Microsoft's Internet Explorer 6 added a lot of features for users, but it also introduced some potential headaches for web builders. One of the biggest challenges is the way that IE 6 handles cookies. IE 6 supports P3P, the Platform for Privacy Preferences. This is a W3C recommendation that is designed to allow web user agents, such as web browsers, to automatically interpret and act upon the privacy policies of web sites.
This has posed both tactical and strategic questions to e-businesses. First, companies have had to understand how IE's implementation affects the handling of cookies. Some companies have found that their cookies were being blocked or that functionality at their sites was diminished because of IE 6's cookie handling.
It is also forcing companies to examine the larger issue of web privacy. P3P exposes your privacy practices in a standardized, machine-readable format. This increases the visibility and actionability of privacy policies, encouraging companies to audit their privacy practices and even update their policies.
The P3P specification was released in April. It is being adopted quickly, considering the complexity of implementing it. So far about 20% of the top 500 web sites are using it. This is a fairly rapid takeup of a new web technology, especially when you consider how slowly standards like XHTML and CSS are being adopted.
High on P3P
The W3C is pushing the P3P standard, for several reasons. According to Tim Berners-Lee, "P3P serves as the keystone to resolving larger issues of both privacy and security on the Web." P3P forces companies to express their privacy practices in a common language, instead of in complex legalese. This not only makes privacy policies easier to understand, but makes it possible for machines to interpret them.
The semantics without the pedantics
Another reason that Berners-Lee is excited about P3P is that it represents a widely deployed example of his concept of the Semantic Web. The Semantic Web is the idea that information can be represented on the Web in standardized formats that user agents can understand. This makes it possible to create software that cannot just display information from a variety of sites, but interpret what the information means. This idea is one of the main concepts underlying web services.
Unfortunately, both the Semantic Web and web services have been bogged down with pedantics. They often seem to be tailored to academic and technical questions, rather than with solving business problems. P3P, on the other hand, serves as an example of the Semantic Web that has successfully been put into practice, and supported by many companies.
None of these tasks are particularly difficult. The stumbling blocks for implementing P3P are the business and legal issues that are involved. Standard privacy policies are difficult enough to craft. They can involve input from leaders from a variety of business units, marketing areas, E-business teams and legal consultants.
Here are some of the questions that must be answered in order to craft a P3P policy:
* What information is collected on the site?
* How can this information be categorized?
* How is this information used and by whom?
* How is it kept secure? Who has access to it?
* What backs up the stated privacy practices?
The irony of P3P
One of the ironies of P3P is that P3P does not protect your privacy. It doesn't limit how sites use your personal information. P3P just defines a way for companies to express their practices in a form that software can understand. This leaves it up to the user, and the user agent, such as a web browser, to control how private information is used.
It also states ways this information will be used:
* To contact you by e-mail and postal mail unless you opt-out* To contact you by phone, unless you opt-out* To deliver customized adsWhile IE6's support for P3P doesn't offer much in the way of privacy protection, it is important as a first step. Other software, including Netscape 7, now offers P3P support. As more companies support P3P, the variety and capabilities of these user agents is sure to expand.