Understanding P3P - Off Target (Page 4 of 5 )
While the premise of P3P is certainly intriguing, the standard has nevertheless come in for its fair share of flak. Critics argue that P3P is a toothless tiger, often missing the forest for the trees, and is not likely to make any significant contribution to the privacy debate. Here's why:
1. P3P does not provide any enforcement mechanism for the statements made in a site's privacy policy. Its focus is more on communicating stated policy accurately, thereby allowing for more informed decision-making by the user, and less on verifying the implementation of the policy.
Critics argue that policies which cannot be verified or enforced in any way are largely useless, and suggest that P3P should also address enforcement issues. Since this takes P3P into the legal arena (enforcement of privacy policies is closely tied to the laws prevailing in different legal jurisdictions), and introduces a whole new level of complexity, it's unlikely that this will happen any time soon.
2. Web sites which lack P3P-compliant policies will likely be blocked by P3P-aware Web browsers. Or, to put it another way, a Web site which lacks a privacy policy might have difficulty attracting eyeballs to its pages, merely because the user's browser denies access to the site. The solution: requiring sites to publish P3P policies, effectively making it mandatory. Critics argue that this imposition is unacceptable.
3. By requiring users to define their privacy "comfort level", and using this definition as the decision criteria for accessing Web sites, critics argue that P3P makes the Web experience more complex. This complexity could end up hindering, rather than helping, new users.
Despite these and other criticisms, the W3C is moving forward with P3P, expecting it to evolve further in the future, growing and expanding into a platform that meets all user requirements in an efficient and simple manner.
Next: Endgame >>
More Administration Articles
More By Vikram Vaswani, (c) Melonfire
/ 1 
