W3C pressrelease - P3P
Pressrelease: World Wide Web Consortium (W3C) publicerar P3P 1.0 som
en W3C-standard
16:e april 2002
W3C meddelar att Platform for Privacy Preferences nu är en
W3C-standard ("W3C Recommendation"). P3P är ett XML-baserat språk som
webbplatser kan använda för att beskriva hur de hanterar personlig
information. Mer information kan fås av Janet Daly, +1.617.253.5884.
---
World Wide Web Consortium (W3C) publicerar P3P 1.0 som en W3C-standard.
P3P ger användare större möjligheter att bestämma hur personlig
information användes på webben.
Kontakt för Amerika och Australien --
Janet Daly, janet@w3.org, +1.617.253.5884 or +1.617.253.2613
Kontakt för Europa --
Marie-Claire Forgue, mcf@w3.org, +33.492.38.75.94
Kontakt för Asien --
Saeko Takeuchi saeko@w3.org, +81.466.49.1170
Denna pressrelease och 20 intyg som stöder P3P finns tillgängligt på webben:
http://www.w3.org/2002/04/p3p-pressrelease
http://www.w3.org/2002/04/p3p-testimonial
P3P-standarden:
http://www.w3.org/TR/2002/REC-P3P-20020416/
http://www.w3.org/ -- 16 April 2002 -- World Wide Web Consortium (W3C)
har publicerat Platform for Privacy Preferences (P3P) 1.0 som en W3C-standard ("W3C Recommendation"). Den beskriver ett XML-baserat språk
för att uttrycka regler för hantering av personlig information,
resultatet av en överenskommelse mellan aktörer från alla sektorer av
samhället. I och med att P3P är en W3C-standard är den ett
stabilt dokument, bidrar till interoperabilitet på webben, och har
granskats av W3C:s medlemmar, och de stöder att den blir allmänt
använd. P3P har tagits fram av en arbetsgrupp sammansatt av
förespråkare för personlig integritet, ledande leverantörer av
webb-teknik, dataskyddsmyndigheter och globala ehandelsföretag.
"Att en webbplats har regler för hantering av personliga data är bra,
men att kunna förstå sådana regler är bättre," säger Tim Berners-Lee,
ledare för W3C. "P3P fungerar som en hörnsten i arbetet att ta fram
lösningar för att förbättra skydd och säkerhet på webben."
P3P hjälper användare att göra förnuftiga val.
"Platform for Privacy Preferences" (P3P) 1.0, utvecklat av W3C,
erbjuder en standardiserad, enkel och automatisk metod för användare
att få mer makt över hur personlig information användes av de
webbplatser de besöker.
På den lägsta nivån är P3P en standardiserad uppsättning
flervalsfrågor som täcker alla betydelsefulla aspekter på en webbplats
integritetspolicy. Svaren på dessa frågor utgör en maskinläsbar
version av webbplatsens integritetsregler, en entydig representation
av hur platsen hanterar personlig information om sina
användare. Webbplatser med P3P-stöd tillhandahåller denna information
på ett standardiserat maskinläsbart sätt.
Webbläsare med P3P-stöd kan "läsa av" denna representation
automatiskt, och jämföra det med användarens egna regler för personlig
information ska hanteras. P3P förstärker användarens makt genom att
göra regler tillgängliga, i en form som användare förstår, och, mest
viktigt, gör det möjlig för användaren att agera på basis av vad som
presenteras.
"Med P3P gör vi det nu möjligt att utveckla en helt ny typ av
webbtillämpningar och webbtjänster som hjälper användare att skydda
sina personliga data, samtidigt som vi gör ehandelstranskationer
smidigare," säger Daniel J. Weitzner, ledare för W3C:s arbetsområde för
teknologi och samhälle. "Det faktum att webben nu har ett
standardiserat språk för att beskriva sätt att hantera personlig
information kommer att möjliggöra en ny nivå av förståelighet i
webbbaserad interaktion. De nya mekanismerna för att hantera personlig
information kommer att vara av stor betydelse för mobil och andra
former för webbaccess."
P3P är en produkt av internationellt samarbete
P3P har tagits fram genom en konsensus-baserad process. Deltagare i
utvecklandet av P3P representerar framstående organisationer inom
näringsliv, offentliga sektorn och forskning. Arbetet har letts av
Dr. Lorrie Cranor från AT&T Labs-Research; och bland de deltagande
organisationerna återfinns Akamai Technologies; American Express;
America Online, Inc.; AT&T; AvenueA; University of California, Irvine;
Center for Democracy and Technology, USA; Charles Schwab Consultants;
Citigroup; Doubleclick Inc.; Electronic Network Consortium (ENC),
Japan; Engage; Ericsson; GMD/Fraunhofer; Hewlett Packard Company; IBM;
IDcide; Independent Center for Privacy Protection Schleswig-Holstein,
Germany; Internet Education Foundation; Joint Research Center of the
European Commission; Microsoft; NCR; NEC; Ontario Office of
Information and Privacy; PrivacyBank; liksom många inbjudna experter
på personlig integritet. Många organisationer har gjort uttalanden som
stöder P3P, och några har meddelat att de arbetar med
implementeringar.
