Vendors huddle over privacy
- — 22 June, 2000 16:46
To quell some of the consumer privacy concerns now tied to e-commerce, a group of high-profile vendors gathered in New York Wednesday to test a new browser standard designed to filter through website privacy policies.
Dubbed P3P, for the Platform for Privacy Preferences, the new standard was developed as a common way to let consumers browse websites without concerns over whether information is being collected about them or how that personal information will be used.
Microsoft used the event to debut its decision to incorporate the P3P standard in its next version of Windows, due out next year. Microsoft has code-named the new product "Whistler."
The P3P standard has been more than four years in the making and was spearheaded by the W3C (World Wide Web Consortium) and major vendors, including Microsoft, AT&T and IBM.
At the New York event Microsoft showed off technologies, including a privacy statement generator that lets website operators churn out P3P-compliant privacy statements.
Microsoft also unveiled a P3P-enabled version of Explorer and a P3P-readable version of its own corporate privacy statement.
Microsoft has been working closely with AT&T Labs and the W3C standards-setting body to develop the technology.
W3C's P3P work is aimed at giving consumers more say in how their personal information is used, said Daniel Weitzner, W3C's technology and domain leader, in Cambridge, Massachusetts.
"This is a technical standard designed to give users more control over their privacy and to make it easier to extend that kind of control to users which will build more trust in e-commerce," Weitzner said.
A W3C team headed up by an executive at AT&T Labs developed P3P as a plain-vanilla capability that sifts through XML tags tied to elements contained in a corporate privacy statement.
Those tags then trigger privacy settings matched to a user's set of privacy preferences. For example, an icon similar to the SSL encryption key - prevalent in e-commerce transactions - may pop up to indicate that a site matches a user's privacy tolerance level.
"At the interoperability session, we will be showing a browser helper object that works with Microsoft Explorer as a plug-in," said Lorrie Cranor, of AT&T Labs-Research, in Basking Ridge, New Jersey, and chair of the P3P Specification Group.
The W3C intentionally made P3P a plain-vanilla standard and asked vendors to develop specific products on their own. The Wednesday session will give those companies a chance to check out each other's P3P offerings and test interoperability.
The ultimate goal is to derive an easy way for consumers to relax fears about data collection and privacy infringement while online, sources said.
"Right now, consumers have to hunt for privacy documents, and that can sometimes be scary when they see all they will have to read and sort through. Hopefully this will be a way they can see easily how a site matches their personal preferences," Cranor said.
Cranor and others said the cost and time investment companies will have to commit to in order to make their corporate Web sites P3P compliant will be minimal.
Other companies attending the interoperability session include Citigroup, PrivacyBank, NCR, NEC, Phone.com, and Nokia.