I am tired of worrying about how my personal information will be used every time I visit a Web site. Lucky for me (and you), it appears that the World Wide Web Consortium may have found a resolution to my privacy concerns. Trouble is, the W3Cs answer raises new questions for Web site operators.
With its Platform for Privacy Preferences Project, or P3P, the consortium is beginning to enable computers to automatically read the electronically translated privacy policy of any site. P3P would scan the privacy policies posted on sites and compare the answers to privacy settings in consumers browsers. If the site collects data in a way consumers do not like, Internet Explorer 6.0 may block cookies based on P3P, and AT&Ts Privacy Bird browser enhancement tool will notify users.
But there are catches for Web site operators: If you do not have a P3P-coded privacy policy that a browser can read, your sites functionality or traffic may be impaired.
Also take care in translating your privacy policy to P3P-readable form. The translation of your written guidelines could cause any number of misstatements, and a false statement in a Web sites privacy policy could violate privacy and/or anti-fraud laws. In translating existing privacy policies, you may even confuse your customers depending on how you collect and use information. For example, you may use the facts you collect from someone merely browsing your site differently from customers who purchase goods on your site and provide their names and credit card numbers. Privacy policy statements should reflect these differences clearly.
To avoid initial problems, here are a few steps to follow:
• Coordinate your IT, legal, marketing and privacy departments. Make sure everyone knows what your privacy policy says and that they are adhering to it.
• Develop a clear understanding of how your Web site works. Confirm whether it relies on cookies or collects any private info. If it does not, you may not need to worry about this W3C proposal.
• Confirm that your third-party cookie provider—for example, your ad server—is P3P-compliant.
Ensure your policy is properly written in P3P by using the W3Cs validator program available at www.w3.org/P3P/validator/20010928.
Ari Kaplan is an attorney with McDermott, Will & Emery, in New York. He can be reached at alkaps@yahoo.com. This material is intended for reference only and should not be construed as legal advice.
