W3C pressrelease - P3P

Pressrelease: World Wide Web Consortium (W3C) publicerar P3P 1.0 som en W3C-standard

16:e april 2002

W3C meddelar att Platform for Privacy Preferences nu är en W3C-standard ("W3C Recommendation"). P3P är ett XML-baserat språk som webbplatser kan använda för att beskriva hur de hanterar personlig information. Mer information kan fås av Janet Daly, +1.617.253.5884.

---

World Wide Web Consortium (W3C) publicerar P3P 1.0 som en W3C-standard.

P3P ger användare större möjligheter att bestämma hur personlig information användes på webben.

Kontakt för Amerika och Australien -- Janet Daly, janet@w3.org, +1.617.253.5884 or +1.617.253.2613
Kontakt för Europa -- Marie-Claire Forgue, mcf@w3.org, +33.492.38.75.94
Kontakt för Asien -- Saeko Takeuchi saeko@w3.org, +81.466.49.1170

Denna pressrelease och 20 intyg som stöder P3P finns tillgängligt på webben:

http://www.w3.org/2002/04/p3p-pressrelease
http://www.w3.org/2002/04/p3p-testimonial

P3P-standarden: http://www.w3.org/TR/2002/REC-P3P-20020416/

http://www.w3.org/ -- 16 April 2002 -- World Wide Web Consortium (W3C) har publicerat Platform for Privacy Preferences (P3P) 1.0 som en W3C-standard ("W3C Recommendation"). Den beskriver ett XML-baserat språk för att uttrycka regler för hantering av personlig information, resultatet av en överenskommelse mellan aktörer från alla sektorer av samhället. I och med att P3P är en W3C-standard är den ett stabilt dokument, bidrar till interoperabilitet på webben, och har granskats av W3C:s medlemmar, och de stöder att den blir allmänt använd. P3P har tagits fram av en arbetsgrupp sammansatt av förespråkare för personlig integritet, ledande leverantörer av webb-teknik, dataskyddsmyndigheter och globala ehandelsföretag.

"Att en webbplats har regler för hantering av personliga data är bra, men att kunna förstå sådana regler är bättre," säger Tim Berners-Lee, ledare för W3C. "P3P fungerar som en hörnsten i arbetet att ta fram lösningar för att förbättra skydd och säkerhet på webben."

P3P hjälper användare att göra förnuftiga val.

"Platform for Privacy Preferences" (P3P) 1.0, utvecklat av W3C, erbjuder en standardiserad, enkel och automatisk metod för användare att få mer makt över hur personlig information användes av de webbplatser de besöker.

På den lägsta nivån är P3P en standardiserad uppsättning flervalsfrågor som täcker alla betydelsefulla aspekter på en webbplats integritetspolicy. Svaren på dessa frågor utgör en maskinläsbar version av webbplatsens integritetsregler, en entydig representation av hur platsen hanterar personlig information om sina användare. Webbplatser med P3P-stöd tillhandahåller denna information på ett standardiserat maskinläsbart sätt.

Webbläsare med P3P-stöd kan "läsa av" denna representation automatiskt, och jämföra det med användarens egna regler för personlig information ska hanteras. P3P förstärker användarens makt genom att göra regler tillgängliga, i en form som användare förstår, och, mest viktigt, gör det möjlig för användaren att agera på basis av vad som presenteras.

"Med P3P gör vi det nu möjligt att utveckla en helt ny typ av webbtillämpningar och webbtjänster som hjälper användare att skydda sina personliga data, samtidigt som vi gör ehandelstranskationer smidigare," säger Daniel J. Weitzner, ledare för W3C:s arbetsområde för teknologi och samhälle. "Det faktum att webben nu har ett standardiserat språk för att beskriva sätt att hantera personlig information kommer att möjliggöra en ny nivå av förståelighet i webbbaserad interaktion. De nya mekanismerna för att hantera personlig information kommer att vara av stor betydelse för mobil och andra former för webbaccess."

P3P är en produkt av internationellt samarbete

P3P har tagits fram genom en konsensus-baserad process. Deltagare i utvecklandet av P3P representerar framstående organisationer inom näringsliv, offentliga sektorn och forskning. Arbetet har letts av Dr. Lorrie Cranor från AT&T Labs-Research; och bland de deltagande organisationerna återfinns Akamai Technologies; American Express; America Online, Inc.; AT&T; AvenueA; University of California, Irvine; Center for Democracy and Technology, USA; Charles Schwab Consultants; Citigroup; Doubleclick Inc.; Electronic Network Consortium (ENC), Japan; Engage; Ericsson; GMD/Fraunhofer; Hewlett Packard Company; IBM; IDcide; Independent Center for Privacy Protection Schleswig-Holstein, Germany; Internet Education Foundation; Joint Research Center of the European Commission; Microsoft; NCR; NEC; Ontario Office of Information and Privacy; PrivacyBank; liksom många inbjudna experter på personlig integritet. Många organisationer har gjort uttalanden som stöder P3P, och några har meddelat att de arbetar med implementeringar.

