CDT's data privacy page





June 11, 1997

For more information,
contact Jerry Berman or Deirdre Mulligan at CDT

The Empowered User: Implementing Privacy Policy in the Digital Age

Advancing privacy through education, communication, and choice.

Interactive communications media offer both risks and opportunities to securing individuals' privacy. During the Federal Trade Commission Workshop on Consumer Privacy on the Global Information Infrastructure last year, a number of participants agreed that a collaborative effort to identify and craft a workable framework for privacy on the Internet was needed. As the FTC staff report issued in December 1996 documented, many Workshop participants identified four [ 1 ] concepts as central to the protection of individual privacy online. Two of those concepts are:

At the conclusion of last year's FTC Workshop the question of how best to implement "notice" and "choice" on the Internet remained unanswered. The work of the Internet Privacy Working Group and its collaboration with the World Wide Web Consortium (W3C) on its Platform for Privacy Preferences (P3) Project is an effort to implement these two core elements through a combination of policy supported by a technical specification.

The Internet Privacy Working Group (IPWG) formed shortly after the FTC workshop. Participants in the IPWG effort represent a broad cross-section of public interest organizations and private industry engaged in commerce and communication on the Internet.[ 2 ] IPWG's mission is to provide a policy framework for addressing privacy concerns in the online environment. Towards this end IPWG is developing a language for users to communicate privacy preferences and Web sites to communicate information practices on the Internet. The work of IPWG will contribute towards the W3C P3 Project that will enable computer users to make choices about the flow of their personal information on the Internet.

The W3C P3 Project is an attempt to implement the concepts of "notice" and "choice" by developing a platform that enables Web sites to easily describe their privacy practices; enables users to set preferences about the collection, use and disclosure of personal information; and enables the two to communicate, and in some instances reach agreement, when the two are at odds.

The IPWG vocabulary and the P3 Project address a limited set of privacy issues. The platform does not address many important privacy considerations such as providing people access to their personal information. Efforts by others to address additional facets of the privacy puzzle through technology, self-regulation and regulation are expected and necessary if we are to build a complete and effective privacy solution for the Internet. We believe this effort is compatible with others and it is in this context that the P3 Project will be powerful.

IPWG Vocabulary and P3 Project

The IPWG vocabulary and the P3 Project will enhance individual privacy by:

Decisions about the collection, use and disclosure of personal information have a profound impact on an individuals' privacy and their ability to exercise First Amendment protected activities. Privacy is valued differently by each person. Similarly, an individual's desire for privacy may vary in different situations. The individualized nature of privacy and the impact that privacy decisions may have on other rights and activities, support an approach that vests individuals with the ability to make decisions. We believe that P3, coupled with a robust, flexible vocabulary can provide individuals with a tool to make these important decisions with independence and flexibility.[ 3 ]

The flexible vocabulary developed by IPWG coupled with P3 uses the Internet's unique features to advance privacy.

It builds upon the medium's interactivity by supporting the exchange of information about privacy preferences and practices in a simple, inexpensive, and in many instances seamless manner. It acknowledges the diversity of information providers on the Internet by providing a simple tool that assists a small non-profit or a large company to effectively convey basic information about their handling of personal information. Its emphasis on empowering individuals to make decisions respects the complexities of a decentralized network. Its reliance on a technical platform and a broad, flexible vocabulary will allow it to address individuals' privacy concerns consistently as they move across the global information infrastructure while at the same time providing for the differences in regional and national approaches to privacy. [ 4 ] Shaping the infrastructure of the Web to support individual control over personal information offers an effective method of preserving privacy in this context -- it provides privacy protection consistent with the needs of users in a global, decentralized medium with a wide diversity of information providers. [ 5 ]

Expressing Privacy Preferences and Practices on the Web

The IPWG Vocabulary

In developing a language for expressing information practices and privacy preferences on the Internet, the IPWG took care to ensure it could support the expression of the core fair information practice principles. The core fair information practice concepts of "individual notice" and "consent" drive the design of P3 itself. The remaining task was to craft a vocabulary that would allow for the expression of a diverse set of information practices and privacy preferences -- facilitating the exchange of information about the collection, use, and disclosure of a wide array of information.

IPWG Web Site Practice Specification Form: Web Sites Information Practices

The IPWG Web Site Practice Specification Form expresses the vocabulary in a simple format. Information types are listed across the top of the page, information practices are listed along the left margin. A Web site operator would complete one copy of this form expressing the site's overall information policy, and where necessary complete separate copies for pages or sections of the site with different information practices. At the top of the page each Web site is required to designate a contact person within the organization in case of problems -- in countries with official privacy offices it could also direct individuals to the appropriate contact.

