The World Wide Web Consortium this week is hosting a coming-out party for technology that will serve as the basic infrastructure for addressing privacy issues on the Web.
The Platform for Privacy Preferences Project (P3P) specifies a way for Web sites to communicate their privacy policies to end users and for end users to make informed choices about the personal information they reveal while surfing the Web.
Under development for two years, P3P will be demonstrated publicly for the first time at an event in New York on Wednesday. Among the companies expected to announce support for P3P at the event are IBM, AT&T, Microsoft and America Online.
"This interoperability event is a critical part of the development of this standard," says Daniel Weitzner, head of the World Wide Web Consortium's (W3C) Technology and Society group, which oversees P3P development. "We've done the bulk of the design work. Now we're looking for feedback from real developers about how it works."
If tests are successful, P3P advocates hope the specification will be standardized by the fall so it can be deployed before the holiday shopping season.
"We hope this event moves P3P along," says Ari Schwartz, a policy analyst with the Center for Democracy and Technology. "P3P is gaining a lot of momentum because people are seeing that it answers a lot of the [concerns about Web site visitor notification]. . . . P3P is the only answer available now, and it's something that makes sense."
P3P is a specification that lets Web sites express their privacy policies in XML - a simple, standardized machine-readable format that can be downloaded automatically and read by compatible Web browsers.
An end user would configure a P3P-compliant browser to understand what personal information he is willing to disclose to a Web site and how that information can be used. As the end user surfs the Web, his browser would automatically compare his privacy preferences to a Web site's policy and tell him whether or not the site meets his criteria (see graphic).
"P3P is the first consumer privacy standard that gives individuals more choices. That's what we really think is promising about it," Schwartz says. "For Web publishers, P3P offers the ability to instill trust in their users."
Web sites without XML expertise on staff can use one of several automated tools to generate P3P-encoded versions of their existing English language privacy policies - a process that takes only a few hours. Once the policy is converted, making changes or translating it into another language is simple. Web sites also can use P3P to establish different privacy policies for various parts of their Web sites.
Among the companies that have rewritten their Web privacy policies in P3P for the interoperability event are Microsoft, AT&T, IBM and Proctor & Gamble.
"P3P is fairly easy for sites to deploy," says Lorrie Cranor, a senior technical staff member with AT&T Labs Research. "Sites can go ahead and deploy P3P right now based on the May 10 revisions [to the specification], and hopefully there will not be many changes."
P3P has a chicken-and-egg problem, advocates admit. The specification is only useful when it is widely deployed by Web sites and Web surfers. That's why this week's product demonstration is so important, they say.
Companies showing P3P-compliant products at the event include:
IBM, which is showing automated tools already available as alpha code on its Web site that other Web sites can use to create P3P policies.
Engage, which will show a browser plug-in developed for Netscape's Mozilla browser.
PrivacyBot.com, which will unveil a Web-based privacy seal-of-approval service that lets companies generate P3Pcompliant privacy policies and carry a privacy trust mark on their Web site for $50 per year.
"These serious companies putting out P3P products definitely says to me that [P3P] is real," AT&T's Cranor says.
"Policy makers are rethinking the role of government in regulating privacy on the Web and asking how technology tools can help," says W3C's Weitzner. "In that sense, the P3P timing has been very good."
IBM 'Net guru has hope for privacy on the Web
Network World Fusion, 4/5/00.