- From: Lorrie Faith Cranor <lorrie@cs.cmu.edu>
- Date: Fri, 28 Nov 2008 08:31:38 -0500
- To: assadarat@yahoo.com
- Cc: www-p3p-policy@w3.org
Yes, service providers who share data with other companies must know whether they are the same or different. If they don't know then they can use the <unrelated/> tag. There is currently no way to do the comparison automatically, although if both parties use P3P that might be possible. Lorrie -- Lorrie Faith Cranor • lorrie@cmu.edu • http://lorrie.cranor.org/ Associate Professor, Computer Science and Engineering & Public Policy CMU Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA 15213 On Nov 28, 2008, at 4:59 AM, Assadarat Khurat wrote: > Hi all, > > I am a newbie for P3P. After reading the P3P specification, I have > one question below: > > About <Recipient> element, to be able to select some values e.g. > <delivery>, <same> and <other-recipient>, the original service > provider must know the data practices of other legal entities so > that it can say whether the data practice is the same or different. > Do I understand correctly? If yes, is there any automatic comparison > mechanism specified? > > thank you very much, > > Sand > >
Received on Friday, 28 November 2008 13:32:15 UTC