Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)


I dare to disagree with you. Not only because I was one of the editors of P3P. 
Not only because the complexity argument discussed was raised by me in 
Brussels. But also because P3P was perfectly legally enforceable. And because 
it was enforceable, assertions had to be correct. And that made it complex. 
Not only that, but also the complex protocol that was made in order to avoid 
disclosure of personal information before the policy was known. 

And it failed mainly because the Browsers never provided a correct interface 
for it. I had flamewars with them back then. My conclusion NOW is that browser 
hackers like dirt simple concepts that work, else they won't implement 
(Expression Specification). The semantic complexity is secondary as it only 
touches on the policy folks. And they are able to digest that (Compliance 

So I think, the P3P discussion is a distraction to our main concerns. We may 
come back to some P3P-like technologies in a different context to ease the 
burden for users and industry concerning all the necessary notifications that 
nowadays are required in the context of ecommerce scenarii. But this is not 
here and not now.


On Monday 06 February 2012 12:36:55 Jeffrey Chester wrote:
> None of the leading privacy groups at the time, with a few exceptions, saw
> P3P as an effective way to address data tracking, targeting.  Unlike DNT,
> it did not have the potential support of the privacy and consumer
> protection community.  I am sure implementation was difficult.  But back in
> the 1990's, when these issues were being debated at FTC and elsewhere, it
> was clear that P3P wasn't going to do the job.  But I respect our
> differences on the issue, and glad we are at this point.  Besides,
> marketing automation makes all this simpler, in some perverse way!

Received on Wednesday, 8 February 2012 10:46:53 UTC