"Internationellt deltagande har varit en nyckelfaktor i arbetet att ta fram en begreppskatalog för personlig integritet, begrepp som svarar upp mot behov och krav," förklarar Rigo Wenning, ledare för aktiviteten personlig integritet. "Arbetsgruppen har också dragit nytta av aktivt deltagande från närningsliv, myndigheter och forskare. Definitionen av P3P tar hänsyn till mångfalden av integritetsramverk runt världen."

Nästa steg för P3P fokuserar på implementation

W3C:s lista över P3P-stödjande webbplatser och programvara för P3P fortsätter att växa, och innehåller både insticksprogram ("plug-ins") och webbläsare, generatorer för P3P-regler, och en P3P-validator.

W3C:s arbetgrupp P3P planerar att fortsätta att erbjuda resurser och hjälp till implementatörer som önskar utvidga sina webbplatser med P3P-funktionalitet. Förutom P3P:s hemsida så finns andra användbara resurser som p3ptoolbox.org (i samarbete med Internet Education Foundation), and av JRC framtagna demonstrator och en forskningsplattform för P3P.

Om World Wide Web Consortium (W3C)

W3C skapades för att leda webben till sin fulla potential, genom att utveckla gemensamma protokoll som förstärker dess utveckling och framtidssäkrar dess interoperabilitet. Det är ett internationellt konsortium, lett av MIT Laboratory for Computer Science (MIT LCS) i USA, Institut national de recherche en informatique et en automatique (INRIA) i Frankrike och Keio University i Japan. De tjänster som konsortiet erbjuder är bl. a. informationskällor om webben, riktat till såväl utvecklare som användare, och prototyper och demonstratorer som visar användning av ny teknologi. Konsortiet har f.n. mer än 500 medlemmar. Mer information finns på http://www.w3.org/ .

P3P är ett av W3C registrerat varumärke.

Följande uttalanden stöder P3P 1.0.

America Online Inc.; AT&T; Carnegie Mellon University; Center for Democracy and Technology, USA; DoubleClick; Ericsson, Hewlett Packard Company; Information Commissioner for the United Kingdom; Information and Privacy Commissioner, Ontario, Canada; Joint Research Centre of the European Commission; IBM; Microsoft; NEC; Privacy Council; The Proctor & Gamble Company; Independent Centre for Privacy Protection, Schleswig-Holstein, Germany; Commissioner for Data Protection, Brandenburg, Germany; University of Kassel; and Vanderbilt University

In French: INRIA

In German: Unabhängiges Landeszentrum, Datenschutz Schleswig-Holstein

• AOL has always regarded consumer privacy as one of our most important values. In addition to supporting robust self-regulatory initiatives and industry best practices, we strongly support technologies like P3P that empower consumers to personalize their online experience and make informed choices about their privacy. We commend W3C for the work it has done on this important issue, and we look forward to continuing to work with W3C and other interested organizations on ways to enhance and implement the P3P standard and other similar technologies.
  -- Tatiana Gau, Senior Vice President, Integrity Assurance, America Online Inc.
• Customers have long relied on AT&T as a privacy leader to make responsible decisions about how to use and protect customer information. P3P takes privacy control to the next level, by empowering consumers to make their own privacy decisions in real time as they surf the Web. AT&T is proud to have been a leader in the W3C efforts to develop and support P3P. We encourage consumers to try our free Privacy Bird software, which uses P3P to automatically read online privacy policies and compare them with the user's privacy preferences.
  -- Michael C. Lamb, Chief Privacy Officer, AT&T
• Our study of P3P suggests that it provides an important first step in automating personal information privacy assurances on the web. My grandfather once told me, "never take a move back in Chess." I believe that P3P is a move that can be confidently made forward that we will not have to take back. While P3P lacks a number of features that must ultimately be a part of automating personal information privacy assurances, our studies, in analysis, software, and in teaching, have suggested that P3P can be adopted with confidence that the essential characteristics of the platform will be carried forward. I certainly recommend its adoption by any group seeking to facilitate communications about privacy assurances.
  -- Bob Thibadeau, Director, Internet Systems Laboratory, School of Computer Science, Carnegie Mellon University
• CDT believes that the P3P 1.0 Specification is an important step in data protection and privacy because it promotes greater transparency among Web sites and their privacy practices. While P3P alone will not resolve each and every critical aspect surrounding privacy issues, the use of automated privacy policies will help facilitate the clear understanding of privacy practices before users agree to hand over personal information to Web sites, which is an essential first step. P3P provides the reliable foundation for much needed frameworks incorporating additional privacy enhancing technologies; better consumer education; and baseline legislation to create a national standard for privacy expectations online.
  -- Ari Schwartz, Policy Analyst, Center for Democracy and Technology (USA)
• P3P has already had a dramatic effect on the practices of Web sites by causing thousands of companies to take a hard look at their data practices. Businesses that never addressed data retention in their privacy policies are now realizing that they need to address this in their P3P statements. Just being required to make the statement "I keep your data forever" has prodded many businesses to implement purging policies! Similarly, sites are now more carefully self-auditing and describing their cookie practices. The result in just a few months has been much more accuracy and transparency for users.
  -- Jules Polonetsky, Chief Privacy Officer, DoubleClick
• Privacy is important to Ericsson. We have been working on ways to make sure that the users privacy is safeguarded, while enabling convenience. There is often a trade-off between convenience and the user's right to privacy and control. Users in the mobile Internet are extra sensitive to privacy violations, as well as extra interactions. We believe that any standard must address these questions, and we feel P3P is a good first step.
  
