W3C home > Mailing lists > Public > www-p3p-policy@w3.org > September 2002

Single compact policy and diverse cookie usages - are we exposed?

From: charles watty <acwatty@hotmail.com>
Date: Mon, 16 Sep 2002 19:50:24 -0400 (EDT)
To: www-p3p-policy@w3.org
Message-ID: <F1451yfjSNqBnJA5zz000009901@hotmail.com>




Hello,

I've read several documents that recommend that a single compact policy be 
used and served with outgoing files.

My question is:
What is the risk to the issuing site if not all compact policies are 
specific to the cooke to which they are attached. For example, suppose I 
have 16 cookies, and 10 relate to minor things like site color preferences 
while 6 are related to account information and contain details such as 
address, ship-to location, country of residence etc. Now, I create a single 
policy that describes all of these uses and send it out with every file 
(cookies incl. of course).

The compact policy is not actually accurate in that it will overstate how 
each cookie uses personal information. It will err on the side of 
thoroughness, but it will err nonetheless. Is this an issue, or can we be 
sure that it is a legally acceptable interpretation of P3P compliance?

Thanks,
Charles

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Received on Tuesday, 17 September 2002 04:04:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT