P3P privacy policy file...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I am in search for some help / input (links are great to)

I am a total newbee at privacy policy files (P3P)...
My situation is that I (AFAIK) use session cookies for my
forums + blogs and Google Analytics for following trends.

(also, when users buy something, I of course need to keep contact
details for future support - i.e. so I can support paying customers)

Will I benefit from having a P3P file?

I do not want any unnecessary warnings pop up. At the same time,
I also do not want to overpromise protection of privacy. (e.g. I do not want
to open up for massive angry emails + liability if e.g. GoogleAnalytics som
day decides to track minute more data / whatever, and I forget to update P3P

I would prefer if I could explain what /I intent/ to use the data for.
Does anyone have examples of P3P files that match my needs?

I need to do (much) more research, but sofar, I have this:

<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1 ">
  <POLICY name="policy1" discuri="http://www.example.com/legal.html ">
        <DATA ref="#business.name">CompanyNAme</DATA>
      <DISPUTES resolution-type="service"
service="http://www.example.com/legal.html ">
        <IMG src="http://www.example.com/logo.png" alt="CompanyName"/>
        <current required="always" />
 <admin required="always" />
 <develop required="always" />
 <pseudo-analysis required="always" />
 <pseudo-decision required="always" />
        <DATA ref="#dynamic.clickstream"/>


Re: P3P privacy policy file...

Quest wrote:

Quoted text here. Click to load it


Wikipedia has a (reasonable) rant against them. However this is no
reason at all why individual sites _shouldn't_ use what is currently
available, paltry as it is.

The W3 site is the official repository of everything.  They also link
to a reasonable implementation guide at http://p3ptoolbox.org/guide /
You can also search down any number of clicky-box P3P generators and
(often XSLT-based) toosl to turn the machien readable form into

General points:

P3P is a poor solution, but it's what we have.

P3P is no guarantee against the deliberately evil. Most P3P out there
(measured in 2004) is deliberately misleading from dodgy site

P3P is good on cookies, poor on scripting and on 3rd party web bugs

P3P policies mustn't be deleted, just superceded by new ones. Read that
section of the spec before you start uploading them.

Quoted text here. Click to load it

A reasonable number of your technically literate customers will have
fewer confirmation dialogues to click through. That's about it.

Re: P3P privacy policy file...

Quoted text here. Click to load it

Thanks for your respone and insights.
I will check out the links / references :-)


Site Timeline