is very important for us to give 
consumers a privacy choice and control model, and also maintain the 
quick, productive and efficient browser software experience that 
people have come to expect. P3P provided the flexibility for us to
strike that balance.
          -- Richard Purcell, Privacy Officer, Microsoft Corporation

          NEC is pleased to see P3P 1.0 become a W3C Recommendation. 
P3P provides a standard way for web sites to disclose their privacy 
policies,  and thus enables individuals to control their personal 
information  while using the Web. NEC has been supporting W3C's P3P 
activity for years - the P3P validator service is now a common Web 
site check tool, and our ISP service "BIGLOBE" implemented P3P privacy 
policies  on more than thirty web sites.
        -- Fumio Onimaru, Senior Manager, Technical Standards,
           External Relations Division, NEC Corporation

          Privacy Council is fully committed to the P3P specification
developed by the W3C. We believe that P3P is one of the most important 
achievements in privacy enabling technology for the Internet. It 
provides a clear and concise mechanism for regulating consumer 
preferences when browsing or procuring goods and services from a 
Web site. In our opinion, P3P will make it easier for every Web site 
to comply with the spirit of privacy regulations by creating
electronically readable privacy policies. It also establishes
baseline accountability for Internet businesses to disclose privacy 
policies that truly reflect actual practices.
          -- Dr. Larry Ponemon, CEO, Privacy Council

          Proctor & Gamble is implementing P3P because it promises to
significantly help consumers control how their personal information is 
gathered and used by Web sites. P3P provides a common, machine-readable 
language for privacy, allowing consumers to easily read, understand, 
and compare the privacy policies of Web sites they visit. This in turn 
will build their trust and confidence that their personal information 
will be managed in accordance with their wishes.
          -- Mel Peterson, Privacy Manager, 
             The Proctor & Gamble Company

          P3P is the first international effort to integrate privacy
protection into the information technology of the global networks. This 
is a starting point to achieve more transparency, more choice and more 
orientation for the citizens on the Internet. Now, we have to implement 
and to disseminate P3P. In the interest of the human right of
privacy, there have to be further efforts in standardization.
          -- Dr. Thilo Weichert, Independent Centre for Privacy
             Protection Schleswig-Holstein, Germany

          P3P is a necessary but not sufficient condition for privacy.
The Platform for Privacy Preferences (P3P) is the most sophisticated 
proposal that has been made from a technical perspective so far to 
enhance privacy protection on the Web... [while] it cannot replace a
regulatory framework of legislation, contracts, or codes of
conduct... it [can] operate within such a framework.
          -- Dr. Alexander Dix, LL.M., Commissioner for Data 
             Protection and Access to Information, 
             State of Brandenburg, Germany

          The recommendation of the P3P-Standard is an important step
towards privacy protection in the Internet. It will enhance the 
transparency of data processing and improve the opportunity of
the users to choose services according to their privacy protection 
behavior. It will increase privacy protection awareness of all people 
involved. And it gives consumer associations or privacy protection 
officers a chance to design and distribute popular user preferences 
"and popular policies and to contribute in this way to a privacy
protection culture. The recommendation, however, does not support 
all privacy requirements in Germany and Europe. But the standard 
allows individual further developments, that meet further 
requirements of privacy protection. The recommendation is a first 
practical step with further steps to follow.
          -- Prof. Dr. Alexander Rossnagel, 
             University of Kassel, Germany

          As one of the premiere research centers in the world for the
study of digital commerce, eLab (http://elab.vanderbilt.edu/) 
recognizes the great importance and need for privacy policy standards. 
Digital businesses need to know who their customers are and these 
customers need the ability to control how their information is released
to others. P3P addresses both these needs by providing communication 
about data privacy practices between customers and Web sites as well 
as enhanced user control over the use and disclosure of personal 
information. eLab support 's P3P's goal to reach a state of
privacy equilibrium where the technology supported as a standard 
would allow consumers to take advantage of custom Web sites and control 
the information they share.

          -- Donna Hoffman, Professor of Marketing and Co-Director 
             and Co-Founder of eLab,
          Vanderbilt University

          P3P est une recommandation très importante parce qu'elle
apporte une solution standardisée à l'amélioration du contrôle des 
infomations personnelles sur le Web. P3P permet d'augmenter la 
confiance des utilisateurs, et par voie de conséquence, d'augmenter le
nombre d'usagers du Web. Cette confiance va également permettre 
l'innovation puisqu'il faut s'attendre à l'émergence de nouveaux 
services innovants, qui vont bénéficier à la fois aux utilisateurs 
finaux et aux transactions commerciales.
          -- Gérard Giraudon, Directeur du Développement et des
             Relations Industrielles, INRIA

          P3P ist der erste internationale Ansatz, Datenschutz in
informationstechnische Produkte im Kontext der globalen Vernetzung 
zu integrieren. Damit ist ein Anfang gemacht, um mehr Transparenz, 
mehr Wahlfreiheit und mehr Bürgerorientierung im Internet zu 
realisieren. Nun geht es darum, P3P zu implementieren und zu verbreiten. 
Weitere Standardisierungsbemühungen im Interesse des Grundrechtsschutzes 
müssen  folgen.
          -- Dr. Thilo Weichert, Unabhängiges Landeszentrum, Datenschutz
Received on Tuesday, 16 April 2002 10:44:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:48:31 UTC