The IPWG Privacy Preference Files: Individuals' Privacy Preferences

The IPWG Privacy Preference Files provide individuals with a simple method of selecting privacy preferences that reflect their concerns. Recognizing that people may not grasp the consequences or meaning of the practice specification grid, or want to spend the time, IPWG went about crafting a set of six settings that once selected would pre-configure a user's preferences. The six settings reflect meaningful distinctions such as a desire to remain unidentified, a desire to limit the use of information to the sole purpose for which it was provided, a willingness to allow the use of information internally, a willingness to allow the disclosure of information if given the opportunity to review the policy, a willingness to allow disclosures of information in general, and a lack of interest in privacy. Similarly, six children's settings were constructed to help parents set standards for the protection of their children's privacy online.


The P3 specification in combination with a robust, flexible vocabulary for expressing privacy considerations like that proposed by IPWG, can promote the development of a richer public understanding and greater industry attention to personal privacy in the online environment. In no other medium are individuals given an independent ability to express their own expectations of privacy, assess the information practices of those with whom they are considering interacting with, and make decisions on that basis. For the first time we are witnessing a non-regulatory solution that gives the individual a direct voice in privacy practices in the private and public sector. The individual is able to decide in an informal manner, at the front-end, what if any information to divulge and for what purpose it may be used. The P3 offers an opportunity to truly empower individuals to take charge of their privacy by vesting them with simple methods for exercising control over personal information.

If the goal of this workshop is to find ways to fully implement the core privacy principle -- individuals have the right to control the collection, use and disclosure of their personal information -- on the Internet, we believe that solutions that build upon the innate ability of interactive communications media to support individual control hold great promise. Through solutions that put individuals in control of their information by providing them with notice of companies information practices and real opportunities to clearly express the method in which they want their information handled, the Internet can offer individuals the capacity to protect their privacy consistent with core First Amendment values and the continued growth of communication and commerce.

The potential to meet the goals of protecting privacy and speech, and increasing child safety through a solution that maximizes individual and parental control should be attractive to privacy advocates, First Amendment advocates and child advocates alike. We have the opportunity to reverse the pattern of using technology to undermine individual privacy. Ensuring that the architecture of the Global Information Infrastructure is designed to support individual empowerment solutions will have a profound effect on individual privacy in the Twenty-first Century.


1. Two additional necessary elements were identified: "Security" of personal information, if commerce in cyberspace is to flourish on the Internet; and, "Access" for consumers to their own personal information to ensure accuracy.

2. Participants in IPWG's efforts include: America Online; AT&T; Business Software Alliance; Center for Media Education; Citicorp; Coalition for Advertising Supported Information and Entertainment; Consumer Federation of America; Direct Marketing Association, Inc.; Disney; The Dun & Bradstreet Corp.; Electronic Frontier Foundation; TRUSTe; IBM Corp.; Interactive Services Association; MCI Communication Corp.; Microsoft Corp.; National Consumers League; and, the World Wide Web Consortium (W3C).

3. Of course there are instances where the individual's ability to make decisions regarding the flow of personal information may be encumbered. For example, where the government seeks access to personal information on an individual held by a third-party the individual's ability to intervene and exercise control may demand that they receive notice of the request for access. Similarly, in the context of medical treatment, providing individuals with the ability to exercise meaningful control over the flow of personal may require procedures that protect the individual during this moment of vulnerability from rapacious information demands. These settings should be addressed with solutions that assist individuals, or those acting in their stead, to control personal information.

4. The implementation of individual empowerment technologies that allow individuals to exercise control over information in a simple, effective manner are a means of implementing the core notice and consent requirements of the EU Directive. Through the development of a standard format for expressing information practices and a method for exchanging individual privacy preferences and entities information practices, individual empowerment solutions would assist entities operating on the Internet to meet the notice and consent provisions of the EU Directive in a nearly seamless fashion.

5. Solutions are meaningless unless they are effective. Enforcement is a crucial part of any privacy solution. Under a P3 approach we believe the FTC would have an effective method of enforcing privacy policy on the Internet. Once an entity puts forth a privacy policy or agrees to adhere to an individual's preferences, any deviation or breach of the terms set out could be actionable as a deceptive and unfair practice. We believe the FTC has full jurisdiction to ensure that entities operate fairly on the Internet and conform to their stated information practice policies.

Posted on June 12, 1997