WorldLII Home | Databases | WorldLII | Search | Feedback

Privacy Laws and Business International Report

You are here:  WorldLII >> Databases >> Privacy Laws and Business International Report >> 1998 >> [1998] PLBIRp 28

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EU opinion on P3P [1998] PLBIRp 28; (1998) 45 Privacy Laws and Business International Report 21

EU publishes opinion on online privacy technologies

AS THE PLATFORM OF PRIVACY PREFERENCES PROJECT (P3P) is reaching its final stages, questions on implementation are pressing. The EU Data Protection Working Party has drawn attention to problems that may occur.

The Working Party, which consists of EU Data Protection Commissioners and European Commission represen- tatives, published its draft opinion on P3P and Open Profiling Standard

(OPS) (PL&B Dec ’97p.14) on 16th June. The group demands that certain specific issues need to be addressed if these technologies are to have a posi- tive impact on privacy protection in the on-line environment.

P3P, developed by the World Wide Web (WWW) Consortium, a US based international industry group, hopes to enable computer users to be informed and make choices about the collection, use and disclosure of their personal data when browsing on the Internet. P3P trans- lates data protection norms into vocabularies (PL & B Oct ’97 p.28). Websites can then be rated against these vocabularies to establish their privacy-friendliness. The websites which meet the users’ standards would be accessed as normal. However, when accessing other than these preferred sites, the user would be notified of their privacy practices.

P3P NEEDS ENFORCEABLE DATA PROTECTION RULES

The EU Data Protection Working Party points out that a technical solu- tion to offer privacy protection on-line in the form of P3P and OPS is not enough, but needs to be support- ed by enforceable data protection rules. P3P might even lead EU-based operators to think that they are not obliged to comply with some aspects of national data protection laws. The Working Party, therefore, stresses that any browsing software distrib- uted within the EU must be designed keeping in mind the requirements of the EU Data Protection Directive. Furthermore, browsing software manufacturers ought to implement P3P and OPS in a way that enables individuals to choose different levels of privacy protection. With regard to transfers of per- sonal data to websites established in non-EU countries, the Working Party reminds data controllers that the requirement of adequate protection applies. Visitors to the site should be aware of whether such sites are subject to any data protection rules, and whether there are sanctions for non-compliance. The P3P vocabulary, in its current form, does not provide information about sanctions or reme- dies.

WWW CONSORTIUM AWARE OF PROBLEMS

The World Wide Web Consortium has not been surprised by comments of the EU Data Protection Working Party. Its policy analyst, Joseph Reagle, says that the Consortium has itself been stressing the importance of implementation, defaults and user experience for the last year. He thinks, however, that the Working Party is somewhat inaccurate in saying that P3P does not provide information related to user remedies. He explains that there are mecha- nisms for this provision of information, and that supplementary vocabularies could be introduced by third parties.

P3P SOON READY FOR USE

The WWW Consortium’s work on P3P is now in its final stages, and a product announcement is expected in the autumn. OPS on the other hand, is a previously developed specifica- tion which has had some influence on the development of P3P. They share some features, but OPS focuses mainly on secure storage and trans- port of data.

Microsoft, Netscape, and Micro- systems Software already have plans to implement P3P within their products. The project has been well supported in the US, and the project has involved America Online, Firefly Network Inc, IBM, TRUSTe and VeriSign.

i

The text of the Data Protection Working Party’s opinion (1/98) is available from DG XV of the European Commission

Tel: +32 2 295 1612, Fax: +32 2 296 8010

E-mail: D1@dg15.cec.be. More information about P3P is available on the Internet at

http://www.w3.org/

P3P/P3FAQ.htm


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/1998/28.html