p3ptoolbox.org

Implementation Guide
Implementer tools & User agents
Events
News & Media
FAQ
More Information
Sponsors
About IEF

Why Implement P3P?

Table of Contents
A.Distinguishing Data Privacy
B.Data Privacy is a Widespread & Tangible Issue
     i.Consumers are Looking for Options
     ii.Attitudes of Canadian and Australian Consumers
     iii.Businesses are Seeking Consumer Trust
     iv.The Technology Infrastructure is Evolving with Privacy in Mind
     v.Governments are Engaged
     vi.International Community Standards Have Emerged
C. Implementing P3P Makes Sense from Many Perspectives

  1. Why Implement P3P?

    This is the first question for anyone thinking of implementing P3P. Upon examining the specification and their organization´s privacy needs, each person may come up with a different reason, ranging from the desire to make their privacy policies easier to use to promoting privacy-enhancing technologies to the more pragmatic concern of maintaining Web site functionality. Any organization operating on the Internet wishing to increase user trust and confidence in the Web should consider implementing P3P.

    As you consider whether to implement P3P, it may be helpful to understand the broader context of the privacy issue on the Internet. This section discusses the benefits of implementing P3P and gives readers an overview of how various constituents recognize the privacy problem and their role in addressing the issue. A broader discussion of the privacy debate, its history and details about policy initiatives, laws and technologies is outside the scope of this Guide. If you want to learn more about data privacy concerns and efforts to address those concerns, there are many excellent books and Web sites to read. The P3PToolbox offers a list of suggested resources at http://www.p3ptoolbox.org.

    1. Distinguishing Data Privacy

      Before discussing how P3P impacts the privacy debate, it is important to clarify the definition of privacy for the purposes of this Guide. There are various types of privacy concerns reflected in laws and customs around the world. P3P has been developed to address a branch of privacy sometimes called data privacy or information privacy - the concern about an individual´s control over personal information about him or her1. Data privacy has imprinted itself globally as a major subject of concern for people.

      The information age has seen companies take advantage in the dramatic increase in data on individuals to provide them with more information on products, new services, and customized assistance or products. In recent years, however, media coverage of marketing companies amassing huge amounts of personal information about individuals and potentially creating detailed profiles about them have resulted in significant public concern. This has given rise to the need for companies to balance new services based on data collection with consumers concerns about personal information.

    2. Data Privacy is a Widespread & Tangible Issue

      As the information revolution began at the end of the 20th century, it gave companies the power to inexpensively collect and process large databases of personal information. Information is powerful and its collection and use is fundamental to our way of life. But the misuse of personal information can cause a range of problems from the nuisance of junk mail, to the stress of recovering from identity theft, to potentially devastating forms of discrimination. The Internet, with its exchange of information between computers, companies, schools, individuals and countries, has drawn Web users´ attention to information privacy.

      Each of the forces that shape our options and attitudes about privacy, whether they be governments, corporations, friends and family, or the technology infrastructure, are in their own way recognizing the importance of the privacy issue and are now involved in addressing concerns about data privacy. Governments are passing laws; companies are posting privacy policies and giving consumers more options; many individuals are questioning requests for personal information; and technology is being designed to not only process information more efficiently but to also store it securely and track its access and use.

      Consumers Are Looking for Options

      How P3P Can Help? P3P can help balance the information economy´s need for information to provide consumers with desired services with each individual´s desire for control over information about them by empowering people with tools for notice and control to make decisions based on their own preferences.