  Ericsson has been involved in the development of P3P. We have been working at how to use P3P to make sure that user data delivery in the mobile Internet is done in a way that safeguards the users privacy. Ericsson looks forward at continuing to assist the P3P working group as P3P gains more traction in the mobile Internet.
  -- Helena Lindskog, System Manager and Lecturer, Ericsson Infotech
• P3P 1.0 is the set of building blocks for consistency in declaring data collection practices across the World Wide Web. We believe it will be become the standard for privacy interoperability. HP has implemented P3P on its major e-commerce sites, including hpshopping.com, and will complete our implementation across hp.com over the next several months. HP believes that P3P is a key piece of the solution for better serving customer privacy needs through technology, baseline privacy legislation, third party oversight and consumer education.
  -- Barbara Lawler, Chief Privacy Officer, Hewlett Packard Company
• Can I say how much I welcome this work which is a practical step to providing individuals with control over their information? I hope P3P will prove to be a useful part of the package of technical, self-regulatory and legal measures to protect personal privacy on the World Wide Web.
  -- Elizabeth France, Information Commissioner for the United Kingdom
• The Platform for Privacy Preferences (P3P) provides a valuable service to those online - it provides openness and transparency of privacy policies, where they were once lacking. P3P also gives users increased control over their personal information and brings a common vocabulary to Web privacy policies. Awareness of online privacy issues among Web site developers has risen considerably due to the work of the P3P team. Consequently, an ever-increasing number of Web sites are becoming P3P-enabled. Consumer privacy expectations continue to remain high, and P3P plays an important role in addressing some of those expectations. My office remains committed to the development of P3P and other privacy enhancing tools for the Web.
  -- Ann Cavoukian, Ph.D., Information and Privacy Commissioner, Ontario, Canada
• P3P is proving itself to be a workable tool for individuals to better manage their privacy preferences online. IBM is pleased to have supported this effort through the development of the standard itself as well as P3P-compliant software.
  -- Martin Presler-Marshall, P3P Working Group co-chair and co-author, IBM
• As an active participant on the W3C P3P working group, the Joint Research Centre welcomes the P3P standard as one important technical solution in improving trust relationships between consumers and e-business, in particular as a way of providing unambiguous, machine processable information on privacy practices. We will be continuing to contribute to support the standard and its implementations through work on our P3P demonstration and research platform. Related to this, we are also maintaining a P3P Resource center which aims to give users hands on experience of the standard's implications.
  -- Giles Hogben and Marc Wilikens, Cybersecurity Research Group, Joint Research Centre of the European Commission
• Microsoft salutes the W3C P3P committee. We've been pleased to be part of this industry effort to produce a technology that helps Internet surfers select their own level of privacy protection in dealing with Web sites. P3P takes a step towards providing consumers with more choices, so they have a better understanding about the information that is collected about them. In Microsoft's implementation of P3P in our browser technology, the settings facilitate an understanding of what takes place in the background when consumers visit sites on the Web. From a design perspective, it is very important for us to give consumers a privacy choice and control model, and also maintain the quick, productive and efficient browser software experience that people have come to expect. P3P provided the flexibility for us to strike that balance.
  -- Richard Purcell, Privacy Officer, Microsoft Corporation
• NEC is pleased to see P3P 1.0 become a W3C Recommendation. P3P provides a standard way for web sites to disclose their privacy policies, and thus enables individuals to control their personal information while using the Web. NEC has been supporting W3C's P3P activity for years - the P3P validator service is now a common Web site check tool, and our ISP service "BIGLOBE" implemented P3P privacy policies on more than thirty web sites.
  -- Fumio Onimaru, Senior Manager, Technical Standards, External Relations Division, NEC Corporation
