W3C home > Mailing lists > Public > www-p3p-policy@w3.org > March 2002

Re: P3P Specification Ambiguity: Cookies

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 6 Mar 2002 16:57:29 +0100
To: "INTERNET:www-p3p-policy@w3.org" <www-p3p-policy@w3.org>
Message-ID: <20020306155729.GD1427@localhost>
As you can see, if you read the archives of this list[1], Ben's suggestion
is violating the specification and doesn't change anything in the user's
perception. The user's perception will be key to the legal questions. So
his approach doesn't work at all.

What P3P does and what it doesn't is specified in the Specification. I
would be very reluctant to believe in FUD like "handling legal
obligations". This is just a term that can mean anything. 

The question, whether there is legal value in a P3P Statement depends on
the jurisdiction and is not elaborated for the moment. 

But I think it is clear, that if you declare a certain type of data
collection in P3P and your practice follows  the declaration, there
isn't that much harm...

And yes: Privacy is not easy. But not caring about privacy makes you
lose customers.

  1. http://lists.w3.org/Archives/Public/www-p3p-policy/

Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis

On Tue, Mar 05, 2002 at 07:24:28PM -0500, Ben Wright wrote:
> I agree that P3P is legally dangerous.  It is so incompetent for handling legal obligations
> that I have suggested companies disavow P3P altogether.  See http://www.disavowp3p.com
Received on Thursday, 7 March 2002 09:37:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:54 UTC