Looking Back at P3P: Lessons for the Future
A number of people who work on data protection have begun examining the idea of machine-readable statements that can express the privacy practices of a Web site or a third-party intermediary, such as a network advertiser or an analytics company. The theory is that such statements would provide a clear, standardized means of rendering potentially complex privacy policies into a format that could be automatically parsed and instantly acted upon.
The idea is a good one. It harnesses the power of information technology to create a means for transparency and user choice. However, it is hard to overlook the fact that there is already a Web standard to do precisely the same thing, and it hasnʼt been very successful.
The Platform for Privacy Preferences (P3P) is a standard of the World Wide Web Consortium (W3C), the main standard setting body for the Web. P3P has never been fully implemented as its creators had hoped. While it is in use today and functions in some ways as we thought it might, P3P is unlikely to be broadly adopted or to accomplish all that those pushing for machine-readable policies would like.