• Privacy Council is fully committed to the P3P specification developed by the W3C. We believe that P3P is one of the most important achievements in privacy enabling technology for the Internet. It provides a clear and concise mechanism for regulating consumer preferences when browsing or procuring goods and services from a Web site. In our opinion, P3P will make it easier for every Web site to comply with the spirit of privacy regulations by creating electronically readable privacy policies. It also establishes baseline accountability for Internet businesses to disclose privacy policies that truly reflect actual practices.
  -- Dr. Larry Ponemon, CEO, Privacy Council
• Proctor & Gamble is implementing P3P because it promises to significantly help consumers control how their personal information is gathered and used by Web sites. P3P provides a common, machine-readable language for privacy, allowing consumers to easily read, understand, and compare the privacy policies of Web sites they visit. This in turn will build their trust and confidence that their personal information will be managed in accordance with their wishes.
  -- Mel Peterson, Privacy Manager, The Proctor & Gamble Company
• P3P is the first international effort to integrate privacy protection into the information technology of the global networks. This is a starting point to achieve more transparency, more choice and more orientation for the citizens on the Internet. Now, we have to implement and to disseminate P3P. In the interest of the human right of privacy, there have to be further efforts in standardization.
  -- Dr. Thilo Weichert, Independent Centre for Privacy Protection Schleswig-Holstein, Germany
• P3P is a necessary but not sufficient condition for privacy. The Platform for Privacy Preferences (P3P) is the most sophisticated proposal that has been made from a technical perspective so far to enhance privacy protection on the Web... [while] it cannot replace a regulatory framework of legislation, contracts, or codes of conduct... it [can] operate within such a framework.
  -- Dr. Alexander Dix, LL.M., Commissioner for Data Protection and Access to Information, State of Brandenburg, Germany
• The recommendation of the P3P-Standard is an important step towards privacy protection in the Internet. It will enhance the transparency of data processing and improve the opportunity of the users to choose services according to their privacy protection behavior. It will increase privacy protection awareness of all people involved. And it gives consumer associations or privacy protection officers a chance to design and distribute popular user preferences "and popular policies and to contribute in this way to a privacy protection culture. The recommendation, however, does not support all privacy requirements in Germany and Europe. But the standard allows individual further developments, that meet further requirements of privacy protection. The recommendation is a first practical step with further steps to follow.
  -- Prof. Dr. Alexander Rossnagel, University of Kassel, Germany
• As one of the premiere research centers in the world for the study of digital commerce, eLab (http://elab.vanderbilt.edu/ ) recognizes the great importance and need for privacy policy standards. Digital businesses need to know who their customers are and these customers need the ability to control how their information is released to others. P3P addresses both these needs by providing communication about data privacy practices between customers and Web sites as well as enhanced user control over the use and disclosure of personal information. eLab support 's P3P's goal to reach a state of privacy equilibrium where the technology supported as a standard would allow consumers to take advantage of custom Web sites and control the information they share.
  -- Donna Hoffman, Professor of Marketing and Co-Director and Co-Founder of eLab, Vanderbilt University
• P3P est une recommandation très importante parce qu'elle apporte une solution standardisée à l'amélioration du contrôle des infomations personnelles sur le Web. P3P permet d'augmenter la confiance des utilisateurs, et par voie de conséquence, d'augmenter le nombre d'usagers du Web. Cette confiance va également permettre l'innovation puisqu'il faut s'attendre à l'émergence de nouveaux services innovants, qui vont bénéficier à la fois aux utilisateurs finaux et aux transactions commerciales.
  -- Gérard Giraudon, Directeur du Développement et des Relations Industrielles, INRIA
• P3P ist der erste internationale Ansatz, Datenschutz in informationstechnische Produkte im Kontext der globalen Vernetzung zu integrieren. Damit ist ein Anfang gemacht, um mehr Transparenz, mehr Wahlfreiheit und mehr Bürgerorientierung im Internet zu realisieren. Nun geht es darum, P3P zu implementieren und zu verbreiten. Weitere Standardisierungsbemühungen im Interesse des Grundrechtsschutzes müssen folgen.
  -- Dr. Thilo Weichert, Unabhängiges Landeszentrum, Datenschutz Schleswig-Holstein