W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > February 2000

Re: Extension proposal for last call period

From: Lorrie Cranor <lorrie@research.att.com>
Date: Thu, 17 Feb 2000 18:22:24 -0500
Message-ID: <006201bf799d$d9564800$9816cf87@research.att.com>
To: "Jason Axtell" <jasona@fujo.com>, <www-p3p-public-comments@w3.org>
Cc: "Jason Fisher" <jasonf@fujo.com>, "Loren Will" <loren@fujo.com>, "Paul Sholtz" <paul@fujo.com>
Jason,

Thanks for your comments about P3P. The P3P Specification
Working Group reviewed your suggestion. We believe that P3P
can provide the functionality you suggest, by allowing sites
to supply multiple P3P policies, one for each service they offer
that has different data practices. We have added a feature
in our February 11 public working draft (see
http://www.w3.org/TR/P3P/ ) that allows sites to declare
multiple policies and indicate where on their site each
policy applies. This allows for more central administration
of policies. See section 2.2.1 for more information about this
new feature.

Regards,

Lorrie Cranor
P3P Specification Working Group Chair

----- Original Message -----
From: Jason Axtell <jasona@fujo.com>
To: <www-p3p-public-comments@w3.org>
Cc: Jason Fisher <jasonf@fujo.com>; Loren Will <loren@fujo.com>; Paul Sholtz
<paul@fujo.com>
Sent: Tuesday, January 25, 2000 9:00 PM
Subject: Extension proposal for last call period


> I would like to propose a possible extension to P3P 1.0.  This extension
is
> designed primarily to afford easier compliance with the Child Online
Privacy
> Protection Act (COPPA) in the US.  However, I believe it would be quite
> useful outside of this context as well.
>
> My proposed extension deals with the mechanism provided by P3P to declare
a
> piece of data required or optional.  COPPA, simply put, does not accept
such
> a simple designation.  COPPA uses a concept, which I think of as
> "independence of services", that functions as follows:
>
> Each service a web site offers to its users requires some set of personal
> data, without which the service cannot reasonably function.  COPPA
mandates
> that if a web site offers multiple services that require different (but
> possibly overlapping) data sets, a user must be allowed to consent to the
> collection of only the personal data that is required for whatever
> service(s) the user wants, without consenting to the collection of data
> required by the unwanted services.
>
> In order to provide this functionality for a privacy policy, it is
extremely
> helpful for a site to be able to list the specific pieces of data that are
> required for each service offered.  Thus, a user can choose to permit the
> collection of only the data that is absolutely neccessary.  There are
> several possible ways to implement this using P3P as it now stands, but
each
> has flaws:
>
> 1. Create separate privacy policies (and thus separate P3P documents) for
> each individual service.  From a technical standpoint, this seems to be a
> completely reasonable solution.  From a practical point of view, however,
> most sites only want to have one privacy policy to maintain.  In addition,
> having multiple privacy policies opens the way for different policies on a
> given site to conflict with one another and possibly create legal
> liabilities.
>
> 2. Create a single privacy policy, but use the existing optional attribute
> in the data element.  This attribute would be set to "no" only in those
> cases where every service offered by the web site required a particular
> piece of data.  Unfortunately, in many cases, this would not be very
helpful
> (virtually all info on a portal site would be optional by this
definition).
>
> 3. The purpose element of the statement could contain an 'other' element
> with a list of the names of services requiring the data:
>
> <statement>
>    <data-group>
>       <data (attributes here) />
>       <purpose>
>          pusposes here
>          <other>list of services here</other>
>       </purpose>
>    </data-group>
> </statement>
>
> In some cases, multiple pieces of data will be used by the same set of
> services, and thus can be grouped together in the code example above.
But,
> the worst (and possibly common) case requires the separation of each data
> element into its own statement in order to specify the services for which
it
> is required.  Even if this is acceptable, an extension is still needed in
> order for user agents to understand what the list of services in the other
> element actually represents.
>
> I propose strengthening the optional attribute of the data element by
> allowing the data element to contain a new element, possibly called
> "required-group", that would in turn contain one or more "required"
> elements.  Each required element would have either the name of a service,
or
> possibly some unique identifier that would reference a  "service" element
> found elsewhere in the document.  This scheme would allow user agents to
> identify the minimal set of data a user would need to consent to the
> collection of in order to use the desired set of services offered by a web
> site.  It would also allow web sites to comply more fully with COPPA's
> independence of services requirements, or simply to offer users a more
> complete picture of how their data is used.
>
> I have only very recently read the P3P spec, and I might be missing
> something here.  So, if anyone knows of a better way of dealing with this
> problem, especially in terms of COPPA compliance, I would appreciate some
> feedback.
>
> Thanks,
>
> Jason Axtell
> Software Engineer, Fujo, Inc.
> jasona@fujo.com
>
>
Received on Thursday, 17 February 2000 18:23:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:16 GMT