      Consumer polls have consistently demonstrated that privacy protection is a significant concern and are expressing concern about what data is collected from them, how it is protected, what it is used for, and how it is shared with others. A Business Week survey, released in March 2000 found that 82% of those polled were not at comfortable with online activities being merged with personally identifiable information, such as your income, driver´s license, credit data, and medical status. 2 In another recent survey, conducted by Harris Interactive in December 2001, 86% of respondents felt it was somewhat or very important that the Web sites they visited posted a privacy policy on their Web site.3

      Attitudes of Canadian and Australian Consumers

      As a result of such concerns about privacy, some consumers in Canada and Australia appear to be staying away from online shopping. Rather than becoming more comfortable with e-commerce as it becomes a more ubiquitous marketplace, some Canadian consumers are growing more concerned about the security and privacy of their personal and credit card information that is transferred online. A Canadian Ipsos-Reid survey found that: 83% of consumers who have not shopped online cited that their reluctance is due to not knowing what was being done with their information and who was watching their surfing habits and 69% of frequent Internet purchasers say they have concerns about handing out personal information like credit card numbers online.4

      Similar concerns were voiced by Australian consumers in a recent survey conducted by the Australian Privacy Commissioner´s office. This survey found:

      57% of Australians were more concerned about their privacy on the Internet than any other form of media.

      90% of Australians considered practices, including the monitoring of Internet usage without consent and seeking personal details irrelevant to a transaction, to be an invasion of their privacy.

      According to the Australian Federal Privacy Commissioner, Malcolm Crompton, Companies often fail to grasp the importance their customers place on privacy. Nearly half of Australians say they have already stopped - not thought about stopping, but actually stopped - transacting with organizations they feel they can't trust with their personal information.5

      Businesses Are Seeking Consumer Trust

      How P3P Can Help? P3P enables businesses to build trust with their customers and potential customers by making the privacy/data-gathering process more transparent. This allows consumers to better understand why and how companies collect information.

      This concern about privacy is starting to affect business practices. Companies are increasingly recognizing that providing clear information to their customers and allowing their customers a greater degree of control over the collection and use of their personal information makes good business sense.

      Beyond overcoming consumer confidence concerns, we are beginning to see an environment develop where privacy will be viewed as a general enabler in a wide range of commercial and non-commercial transactions. Respect for individual privacy is beginning to be used to differentiate one company from another in the marketplace and to build a closer, more focused bond between the company and the customer.

      Across the globe, many corporations are hiring executive level managers, often on the Chief Privacy Officer level, to create and implementing corporate-wide data management programs. There are Privacy Officer Associations and international training programs. Companies are recognizing the highly-valuable yet volatile nature of customer information and are beginning to take steps to manage it with the care such a valuable asset deserves.

      The Technology Infrastructure is Evolving with Privacy in Mind

      How P3P Can Help? Although the initial user agents will be focused on traditional Internet browsing, P3P lays the groundwork for standardizing the way in which an organization´s privacy practices are communicated via other communications devices such as wireless, PDAs, and voice-based devices. P3P is therefore just as relevant to emerging as it is to existing technologies.

      Computer programmers, the millions of individuals responsible for creating the computer revolution, the Internet, and the myriad of applications that we take for granted each day are taking informational privacy much more seriously. Technology ethics courses that include security and privacy issues are now part of curriculum at colleges and universities. Organizations such as the European Data Commissioners, Computer Professionals for Social Responsibility and the Association for Computing Machinery are helping developers recognize the power they wield when architecting new information systems and user applications.

      The emergence of P3P is evidence of this shift within the technology community. P3P has been developed to help steer the force of technology a step further toward automatic communication of data management practices and individual privacy preferences.

      Governments are Engaged

      How P3P Can Help? Governments around the world are closely watching how companies and organizations communicate their data management practices, handle consumer complaints, and transfer personal data. P3P facilitates the process of providing notice of data gathering and can therefore be a useful tool for compliance.

      In some jurisdictions, adherence to a set of privacy principles is not just good business; it´s also the law. It is an increasingly popular opinion that individuals, have an important stake in the proper management of their identity and that information6. Many policy leaders support, and some jurisdictions enforce, an individual´s right to determine who has access to personal information about them, to authorize what it is used for, and to be provided with a mechanism to review and correct that data.

