Appendix C. P3P: The Platform for Privacy Preferences Project

This appendix was contributed by Lorrie Cranor of AT&T Labs—Research. It is copyright AT&T and reprinted with permission.

The Platform for Privacy Preferences Project (P3P), introduced in Chapter 24, provides a standard way for web sites to communicate about their data practices. Developed by the World Wide Web Consortium (W3C), P3P includes a machine-readable privacy policy syntax as well as a simple protocol that web browsers and other user agent tools can use to fetch P3P privacy policies automatically. P3P-enabled browsers can allow users to do selective cookie blocking based on site privacy policies, as well as to get a quick “snapshot” of a site’s privacy policies.

This appendix provides an overview of how P3P works and how you can obtain and use it. For more information about P3P, see That site includes pointers to the complete P3P specification, lists of P3P software and P3P-enabled web sites, and more detailed instructions for using P3P on your web site. For a complete discussion of P3P and how you can use it to best advantage, see the forthcoming book, P3P, by Lorrie Cranor.

How P3P Works

The P3P specification includes a standard vocabulary for describing a web site’s data practices, a set of base data elements that web sites can refer to in their P3P privacy policies, and a protocol for requesting and transmitting web site privacy policies.

The P3P protocol is a simple extension to the ...

Get Web Security, Privacy & Commerce, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.