Privacy on the World Wide Web

Page 1 - Introduction to Privacy and P3P

Skip to navigation

Security Camera, representing Privacy (P3P)
Dec
15

No one likes their privacy being invaded, and whilst on the web it should not be an exception, so you should implement a P3P policy to give customers satisfaction that you respect their privacy. It will also give them some indication of what data you are collecting, or plan to collect.

As with most things on the web, the W3C have an initiative for standardising how privacy policies should be dealt with on websites. This, they refer to as the P3P Initiative.

First of all, what does privacy on the web actually mean? This is actually a question that is in part answered by your own privacy policy. Having a privacy policy on your site gives your users or customers the confidence that any details you collect about them will be used only for the purpose that they were collected and will not be given out to 3rd parties without their permission. It is usual for a privacy policy to state what information is gathered automatically, and what information is taken from their input both securely and insecurely. In the case of the latter it is usually a case that it is anonymous statistics - both of which you can specify individually in an XML file.

Now we know what's expected of it, let us look at our first privacy policy.

<?xml version="1.0" encoding="utf-8"?>
<policies xmlns="http://www.w3.org/2002/01/P3Pv1">
  <policy name="Privacy" discuri="http://www.example.com/policy.html" opturi="http://www.example.com/policy.html" xml:lang="en">
    <entity>
      <data-group>
        <data ref="#business.name">Example Company</data>
        <data ref="#business.contact-info.online.uri">http://www.example.com</data>
      </data-group>
    </entity>
    <access>
      <none />
    </access>
    <disputes-group>
      <disputes resolution-type="service" service="http://www.example.com/policy.html" short-description="Disputes">
        <remedies>
          <correct />
        </remedies>
      </disputes>
    </disputes-group>
    <statement>
      <consequence>
      </consequence>
      <purpose>
        <admin required="always" />
        <develop required="always" />
      </purpose>
      <recipient>
        <ours />
      </recipient>
      <retention>
        <indefinately />
      </retention>
    </statement>
  </policy>
</policies>

The above is a sample of XML that is used to describe a group of policies. This particular example only contains one policy. After the XML declaration we have a tag to specify that what follows is 1 or more policies also specifying the namespace for P3P version 1. After that we have the definition of the policy called "Privacy" followed by two URLs of where a written description of it can be found. Inside this the first block, entity refers to the data group(s) that the data is held by. In this example there is one data group with their contact details being specified as being called "Example Company" and their website.