P3P (Platform for Privacy Preferences Project)

Lorrie Faith Cranor, Carnegie Mellon University


How P3P Works

P3P Policies

A P3P Preference Exchange Language

P3P Software

P3P Adoption



Cross References


Further Reading


The Platform for Privacy Preferences (P3P 1.0) Specification defines a standard way for Web sites to encode their privacy policies in a computer-readable format and standard mechanisms for locating these policies and associating them with specific online content. Developed by the World Wide Web Consortium (W3C), P3P 1.0 was adopted as an official W3C Recommendation in April 2002 (Cranor, Langheinrich, Marchiori, Presler-Marshall, & Reagle, 2002a). P3P functionality has been built into popular Web browsers as well as browser add-ons and editing tools.


Web sites that adopt P3P translate their privacy policies into a computer-readable format called XML (Bray, Paoli, Sperberg-McQueen, & Maler, 2000) and place the resulting P3P “policy” file on their Web sites. They also create an XML-encoded P3P “policy reference file” used to indicate the parts of a Web site to which a P3P policy applies.

Software tools that fetch and read P3P policies are referred to as “P3P user agents.” P3P user agents may be stand-alone software tools or modules built into Web browsers or other software. To fetch a P3P policy, user agents use the HTTP protocol (Fielding, Gettys, Mogul, Frystyk, Masinter, Leach, & Berners-Lee, 1999) ...

Get Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.