An Internet privacy standard, as implemented in Microsofts recently released Internet Explorer 6 browser, is causing headaches for some Net companies.
The World Wide Web Consortiums Platform for Privacy Preferences (P3P) specification first became widely available in IE 6, which Microsoft released in late August. IE 6 is also a primary component of Windows XP, to be launched this week.
P3P is designed to provide an automated way for users to control how the Web sites they visit use personal information. The issue that has some Web companies grumbling is how IE 6s default P3P setting blocks certain cookies, which are small files used to communicate information about users to Web sites. The setting blocks cookies from third-party sites that dont have a publicly accessible P3P privacy policy or those that do have a P3P policy but dont let users opt out.
That means some Web site features will not function the way theyre supposed to if a third-party partner does not support P3P. To be sure, its not a catastrophic problem. In the worst-case scenarios, for example, a users preferences wouldnt be readable by the target site, or an online advertising firm would lose some of its ad-tracking data. But IE 6 also displays a privacy alert icon on the status bar every time it blocks a cookie – something no site wants its customers to see. Industry observers say many sites werent prepared for P3P and are now scrambling to work up policies to support it.
“Weve been talking about P3P for five years, but obviously there are some sites out there that dont yet support it,” said Ari Schwartz, the Center for Democracy and Technologys associate director, who helped develop P3P. “It seemed like companies were not paying attention until IE 6 came out.”
DoubleClick, which serves as many as 60 billion ads each month, has been P3P-compliant since IE 6 was launched, said Jules Polonetsky, the online ad firms chief privacy officer. He said the unpleasant surprise for many companies will be finding out theyre third parties on their own Web sites. For instance, if a companys main site is www.example.com but user personalization features are served from a different site at www.myexample.com, cookies from the second site will be blocked if the company doesnt support P3P.
“Youre going to have warnings all over the place for companies getting their own cookies blocked,” Polonetsky said.
Another issue with IE 6s handling of P3P is that, even if a site is P3P-compliant, the browser blocks “legacy” third-party cookies that were already on a users computer before they upgraded the browser.
“Its an annoyance at this point,” said Jay McCarthy, vice president of product strategy at WebSideStory, a firm that tracks visitors to more than 150,000 sites using third-party cookies. “It makes us look like privacy invaders, when its really the opposite.”
Internet Explorer 6 accounts for 8 percent of all browsers used on the Net, according to the latest data from WebSideStory.