P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

Singapore February 2001 Promoting Fair and Transparent Regulation in Securities Markets A Presentation to the APEC-OECD Co-operative Initiative on Regulatory.

Performance Indicator 4.08

1 Tools and mechanisms: 1. Participatory Planning Members of local communities contribute to plans for company activities potentially relating to business.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Handle with care : Digital marketing and online behavioural advertising Global guidance to help improve consumer trust in practice, techniques and messages.

ECON 425/563 // CPSC 455/555 NOVEMBER 6, 2008 Online Privacy.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Per Anders Eriksson

contracts Definition of contract purpose of contract scope of contract

Data Protection Overview

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

5BUS0253 FS 2 week 1 Financial Statements 2 Lecture 1.

C4- Social, Legal, and Ethical Issues in the Digital Firm

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

COMP 6125 An Introduction to Electronic Commerce Session 4: E-Commerce In Developing Countries.

Ready to use Cloud SLAs. SLALOM Project2 SLALOM is ready to use Cloud SLAs “SLALOM will take theory to practice, providing a trusted verifiable starting.

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

P3P: User Empowerment Tools for Web Privacy Daniel J. Weitzner World Wide Web Consortium 23 April 2001 National Association of Attorneys General.

Data Protection Act AS Module Heathcote Ch. 12.

Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages.

Mental Health Policy, Human Rights & the Law Mental Disability Advocacy Program Open Society Institute Camilla Parker October 2004.

1 DG Enterprise & Industry European Commission Conference on Better Regulation: Practical Steps Forward Reykjavík 6 June 2006 OVERVIEW OF THE BETTER REGULATION.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

Summary of responses presented on 10 th February 2011 by the European Commission in Brussels Annual seminar in Berlin – 27 th May

Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.

Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

 Cooperation and information exchange amongst financial supervisors and regulators are essential for effective oversight in an integrated financial system.

The Community Trade Mark (CTM) System. The Legal Framework Council Regulation (EC) No 40/94 of 20 December 1993 on the Community trade mark Council Regulation.

The Development of Environmental Protection in Information Age: Using Information as a Regulatory Tool and Its Perspective -- the Overview of US Experience.

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

The Contractual Regime of PayPal and Electronic Payments Irene Kull ETAg funding, project 9301.

Dr. Victoria Banti-Markouti

Service Organization Control (SOC)

APP entities (organisations)

Information Governance and Data Privacy: A World of Risk

Data Protection Legislation

The Legal Framework of the Digital Surveillance Economy Roger Clarke & Angela Daly APSN – Uni Hong Kong – 27 September 2017 Xamax Consultancy,

Current Privacy Issues That May Affect Your Credit Union

ESF Monitoring & Evaluation and Data Protection in Spain

Healthcare Privacy: The Perspective of a Privacy Advocate

Competency Standards for Mediators

Protecting Business Assets While Enabling Performance

"Claudette meets GDPR" ECCG Meeting Brussels 23 – 24 October 2018.

General Date Protection Regulation

General Data Protection Regulation (GDPR)

The Platform for Privacy Preferences Project

Presentation transcript:

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003

What is P3P? The Platform for Privacy Preferences is a standard, computer-readable format for privacy policies and a protocol allowing web browsers and other tools to read and process privacy policies automatically.

Who created P3P? World Wide Web Consortium (W3C) – a nonprofit, industry-supported consortium including researchers and engineers from over 420 institutions. Participants in the development of P3P came from around the world, including representatives from industry, government, nonprofit organizations, and academia.

Why was P3P created? To increase consumer trust. “If the ability to spend is the fuel that propels the economic engine, then consumers’ trust and confidence in that engine is the lubricant.” To protect privacy by allowing informed choice. Privacy is the ability of individuals to exercise control over the disclosure and subsequent uses of their personal information. Hence notice is fundamental to the individual’s ability to protect his or her privacy. To make choice easy. Privacy policies are difficult and time-consuming to locate, to read, and to understand; and they change frequently without notice.

How does P3P work? 1. User sets personal privacy preferences on a tool such as a browser.

How does P3P work? 2. Browser requests privacy policy from a (P3P- compliant) Web site. 3.Browser compares the privacy policy with the user’s privacy preferences and acts accordingly. (Symbols, pop-up prompts, etc.)

P3P Policies Include: Who is collecting this data? What information is being collected? For what purpose? Which information is being shared with others? Who are these data recipients? Can users access their identified data? Can users make changes in how their data is used? What is the policy for retaining data? How are disputes resolved? Where can the detailed policies be found?

Purpose Specifications: Completion and support of activity for which data was provided Web site and system administration Research and development One-time tailoring Pseudonymous analysis Pseudonymous decision Individual analysis Individual decision Contacting visitors for marketing of services or products Historical preservation Contacting visitors for marketing of services or products via telephone Other purpose

What P3P Accomplishes Makes privacy notices easy to locate and easy to understand. Allows users to specify their privacy preferences once so that they can be automatically compared to a web site’s privacy policy. Assists users in making decisions about when to disclose personal information, how much, and to whom.

What P3P Does NOT Accomplish Does NOT replace privacy regulations. Can NOT protect the privacy of users in jurisdictions with insufficient data privacy laws. Can NOT ensure the companies or organizations follow their stated privacy policies. “P3P does not protect privacy, in and of itself. It does, however, help create a framework for informed choice on the part of consumers. Any efficacy that P3P has is dependent upon the substantive privacy rules established through other processes – be they a result of regulatory, self-regulatory, or public pressure.”

Controversy over P3P “In the context of proper legislation, P3P is the most promising solution to cyberspace privacy. It will make it easy for companies to explain their practices in a form that computers can read, and make it easy for consumers to express their preferences in a way that computers will automatically respect.” – Professor Lawrence Lessig, Stanford Law School.

Controversy over P3P P3P is: a) Pretty Poor Privacy, b) a Pretext for Privacy Procrastination, and c) “a tacit acceptance of the great increase in the tracking and monitoring of our minor activities that take place over the Web.” – Karen Coyle, Information Technology Specialist, University of California

Support for P3P Provides notice and consent Promotes transparency and accountability Intuitive Flexible and global Worthwhile process

Criticism of P3P Lack of enforcement Used as a procrastination tool Unclear legal consequences Importance of default settings Unable to maintain current experience Expensive to implement and maintain Overly broad and vague purpose specifications Ultimatum-style communication

More Criticism of P3P Consumer and business confusion Rejected by the European Union Lack of actual choice Assumes the need to gather information Does not address third party data collection Lack of control over an irreversible choice

Basic Conflict What is the real problem? Lack of knowledge about how information will be used? OR The gathering of the data itself?

Universal Agreement Enforcement mechanisms are needed. “A technical platform for privacy protection…must be applied within the context of a framework of enforceable data protection rules, which provide a minimum and non- negotiable level of privacy protection for all individuals. Use of P3P in the absence of such a framework risks shifting the onus primarily onto the individual user to protect himself” – European Commission, 1998.