      Europe. As the global community has faced the issues created by mass collection and exchange of personal data, some have taken the lead to promote strict standards for responsible information management. The European Union has taken the strongest steps to deploy information privacy regulation (called data protection legislation) including the creation of country-level data protection agencies7. Other non-EU countries such as Canada and Australia have passed comprehensive data protection legislation as well. The European data protection legislation includes strict provisions regarding when and how a European data controller may transfer data to other countries8.

      United States. In general, the United States has focused its data privacy laws on specific misuses of information, such as regulations prohibiting disclosure of video rental records, or on specific industries that deal with the most sensitive kinds of personal data, such as the credit, banking, and healthcare industries and information about children. Using existing trade and advertising laws and recognizing the importance of this issue to consumers, individual states attorneys general and the U.S. Federal Trade Commission have taken action against companies that mislead the public with regard to their privacy practices.

      International Community Standards Have Emerged

      How P3P Can Help? By implementing P3P, a Web site does not automatically comply with the OECD guidelines or the FTC recommendations, however when combined with other procedures and technical tools, P3P can help an organization address some of the Fair Information Practices.

      In 1980, recognizing the importance of the data privacy issue in international commerce, the Organization for Economic Cooperation and Development (OECD) issued privacy guidelines that have become an important foundation for the privacy debates since that time9. The guidelines were proposed to harmonize national privacy legislation and, while upholding human rights, prevent interruptions in international flows of data. They represent a consensus on basic principles which can be built into existing national legislation, or serve as a basis for legislation in those countries which do not yet have it.

      The guidelines formulate a set of eight principles, often referred to as Fair Information Practices. The principles are10:

      Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

      Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the Data Controller.

      Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

      Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

      Accountability Principle: A Data Controller should be accountable for complying with measures which give effect to the principles stated above.

      Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the Purpose Specification Principle of the OECD Privacy Guidelines except:

      1. with the consent of the data subject; or
      2. by the authority of law.

      Individual Participation Principle: An individual should have the right:

      1. to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
      2. to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him;
      3. to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able to challenge such denial; and
      4. to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.

      Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.

      Other Variations of the Data Protection Guidelines
      The Fair Information Principles represent an international consensus on how best to balance effective privacy protection with the free flow of personal data. These principles have been re-cast by some with variations. For example, organizations in the United States should note the formulation by the Federal Trade Commission of five elements that should be addressed in any data privacy standard:

      • Notice of the ways in which information will be used;
      • Consent to the use or third-party distribution of information;
      • Access to data collected about oneself;
      • Security and accuracy of collected data; and
      • Enforcement mechanisms to ensure compliance and obtain redress.

      P3P Facilitates Fair Information Practices
      The adoption of P3P into Web sites and communication technologies, promotes a technology environment that supports the Fair Information Practices.

      • P3P provides an automatic way for organizations to communicate to Web site visitors about the purposes for which personal data is collected.
      • P3P is based on openness and improving the level of conversation between data subjects and organizations who collect personal information on the World Wide Web.
      • With P3P, users can be notified prior to collection of information increasing their opportunity to consent or reject a specific request for information.
      • By improving notice to Web site visitors about what data is being collected about them, P3P will trigger more questions to the organizations collecting the information. This scrutiny will hopefully help organizations to take care to collect only information that is relevant and necessary to the organization.
      • P3P enables organizations on the Web to automatically communicate their privacy policy enforcement methods. As with human readable privacy policies and depending on jurisdiction, data subjects may bring claims against organizations who mislead data subjects using P3P policies.
    3. Implementing P3P Makes Sense from Many Perspectives

      How P3P Can Help? Each of the players in the information society is concerned about privacy and is struggling to develop and apply codes of conduct with regard to the use of personal data. P3P is an important step in that process - a step toward simplifying the communication about privacy practices and the choices individuals may have with regard to such practices. The P3P framework can facilitate our move toward a privacy sensitive information society.

      As you speak with others about implementing P3P within your organization, you´ll soon notice that different reasons for implementing will resonate with different people. Here are just a few of the various perspectives that you may encounter.

