- From: Dobbs, Brooks <bdobbs@doubleclick.net>
- Date: Fri, 20 Dec 2002 13:41:37 -0500
- To: "'public-p3p-ws@w3.org'" <public-p3p-ws@w3.org>
P3P Future Work Items 4.c: Cross-product problem -- need for grouping mechanism Purpose/Scope Full P3P XML Policies allow for individual <STATEMENT>s within a <POLICY> to effectively group <PURPOSE>s, <RECIPIENT>s and data <CATEGORIES>. The Compact Policy does not have a <STATEMENT> element and it is therefore impossible to produce these logical groupings. The result of this is an overall aggregation of all declarations that may provide an imperfect description of the data practices related to the cookie. For instance, a full policy can say that data <CATEGORIES>:: <FINANCIAL>, <GOVERNMENT>, <ONLINE> where used for <PURPOSE>s: <CONTACT>, <INDIVIDUAL-ANALYSIS>, <INDIVIDUAL-DECISION> internally by <RECIPIENT>::<OUR>, but also in a separate <STATEMENT> that <CATEGORIES>::<DEMOGRAPHIC>, <COMPUTER>, <UNIQUE> to be used for <PURPOSE>:: <PSEUDO-ANALYSIS> by <RECIPIENT>::<UNRELATED>. This has a vastly different meaning than the current CP rendition (FIN, GOV, ONL, COM, DEM, CON, PSA, IVA, IVD, OUR, UNR), which would imply PII information being given to an unrelated 3rd party. There is a need to create a <STATEMENT> like grouping mechanism within the CP. This would require some change to Compact Policy. I see several ways that this could be achieved: * Recreation of the <STATEMENT> element through new tokens "STA" and "/STA" allowing for valid and consistent groupings within. * Use of parenthesis, brackets or other grouping delimiter to achieve the same without directly implying all the properties of the <STATEMENT> element. Resources: As this will involve UA producers and the 1.1 working group. Brooks Dobbs Director of Privacy Technology DoubleClick, Inc. office: 404.836.0525 fax: 404.836.0521 email: bdobbs@doubleclick.net
Received on Friday, 20 December 2002 13:54:36 UTC