"Internationellt deltagande har varit en nyckelfaktor i arbetet att ta
fram en begreppskatalog för personlig integritet, begrepp som svarar
upp mot behov och krav," förklarar Rigo Wenning, ledare för
aktiviteten personlig integritet. "Arbetsgruppen har också dragit
nytta av aktivt deltagande från närningsliv, myndigheter och
forskare. Definitionen av P3P tar hänsyn till mångfalden av
integritetsramverk runt världen."
Nästa steg för P3P fokuserar på implementation
W3C:s lista över P3P-stödjande webbplatser och programvara för P3P
fortsätter att växa, och innehåller både insticksprogram ("plug-ins")
och webbläsare, generatorer för P3P-regler, och en P3P-validator.
W3C:s arbetgrupp P3P planerar att fortsätta att erbjuda resurser och
hjälp till implementatörer som önskar utvidga sina webbplatser med
P3P-funktionalitet. Förutom P3P:s hemsida så finns andra användbara
resurser som p3ptoolbox.org (i samarbete med Internet Education
Foundation), and av JRC framtagna demonstrator och en
forskningsplattform för P3P.
Om World Wide Web Consortium (W3C)
W3C skapades för att leda webben till sin fulla potential, genom att
utveckla gemensamma protokoll som förstärker dess utveckling och
framtidssäkrar dess interoperabilitet. Det är ett internationellt
konsortium, lett av MIT Laboratory for Computer Science (MIT LCS) i
USA, Institut national de recherche en informatique et en automatique
(INRIA) i Frankrike och Keio University i Japan. De tjänster som
konsortiet erbjuder är bl. a. informationskällor om webben, riktat
till såväl utvecklare som användare, och prototyper och demonstratorer
som visar användning av ny teknologi. Konsortiet har f.n. mer än 500
medlemmar. Mer information finns på http://www.w3.org/ .
P3P är ett av W3C registrerat varumärke.
Följande uttalanden stöder P3P 1.0.
America Online Inc.; AT&T; Carnegie Mellon University; Center for
Democracy and Technology, USA; DoubleClick; Ericsson,
Hewlett Packard Company; Information Commissioner for the
United Kingdom; Information and Privacy Commissioner, Ontario,
Canada; Joint Research Centre of the European Commission; IBM;
Microsoft; NEC; Privacy Council; The Proctor & Gamble Company;
Independent Centre for Privacy Protection,
Schleswig-Holstein, Germany; Commissioner for Data Protection,
Brandenburg, Germany; University of Kassel; and Vanderbilt University
In French: INRIA
In German: Unabhängiges Landeszentrum, Datenschutz Schleswig-Holstein
-
AOL has always regarded consumer privacy as one of our most
important values. In addition to supporting robust self-regulatory
initiatives and industry best practices, we strongly support
technologies like P3P that empower consumers to personalize
their online experience and make informed choices about their privacy.
We commend W3C for the work it has done on this important issue,
and we look forward to continuing to work with W3C and other
interested organizations on ways to enhance and implement the P3P
standard and other similar technologies.
-- Tatiana Gau, Senior Vice President, Integrity Assurance,
America Online Inc.
-
Customers have long relied on AT&T as a privacy leader to make
responsible decisions about how to use and protect customer information.
P3P takes privacy control to the next level, by empowering consumers to
make their own privacy decisions in real time as they surf the Web. AT&T
is proud to have been a leader in the W3C efforts to develop and support
P3P. We encourage consumers to try our free Privacy Bird software, which
uses P3P to automatically read online privacy policies and compare them
with the user's privacy preferences.
-- Michael C. Lamb, Chief Privacy Officer, AT&T
-
Our study of P3P suggests that it provides an important first
step in automating personal information privacy assurances on the web.
My grandfather once told me, "never take a move back in Chess." I
believe that P3P is a move that can be confidently made forward that we
will not have to take back. While P3P lacks a number of features that
must ultimately be a part of automating personal information privacy
assurances, our studies, in analysis, software, and in teaching, have
suggested that P3P can be adopted with confidence that the essential
characteristics of the platform will be carried forward. I certainly
recommend its adoption by any group seeking to facilitate communications
about privacy assurances.
