- The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Proposed Recommendation 28-January-2002. Edited by Massimo Marchiori (W3C/MIT/University of Venice) Authored by: Lorrie Cranor (AT&T), Marc Langheinrich (ETH Zurich), Massimo Marchiori (W3C/MIT/UNIVE), Martin Presler-Marshall (IBM), and Joseph Reagle (W3C/MIT). Version URL: http://www.w3.org/TR/2002/PR-P3P-20020128/. Latest Version URL: http://www.w3.org/TR/P3P/. Previous Version URL: http://www.w3.org/TR/2001/WD-P3P-20010928/.
- The Platform for Privacy Preferences 1.0 Deployment Guide. W3C Note 11-February-2002. By Martin Presler-Marshall (IBM). Version URL: http://www.w3.org/TR/2002/NOTE-p3pdeployment-20020211. Previous Version URL: http://www.w3.org/TR/2001/NOTE-p3pdeployment-20011130.
From the Proposed Recommendation specification: "The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. Although P3P provides a technical mechanism for ensuring that users can be informed about privacy policies before they release personal information, it does not provide a technical mechanism for making sure sites act according to their policies. Products implementing this specification may provide some assistance in that regard, but that is up to specific implementations and outside the scope of this specification. However, P3P is complementary to laws and self-regulatory programs that can provide enforcement mechanisms. In addition, P3P does not include mechanisms for transferring data or for securing personal data in transit or storage. P3P may be built into tools designed to facilitate data transfer. These tools should include appropriate security safeguards... The P3P1.0 specification defines the syntax and semantics of P3P privacy policies, and the mechanisms for associating policies with Web resources. P3P policies consist of statements made using the P3P vocabulary for expressing privacy practices. P3P policies also reference elements of the P3P base data schema -- a standard set of data elements that all P3P user agents should be aware of. The P3P specification includes a mechanism for defining new data elements and data sets, and a simple mechanism that allows for extensions to the P3P vocabulary."
From the P3P Deployment Guide: "Deploying P3P on a Web site requires:
- Creating one or more policy statements which describes the data the site collects and how it will be used. These are XML documents, typically less than 10K bytes in size. The policy statements must be published on the Web site.
- Creating a policy reference file, which gives the URL for the site's policy statements, and indicates what portions of the site - and the site's cookies - are covered by which statements. This is an XML document, and is typically a few kilobytes in size. The policy reference file then must be published on the Web site.
- Telling browsers how to locate the policy reference file. There are several mechanisms available to do this. The policy reference file can be published in a predefined location on the site, the server can send an HTTP response header giving the location of the reference file, or the site's HTML content can be modified to contain links to the reference file.
- The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. PR version.
- The Platform for Privacy Preferences 1.0 Deployment Guide
- P3P mailing list
- P3P and Privacy on the Web FAQ
- References for P3P Implementations
- W3C Privacy Activity Statement
- "Platform for Privacy Preferences (P3P) Project" - Main reference page.