1 / 34

Privacy, P3P and Internet Explorer 6

Privacy, P3P and Internet Explorer 6. P3P Briefing – 11/16/01. Privacy Context. Online Privacy a concern: Consumers Advocacy groups Governments Users often do not understand: What data is being collected How it is being used A primary focus for online privacy has been cookies

mort
Download Presentation

Privacy, P3P and Internet Explorer 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01

  2. Privacy Context • Online Privacy a concern: • Consumers • Advocacy groups • Governments • Users often do not understand: • What data is being collected • How it is being used • A primary focus for online privacy has been cookies • Cookies are not inherently bad

  3. How does P3P fit in? • P3P is the work of the Worldwide Web Consortium; currently in candidate recommendation phase • Creates a common vocabulary and syntax for expressing Web site data management practices • Machine-readable format which can be deployed on any web-server • Allows user agents (such as browsers) to act directly on a user’s behalf, or facilitatedecision-making, regarding privacy preferences

  4. Who is collecting data? What data is collected? For what purpose will data be used? Is there an ability to opt-in or opt-out of some data uses? Who are the data recipients (anyone beyond the data collector)? To what information does the data collector provide access? What is the data retention policy? How will disputes about the policy be resolved? Where is the human-readable privacy policy? The P3P vocabulary

  5. P3P is part of the solution P3P 1.0 helps users understand privacy policies, but is not a complete solution • Seal programs and regulations • help ensure that sites comply with their policies • Anonymity tools • reduce the amount of information revealed while browsing • Encryption tools • secure data in transit and storage • Laws and codes of practice • provide a baseline level for acceptable policies

  6. How do I create a privacy statement? • Evaluate existing web-site practices • Write literal expression of these behaviors in natural language • Review statement with legal counsel and marketing departments • Post conspicuously on web-site, with “one-click” access • Transform natural language privacy statement into vocabulary and syntax of P3P

  7. Types of P3P-based Policies • Verbose P3P Policy (Mandatory) • XML file with complete description of site privacy policies • Compact P3P Policy (Optional) • 1-line description of site privacy policy • Found in HTTP Header • Served by the provider of the cookie

  8. Policy Example • contoso.com: • Analyzes behavior of individual users • Purpose = <individual-analysis/> • Provides user info to third parties • Recipient = <other/> • Collects user email address • Category = <online/> • Provides no opt in / out

  9. IVA OTR ONL Policy Example (cont) Compact Policy <STATEMENT> <PURPOSE> <individual-analysis/> </PURPOSE> <RECIPIENT> <other/> </RECIPIENT> <DATA-GROUP> <DATA ref="#user.homeinfo.online.email"> <CATEGORIES> <online/> </CATEGORIES> </DATA> </DATA-GROUP> </STATEMENT>

  10. Compact Policy Example • Policies could have more tokens, such as which data is available for access

  11. IE 6 P3P Implementation Goals • End-user goals • Unobtrusive • Works out of the box • Easy to understand • Flexible for power users • Site goals • Not disruptive to web business model • Easy to implement any changes • Help sites boost consumer confidence

  12. IE 6 P3P Implementation • Focus on providing more information about cookies • Help users make choices • Create smarter automated behavior • Discriminate according to purpose

  13. Cookie Management • End user experience in IE browsers before IE 6: • “Reject” all, “accept” all, “prompt” • Cookies • login, customization, advertising • How do you know? • Same action applied to all cookies indiscriminately

  14. Status Icon: First Encounter

  15. User Experience Help Topics • Explains privacy issues with cookies • Explains how to change privacy settings

  16. User ExperienceStatus Icon • Web site uses cookies • Privacy Policies don’t match settings • Cookies are restricted • User notified

  17. User ExperiencePrivacy Settings • Privacy Tab slider • Medium = Default • Highest = Block All Cookies • 1st and 3rd • Lowest = Allow All Cookies • 1st and 3rd • Import • XML Privacy settings file

  18. User ExperienceAdvanced Privacy Settings • Overrides automatic cookie handling • Control over 1st & 3rd Party cookies • Users can exempt session cookies from first two options

  19. Additional Information • MSDN article • http://msdn.microsoft.com/ie and read the material on IE 6 privacy • Contact privinfo@microsoft.comwith questions • W3C: www.w3c.org/P3P • Deployment guide http://www.w3.org/TR/p3pdeployment • Candidate Recommendation http://www.w3.org/TR/P3P/

  20. Call to Action • Express full privacy policy via the P3P syntax • Deploy compact policies • Read MSDN IE 6 privacy article • Also browse through W3C P3P literature • Work with your external partners to have them deploy compact policies

More Related