      A marketing perspective: P3P strengthens our users´s privacy, building goodwill between our customers and our brand.

      • Privacy is becoming a way of distinguishing a brand, with several companies incorporating strong privacy policies into their advertising.

      A policy perspective: Wide spread implementation of P3P will help empower consumers to choose their own level of privacy. I´sd prefer to have consumers make choices rather than have the government dictate one choice for everyone.

      • Several industry groups, such as the Privacy Leadership Initiative and the Online Privacy Alliance, are supporters of P3P.

      A technical perspective: With P3P user agent tools already available and in the marketplace, most Web users are now or soon will be using P3P when they visit our Web site, so we better implement P3P to make sure the Web site functions correctly.

      A legal perspective: Going though the Web site audit necessary to implement P3P will help our organization get a handle on our true data practices and will help us confirm the accuracy of our human privacy policy or identify areas that need to be updated.

      • Posting an inaccurate privacy policy or failing to make updates to a policy as a business grows are the biggest legal risks associated with privacy policies.
      • Although P3P alone would not constitute compliance with the various data protection laws enacted in recent years; P3P can be an important part of an overall compliance strategy.
      • P3P helps users make informed decisions based on a Web sites´ privacy practice disclosures. Informed choice is an important component of this. Flexibility enables P3P to be used in conjunction with various laws and policies the world over.

      An individual perspective: Individuals want more control over how their personal information is gathered and used. By implementing P3P, companies recognize the importance of providing individuals with the tools to control their own information..

      • The privacy debate touches every Web user. By empowering individual Web users to make their own privacy decisions, companies are also empowering themselves and their employees.
1For a healthy discussion of various types of privacy concerns reflected in the U.S. law, see Dorothy Glancy, At the Intersection of Visible and Invisible Worlds: United States Privacy Law and the Internet, 16 Santa Clara Comp. & High Tech. L.J. 357, 360 (2000).
2Business Week/Harris Survey, March 20, 2000, Business Week, Our Four-Point Plan E-privacy and e-commerce can coexist. Here's how to safeguard both, March 20, 2000; http://businessweek.com/2000/00_12/b3673006.htm
3Harris Interactive Survey, December 2001. For more information, visit http://www.understandingprivacy.org.
4Newsbytes, Security Concerns Plague E-tailing In Canada - Report, November 17, 2001; www.newsbytes.com/news/01/172521.html
5The West Australian, October 16, 2001; www.thewest.com.au/20011016/business/tw-business-home-sto28010.html
6For a discussion of this issue including a perspective that is promoting some level of ownership of one's personal information, see Julie E. Cohen, Examined Lives: Informational Privacy and the Subject as Object, 52 Stanford Law Rev. 1373, 1375 (2000). For some other perspectives, see Pamela Samuelson, Privacy As Intellectual Property?, 52 Stan. L. Rev. 1125 (2000); Eugene Volokh, Cyberspace And Privacy: A New Legal Paradigm? Freedom Of Speech And Information Privacy: The Troubling Implications Of A Right To Stop People From Speaking About You, 52 Stan. L. Rev. 1049 (2000); and Jessica Litman, Cyberspace and Privacy: A New Legal Paradigm? Information Privacy/Information Property, 52 Stan. L. Rev. 1283 (2000).
7Additional information can be found in article 29 of the directive, at http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html.
8This has triggered complex bi-lateral negotiations such as the Safe Harbor program created by United States and the European Union to address the need for companies to transfer employee and customer information across the Atlantic. See http://www.export.gov/safeharbor/.
9The OECD consists of representatives from 29 countries that work to develop policies to foster international trade.
10For a further discussion of the development of the Fair Information Principles see: http://www.ftc.gov/reports/privacy2000/privacy2000.pdf

P3P Implementation Guide

Table of Contents
Introduction
Section I
Section II
Section III
Section IV
Appendix

Please note that this document is a working draft for review and reference purposes only. Any questions or comments should be e-mailed to info@p3ptoolbox.org.