Machine Interpretable Privacy Policies — A fresh take on P3P

W3C’s Platform for Privacy Preferences (P3P) was published as a W3C Recommendation in July 2002. It defines a machine interpretable format for websites to express their privacy practices, but failed to live up to its initial promise. One factor behind this is the flexibility that P3P offers for representing policies poses huge challenges for expressing user preferences in a practical way for the purposes of automatic comparison of preferences with policies.

This problem was recognized early on, leading to the definition of compact policies for P3P (as implemented in Internet Explorer), however, this is limited to cookies, and I wanted to cover much more than that whilst enabling a practical treatment of the user interface for expressing privacy preferences. To try this out in practice I developed a Firefox extension and adopted a JSON-based format for policies. For more details see my paper, which was submitted to the W3C Workshop on Privacy and data usage control, held 4-5 October 2010 at MIT.

About dsr

I am a member of the [ W3C] Team working on assignment from [ JustSystems]. For more details see my [ personal page].

This entry was posted in Privacy, W3C. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *