Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

Published byAbraham Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01."— Presentation transcript:

1 Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01

2 Privacy Context Online Privacy a concern: Online Privacy a concern:  Consumers  Advocacy groups  Governments Users often do not understand: Users often do not understand:  What data is being collected  How it is being used A primary focus for online privacy has been cookies A primary focus for online privacy has been cookies  Cookies are not inherently bad

3 How does P3P fit in? P3P is the work of the Worldwide Web Consortium; currently in candidate recommendation phase P3P is the work of the Worldwide Web Consortium; currently in candidate recommendation phase Creates a common vocabulary and syntax for expressing Web site data management practices Creates a common vocabulary and syntax for expressing Web site data management practices Machine-readable format which can be deployed on any web-server Machine-readable format which can be deployed on any web-server Allows user agents (such as browsers) to act directly on a user’s behalf, or facilitate decision-making, regarding privacy preferences Allows user agents (such as browsers) to act directly on a user’s behalf, or facilitate decision-making, regarding privacy preferences

4 The P3P vocabulary Who is collecting data? Who is collecting data? What data is collected? What data is collected? For what purpose will data be used? For what purpose will data be used? Is there an ability to opt- in or opt-out of some data uses? Is there an ability to opt- in or opt-out of some data uses? Who are the data recipients (anyone beyond the data collector)? Who are the data recipients (anyone beyond the data collector)? To what information does the data collector provide access? To what information does the data collector provide access? What is the data retention policy? What is the data retention policy? How will disputes about the policy be resolved? How will disputes about the policy be resolved? Where is the human- readable privacy policy? Where is the human- readable privacy policy?

5 P3P is part of the solution P3P 1.0 helps users understand privacy policies, but is not a complete solution  Seal programs and regulations help ensure that sites comply with their policies help ensure that sites comply with their policies  Anonymity tools reduce the amount of information revealed while browsing reduce the amount of information revealed while browsing  Encryption tools secure data in transit and storage secure data in transit and storage  Laws and codes of practice provide a baseline level for acceptable policies provide a baseline level for acceptable policies

6 How do I create a privacy statement? Evaluate existing web-site practices Evaluate existing web-site practices Write literal expression of these behaviors in natural language Write literal expression of these behaviors in natural language Review statement with legal counsel and marketing departments Review statement with legal counsel and marketing departments Post conspicuously on web-site, with “one-click” access Post conspicuously on web-site, with “one-click” access Transform natural language privacy statement into vocabulary and syntax of P3P Transform natural language privacy statement into vocabulary and syntax of P3P

7 Types of P3P-based Policies Verbose P3P Policy (Mandatory) Verbose P3P Policy (Mandatory)  XML file with complete description of site privacy policies Compact P3P Policy (Optional) Compact P3P Policy (Optional)  1-line description of site privacy policy  Found in HTTP Header  Served by the provider of the cookie

8 Policy Example contoso.com: contoso.com:  Analyzes behavior of individual users Purpose = Purpose =  Provides user info to third parties Recipient = Recipient =  Collects user email address Category = Category =  Provides no opt in / out

9 Policy Example (cont) <STATEMENT> </STATEMENT>IVA OTR ONL Compact Policy

10 Compact Policy Example Policies could have more tokens, such as which data is available for access Policies could have more tokens, such as which data is available for access Compact Policy: P3P: CP=“IVA OTR ONL”

11 IE 6 P3P Implementation Goals End-user goals End-user goals  Unobtrusive  Works out of the box  Easy to understand  Flexible for power users Site goals Site goals  Not disruptive to web business model  Easy to implement any changes  Help sites boost consumer confidence

12 IE 6 P3P Implementation Focus on providing more information about cookies Focus on providing more information about cookies  Help users make choices  Create smarter automated behavior  Discriminate according to purpose

13 Cookie Management End user experience in IE browsers before IE 6: End user experience in IE browsers before IE 6:  “Reject” all, “accept” all, “prompt”  Cookies login, customization, advertising login, customization, advertising How do you know? How do you know?  Same action applied to all cookies indiscriminately

14 Status Icon: First Encounter

15 User Experience Help Topics Explains privacy issues with cookies Explains privacy issues with cookies Explains how to change privacy settings

16 User Experience Status Icon Web site uses cookies Web site uses cookies Privacy Policies don’t match settings Privacy Policies don’t match settings Cookies are restricted Cookies are restricted User notified User notified

17

18

19

20 User Experience Privacy Settings Privacy Tab slider Privacy Tab slider  Medium = Default  Highest = Block All Cookies 1 st and 3 rd 1 st and 3 rd  Lowest = Allow All Cookies 1 st and 3 rd 1 st and 3 rd  Import XML Privacy settings file XML Privacy settings file

21

22

23

24

25

26

27

28

29

30

31

32 User Experience Advanced Privacy Settings Overrides automatic cookie handling Overrides automatic cookie handling Control over 1 st & 3 rd Party cookies Control over 1 st & 3 rd Party cookies Users can exempt session cookies from first two options Users can exempt session cookies from first two options

33 Additional Information MSDN article MSDN article  http://msdn.microsoft.com/ie and read the material on IE 6 privacy http://msdn.microsoft.com/ie Contact privinfo@microsoft.com with questions Contact privinfo@microsoft.com with questionsprivinfo@microsoft.com privinfo@microsoft.com W3C: www.w3c.org/P3P W3C: www.w3c.org/P3Pwww.w3c.org/P3P  Deployment guide http://www.w3.org/TR/p3pdeployment http://www.w3.org/TR/p3pdeployment  Candidate Recommendation http://www.w3.org/TR/P3P/ http://www.w3.org/TR/P3P/

34 Call to Action Express full privacy policy via the P3P syntax Express full privacy policy via the P3P syntax Deploy compact policies Deploy compact policies Read MSDN IE 6 privacy article Read MSDN IE 6 privacy article  Also browse through W3C P3P literature Work with your external partners to have them deploy compact policies Work with your external partners to have them deploy compact policies

Download ppt "Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01."

Similar presentations

1 Long term changes to P3P Long Term Future of P3P Workshop Giles Hogben Joint Research Centre European Commission.

1 Long term changes to P3P Long Term Future of P3P Workshop Giles Hogben Joint Research Centre European Commission.
U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
P3P 20031030 Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.

P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.

P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.

Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.

Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.

An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Similar presentations

Ads by Google