-- Bob Thibadeau, Director, Internet Systems Laboratory,
School of Computer Science, Carnegie Mellon University
-
CDT believes that the P3P 1.0 Specification is an important
step in data protection and privacy because it promotes greater
transparency among Web sites and their privacy practices. While P3P
alone will not resolve each and every critical aspect surrounding
privacy issues, the use of automated privacy policies will help
facilitate the clear understanding of privacy practices before users
agree to hand over personal information to Web sites, which is an
essential first step. P3P provides the reliable foundation for much
needed frameworks incorporating additional privacy enhancing
technologies; better consumer education; and baseline legislation
to create a national standard for privacy expectations online.
-- Ari Schwartz, Policy Analyst, Center for Democracy and
Technology (USA)
-
P3P has already had a dramatic effect on the practices of Web
sites by causing thousands of companies to take a hard look at their
data practices. Businesses that never addressed data retention in their
privacy policies are now realizing that they need to address this in
their P3P statements. Just being required to make the statement "I keep
your data forever" has prodded many businesses to implement purging
policies! Similarly, sites are now more carefully self-auditing and
describing their cookie practices. The result in just a few months has
been much more accuracy and transparency for users.
-- Jules Polonetsky, Chief Privacy Officer, DoubleClick
-
Privacy is important to Ericsson. We have been working on ways to make
sure that the users privacy is safeguarded, while enabling convenience.
There is often a trade-off between convenience and the user's right to
privacy and control. Users in the mobile Internet are extra sensitive
to privacy violations, as well as extra interactions. We believe that
any standard must address these questions, and we feel P3P is a good
first step.
Ericsson has been involved in the development of P3P. We have been
working at how to use P3P to make sure that user data delivery in
the mobile Internet is done in a way that safeguards the users privacy.
Ericsson looks forward at continuing to assist the P3P working
group as P3P gains more traction in the mobile Internet.
-- Helena Lindskog, System Manager and Lecturer, Ericsson Infotech
-
P3P 1.0 is the set of building blocks for consistency in
declaring data collection practices across the World Wide Web. We
believe it will be become the standard for privacy interoperability. HP
has implemented P3P on its major e-commerce sites, including
hpshopping.com, and will complete our implementation across
hp.com over the next several months. HP believes that P3P is a key piece
of the solution for better serving customer privacy needs through
technology, baseline privacy legislation, third party oversight and
consumer education.
-- Barbara Lawler, Chief Privacy Officer,
Hewlett Packard Company
-
Can I say how much I welcome this work which is a practical
step to providing individuals with control over their information? I
hope P3P will prove to be a useful part of the package of technical,
self-regulatory and legal measures to protect personal privacy on the
World Wide Web.
-- Elizabeth France, Information Commissioner
for the United Kingdom
-
The Platform for Privacy Preferences (P3P) provides a valuable
service to those online - it provides openness and transparency of
privacy policies, where they were once lacking. P3P also gives users
increased control over their personal information and brings a common
vocabulary to Web privacy policies. Awareness of online privacy issues
among Web site developers has risen considerably due to the work of the
P3P team. Consequently, an ever-increasing number of Web sites are
becoming P3P-enabled. Consumer privacy expectations continue to remain
high, and P3P plays an important role in addressing some of those
expectations. My office remains committed to the development of P3P
and other privacy enhancing tools for the Web.
-- Ann Cavoukian, Ph.D., Information and Privacy Commissioner,
Ontario, Canada
-
P3P is proving itself to be a workable tool for individuals to
better manage their privacy preferences online. IBM is pleased to have
supported this effort through the development of the standard itself
as well as P3P-compliant software.
-- Martin Presler-Marshall, P3P Working Group co-chair and
co-author, IBM
-
As an active participant on the W3C P3P working group, the
Joint Research Centre welcomes the P3P standard as one important
technical solution in improving trust relationships between consumers
and e-business, in particular as a way of providing unambiguous, machine
processable information on privacy practices. We will be continuing to
contribute to support the standard and its implementations through work
on our P3P demonstration and research platform. Related to this, we are
also maintaining a P3P Resource center which aims to give users hands
on experience of the standard's implications.
-- Giles Hogben and Marc Wilikens,
Cybersecurity Research Group, Joint Research
Centre of the European Commission
-
Microsoft salutes the W3C P3P committee. We've been pleased to
be part of this industry effort to produce a technology that helps
Internet surfers select their own level of privacy protection in dealing
with Web sites. P3P takes a step towards providing consumers with more
choices, so they have a better understanding about the information that
is collected about them. In Microsoft's implementation of P3P in our
browser technology, the settings facilitate an understanding of what
takes place in the background when consumers visit sites on the Web.
From a design perspective, it is very important for us to give
consumers a privacy choice and control model, and also maintain the
quick, productive and efficient browser software experience that
people have come to expect. P3P provided the flexibility for us to
strike that balance.
-- Richard Purcell, Privacy Officer, Microsoft Corporation
-
NEC is pleased to see P3P 1.0 become a W3C Recommendation.
