Web consortium backs P3P privacy standard

By Brian Sullivan

April 18, 2002 Posted: 8:25 a.m. EDT (1225 GMT)

(IDG) -- The World Wide Web Consortium (W3C) has given its official blessing to the Platform for Privacy Preferences (P3P) 1.0 specification, despite criticism from some privacy advocates who said the standard does little to protect consumer privacy.

P3P is designed to allow Web browsers to determine if a site meets users' privacy expectations. W3C, which worked on the development of P3P, has officially endorsed the current version as the standard that Web sites and users should adopt, said W3C spokeswoman Janet Daly.

But some privacy experts scoffed at P3P.

"I think it is fair to say that consumer and privacy organizations have not been enthusiastic about P3P," said Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center. "I think it is certainly true that a lot of well-intentioned, smart people have been working on this for a long time. But to make it work for consumers, it has to be easy, effective and enforceable -- three E's for the three P's. As P3P now stands, I don't think it passes that test."

Jason Catlett, president of Green Brook, New Jersey-based Junkbusters Corp., also criticized P3P.

"P3P is unlikely to cause any material improvement in privacy," he said. P3P is simple to use: A user can install the technology on his computer and choose the level of privacy he wants. As the user surfs the Web, sites that use P3P indicate to the Web browser what level of privacy protections they offer. If a Web site doesn't adhere to the level of protection already chosen by the user, he is given a warning and allowed either to override the protection or to move on to a different site.

Both Catlett and Rotenberg said P3P doesn't prevent abuses by companies, and they called for legislation to codify privacy protections.

Daly said the W3C is aware of such criticism but added that P3P is just one part of a larger effort to ensure privacy on the Web. Privacy is going to be built and protected one step at a time, she said, and P3P is one of those steps.

That sentiment was shared by Ari Schwartz, associate director of the Washington-based Center for Democracy and Technology. Schwartz noted that the center has worked on P3P in the past.

"This is the first iteration of the tools, and I think, from my viewpoint, the tools are much easier to use than other first-generation tools," Schwartz said.

This iteration of P3P, he said, was aimed at getting companies to build privacy protection into their Web sites in ways beyond simply posting a multipage privacy policy that no one can understand.

A number of companies have endorsed P3P and begun to use it on their sites, Daly said. She pointed to Boston-based Fidelity Investments, which has already posted its reasons for adopting P3P on its Web site.

Even so, Rotenberg said, many sites have yet to endorse P3P, and he predicted that users would probably end up disabling it out of frustration. He said he also fears that companies could use P3P as a way of fending off more meaningful privacy legislation.

For P3P to really protect privacy, it has to be enforceable, Rotenberg said.


Find this article at: http://www.cnn.com/2002/TECH/internet/04/18/p3p.privacy.idg/index.html