Vendors Tout Privacy Spec

SAN MATEO (06/23/2000) - Consumer fear of the potential for privacy invasion in corporate data-collection and sharing practices has fueled support for a new browser specification on display this week.

Microsoft Corp., IBM Corp., and AT&T Corp. were among a cast of vendors that gathered recently in New York to showcase products built around the standard, dubbed P3P for the Platform for Privacy Preferences.

It was at this event -- designed to show the degree to which new P3P products from a pack of companies interoperate -- that Microsoft declared its next version of the Windows operating system, Whistler, will be P3P-enabled.

The World Wide Web Consortium (W3C), in Cambridge, Massachusetts, has spent years spearheading P3P and encouraging vendors to de-velop products around the standard.

The idea was to come up with a common way to let consumers browse Web sites without being concerned whether information is being collected about them or how personal information will be used.

"This is a technical standard designed to give users more control over their privacy and to make it easier to extend that kind of control to users, which will build more trust in e-commerce," said Daniel Weitzner, W3C's technology and domain leader.

A W3C team headed by Lorrie Cranor, an executive at AT&T Labs, in Basking Ridge, New Jersey, developed P3P as a vanilla capability that sifts through XML tags tied to elements contained in a corporate privacy statement. Those tags then trigger privacy settings matched to a user's set of privacy preferences.

For example, an icon similar to the SSL (Secure Sockets Layer) encryption key -- prevalent in e-commerce transactions -- may pop up to indicate that a site matches a user's privacy tolerance level.

At the New York event, Microsoft showed off technologies such as a privacy statement generator, which lets Web site operators churn out P3P-compliant privacy statements.

Microsoft also unveiled a P3P-enabled version of Explorer and a P3P-readable version of its own corporate privacy statement.

A handful of P3P critics spoke out against the standard, saying it is not enough to fend off privacy infringements.

P3P "builds on the very weak 'notice and choice' approach that is increasingly asking consumers to trade their privacy for the benefits of electronic commerce. It is not fair to force consumers to make this choice," said Marc Rotenberg, executive director at Washington-based Electronic Privacy Information Center.

W3C officials and industry executives were quick to acknowledge that P3P is not a cure-all for online privacy issues now swirling through industry headlines.

"While we wholeheartedly support P3P, we are not unrealistic in thinking that it is a magic silver bullet that will take the place of good privacy policies, consumer education, and enforcement of current law," said Greg Hampson, P3P project manager for Microsoft's privacy group, in Redmond, Washington.

"Right now, consumers have to hunt for privacy documents, and that can sometimes be scary when they see all they will have to read and sort through.

Hopefully, this will be a way they easily can see how a site matches their personal preferences," said AT&T's Cranor.

Cranor and others said the cost and time investment companies will have to make in order to get their corporate Web sites P3P-compliant will be minimal.

Other companies at the event included Citigroup Inc., PrivacyBank, NCR Corp., NEC Corp., Phone.com Inc., and Nokia Corp.

Join the newsletter!

Error: Please check your email address.

More about AT&TCitigroupElectronic Privacy Information CenterIBM AustraliaMicrosoftNCR AustraliaNECNokiaW3CWorld Wide Web Consortium

Show Comments