The Platform for Privacy Preferences Protocol (
P3P) is a
W3C specification for a
web site to
encode its
privacy policy into a
machine readable format. This
XML file can then be parsed by the
end user's
browser agent, which has been
preprogrammed with the user's
privacy preferences, and may take
actions based on these preferences.
As an enduser, Alice goes to www.connect.example.com. Her browser fetches the P3P policy file for the root area, which tells her agent that the only data collected is normal webserver logs. A few clicks later, Alice reaches the members section, where logon IDs are user's email addresses. Her browser agent has fetched the relevant policy file, and, as programmed by Alice, warns her of the about to be requested email address, and the purpose, as specified in the policy file, "to maintain a userbase, and allow targeted membership mailings."
Alice chooses to enter, and later decides to buy a membership. Again, her browser agent has fetched the relevant policy, and warns her that her name, address, telephone number, and credit card will all be collected, for the company sales list.
P3P is not an enforcement or regulatory standard. It is a simply a mechanism for the clear, concise, communication of a privacy policy. However, in many regulatory environments, the publication of a privacy policy can make it a binding contract.
The W3C deferred including a data transfer specification in P3P 1.0, to allow the 1.0 specification to be published in a reasonable timeframe.
http://www.w3c.org/P3P/