P3P (Platform for Privacy Preferences Project)
Lorrie Faith Cranor, Carnegie Mellon University
How P3P Works
A P3P Preference Exchange Language
The Platform for Privacy Preferences (P3P 1.0) Specification defines a standard way for Web sites to encode their privacy policies in a computer-readable format and standard mechanisms for locating these policies and associating them with specific online content. Developed by the World Wide Web Consortium (W3C), P3P 1.0 was adopted as an official W3C Recommendation in April 2002 (Cranor, Langheinrich, Marchiori, Presler-Marshall, & Reagle, 2002a). P3P functionality has been built into popular Web browsers as well as browser add-ons and editing tools.
HOW P3P WORKS
Web sites that adopt P3P translate their privacy policies into a computer-readable format called XML (Bray, Paoli, Sperberg-McQueen, & Maler, 2000) and place the resulting P3P “policy” file on their Web sites. They also create an XML-encoded P3P “policy reference file” used to indicate the parts of a Web site to which a P3P policy applies.
Software tools that fetch and read P3P policies are referred to as “P3P user agents.” P3P user agents may be stand-alone software tools or modules built into Web browsers or other software. To fetch a P3P policy, user agents use the HTTP protocol (Fielding, Gettys, Mogul, Frystyk, Masinter, Leach, & Berners-Lee, 1999) ...