Worried about greedy online merchants snooping around your harddrive when you visit their e-stores? Wondering how much personalinformation a site actually collects and stores about you? You might beinterested in P3P, an upcoming privacy standard that hopes to bring greatertransparency to the way personal information is used over the Web.
Privacy on the Web has always been an important bugbear for Internet users.
Used to be, most Web sites couldn't care less who you were, where you lived, or what your email address was. Then came the Internet boom, and suddenly everyone and his uncle was launching a Web site, a portal or an online store. And, in the war for eyeballs and clicks, your privacy suddenly became fair game - many Web sites started requiring users to provide detailed personal information before allowing them access, and using (sometimes even sharing) this information for targeted advertising (aka spam).
Faced with the potential loss of his privacy, and deluged with a constant barrage of banner ads and unsolicited commercial email, Joe Surfer hit back. The result: P3P.
P3P (not be confused with PGP or PHP) is an acronym for the Platform for Privacy Preferences Project, a W3c initiative aimed at improving privacy practices on the Web. It's goal, though lofty, is pretty simple: a clearly-defined, open standard that defines how personal information is collected and used over the Web.
Needless to say, this is harder than it sounds. Web sites, many of which require demographic data to sell ad space or decide business strategy, tend to get overbearing and pushy when it comes to asking for personal details, sometimes refusing access to their content unless the user first fills up a detailed questionnaire. And, at the other end of the spectrum, Web users are concerned about the loss of privacy that occurs when these sites play fast and loose with the personal information they have in their massive databases.
P3P attempts to provide a solution to the problem, by providing greater information to Web users about how Web sites handle their personal information. It addresses privacy concerns at two levels, providing Web sites with a standard way of defining and publishing their privacy policies, and providing Web users with a way to access these policies and make informed choices about releasing personal information to the requesting party.
Over the next few pages, I'll be taking a closer look at P3P, explaining its rationale and goals, how it works and the problems associated with it. I'll warn you at the outset itself that the P3P specification is still under development, so things may change over the next few months - however, the following material should be sufficient to explain the basics.