- From: Giles Hogben <Giles.Hogben@enisa.europa.eu>
- Date: Fri, 24 Feb 2012 12:14:38 +0000
- To: Rigo Wenning <rigo@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>
Indeed, I have also been thinking that P3P could be revived/adapted to help web site owners fulfil the new European cookie rules which are already in force in some member states (as well as DNT). The compact policy is not impractical with an editor - few people write XML by hand either... -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: 24 February 2012 12:42 To: public-privacy@w3.org Cc: Richard Barnes Subject: Re: P3P NOT fail Hi Richard, and here is Lorrie's answer: http://arstechnica.com/tech-policy/news/2012/02/web-privacy-standards-easy-to- break-hard-to-enforce.ars really worth reading. And I agree with her answer to the claim that the P3P compact format is "impractical": "It's not obvious to me there's any fundamental reason why a proper P3P compact policy wouldn't work in that scenario." In the work on DNT I constantly see the desperate need for simple notification of the user coming up. And people there constantly re-invent P3P with other angle brackets. So claiming P3P is outdated is IMHO a self-serving declaration. P3P is not widespread anymore and we may re-invent it in some other ways. Because whoever asks for "Transparency: Consumers have a right to easily understandable information about privacy and security practices." will have to look at P3P as it provides exactly that. (see http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait- obama-administration-unveils-blueprint-privacy-bill-rights for that last statement) But I also think it's clear that we won't take up P3P as is. How to re-invent P3P? Dave Raggett had made a nice suggestion: http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/ This merits further discussion IMHO Best, Rigo On Tuesday 21 February 2012 08:43:20 Richard Barnes wrote: > Internet Explorer is configured by default to reject cookies unless a > certain P3P policy is present. Google, Facebook, et al. say "This is > not a P3P policy". According to Lorrie Cranor, this practice is used > by around 1/3 of websites, including msn.com and live.com. > > " > "Microsoft uses a 'self-declaration' protocol (known as 'P3P') dating > from 2002 under which Microsoft asks websites to represent their > privacy practices in machine-readable form," Google Senior VP of > Communications and Policy Rachel Whetstone says in a statement > e-mailed to Ars. "It is well known—including by Microsoft—that it is > impractical to comply with Microsoft’s request while providing modern > web functionality." > " > > <http://arstechnica.com/tech-policy/news/2012/02/google-tricks-internet-expl > orer-into-accepting-tracking-cookies-microsoft-claims.ars>
Received on Friday, 24 February 2012 12:15:08 UTC