P3P provides a standard way for web sites to disclose their privacy
policies, and thus enables individuals to control their personal
information while using the Web. NEC has been supporting W3C's P3P
activity for years - the P3P validator service is now a common Web
site check tool, and our ISP service "BIGLOBE" implemented P3P privacy
policies on more than thirty web sites.
-- Fumio Onimaru, Senior Manager, Technical Standards,
External Relations Division, NEC Corporation
-
Privacy Council is fully committed to the P3P specification
developed by the W3C. We believe that P3P is one of the most important
achievements in privacy enabling technology for the Internet. It
provides a clear and concise mechanism for regulating consumer
preferences when browsing or procuring goods and services from a
Web site. In our opinion, P3P will make it easier for every Web site
to comply with the spirit of privacy regulations by creating
electronically readable privacy policies. It also establishes
baseline accountability for Internet businesses to disclose privacy
policies that truly reflect actual practices.
-- Dr. Larry Ponemon, CEO, Privacy Council
-
Proctor & Gamble is implementing P3P because it promises to
significantly help consumers control how their personal information is
gathered and used by Web sites. P3P provides a common, machine-readable
language for privacy, allowing consumers to easily read, understand,
and compare the privacy policies of Web sites they visit. This in turn
will build their trust and confidence that their personal information
will be managed in accordance with their wishes.
-- Mel Peterson, Privacy Manager,
The Proctor & Gamble Company
-
P3P is the first international effort to integrate privacy
protection into the information technology of the global networks. This
is a starting point to achieve more transparency, more choice and more
orientation for the citizens on the Internet. Now, we have to implement
and to disseminate P3P. In the interest of the human right of
privacy, there have to be further efforts in standardization.
-- Dr. Thilo Weichert, Independent Centre for Privacy
Protection Schleswig-Holstein, Germany
-
P3P is a necessary but not sufficient condition for privacy.
The Platform for Privacy Preferences (P3P) is the most sophisticated
proposal that has been made from a technical perspective so far to
enhance privacy protection on the Web... [while] it cannot replace a
regulatory framework of legislation, contracts, or codes of
conduct... it [can] operate within such a framework.
-- Dr. Alexander Dix, LL.M., Commissioner for Data
Protection and Access to Information,
State of Brandenburg, Germany
-
The recommendation of the P3P-Standard is an important step
towards privacy protection in the Internet. It will enhance the
transparency of data processing and improve the opportunity of
the users to choose services according to their privacy protection
behavior. It will increase privacy protection awareness of all people
involved. And it gives consumer associations or privacy protection
officers a chance to design and distribute popular user preferences
"and popular policies and to contribute in this way to a privacy
protection culture. The recommendation, however, does not support
all privacy requirements in Germany and Europe. But the standard
allows individual further developments, that meet further
requirements of privacy protection. The recommendation is a first
practical step with further steps to follow.
-- Prof. Dr. Alexander Rossnagel,
University of Kassel, Germany
-
As one of the premiere research centers in the world for the
study of digital commerce, eLab (http://elab.vanderbilt.edu/ )
recognizes the great importance and need for privacy policy standards.
Digital businesses need to know who their customers are and these
customers need the ability to control how their information is released
to others. P3P addresses both these needs by providing communication
about data privacy practices between customers and Web sites as well
as enhanced user control over the use and disclosure of personal
information. eLab support 's P3P's goal to reach a state of
privacy equilibrium where the technology supported as a standard
would allow consumers to take advantage of custom Web sites and control
the information they share.
-- Donna Hoffman, Professor of Marketing and Co-Director
and Co-Founder of eLab,
Vanderbilt University
-
P3P est une recommandation trčs importante parce qu'elle
apporte une solution standardisée ā l'amélioration du contrôle des
infomations personnelles sur le Web. P3P permet d'augmenter la
confiance des utilisateurs, et par voie de conséquence, d'augmenter le
nombre d'usagers du Web. Cette confiance va également permettre
l'innovation puisqu'il faut s'attendre ā l'émergence de nouveaux
services innovants, qui vont bénéficier ā la fois aux utilisateurs
finaux et aux transactions commerciales.
-- Gérard Giraudon, Directeur du Développement et des
Relations Industrielles, INRIA
-
P3P ist der erste internationale Ansatz, Datenschutz in
informationstechnische Produkte im Kontext der globalen Vernetzung
zu integrieren. Damit ist ein Anfang gemacht, um mehr Transparenz,
mehr Wahlfreiheit und mehr Bürgerorientierung im Internet zu
realisieren. Nun geht es darum, P3P zu implementieren und zu verbreiten.
Weitere Standardisierungsbemühungen im Interesse des Grundrechtsschutzes
müssen folgen.
-- Dr. Thilo Weichert, Unabhängiges Landeszentrum, Datenschutz
Schleswig-Holstein