Platform for Privacy Preferences Project, P3P short, is a technical platform for the exchange of data protection information. P3P has been recommended by the World Wide Web Consortium ( W3C) on 16 April 2002 as the standard.
P3P is designed to help the user in the Internet, to get a quick overview of using standardized technology, what happens to the personal data which are created when you visit a website. By standardizing it is possible to interpret privacy statements of foreign-language web pages or the information automatically evaluate and consider. P3P could not prevail. Of the major browsers, it is only supported by Microsoft Internet Explorer.
P3P profiles on web servers in the form of an XML file against, usually under the standardized path / w3c/p3p.xml and can also be transmitted as so-called "compact policy " in short form as the HTTP header, the P3P-Datei/Headers may contain the following information:
- What types of data will be collected when you visit the site?
- For what purpose this data is collected (for example, navigation, personalization, marketing)?
- How long will this data be stored?
- Who has access to the data and what rules obeys the data processing (example: Commitment or law )?
Internet surfers can P3P free. This requires only a P3P agent, which is available for free on the net. However, more comfortable for the user are already out of P3P -compliant browser. P3P is integrated into Microsoft Internet Explorer, as well as in several small browsers.
If the surfer a P3P agent, he can specify what action should be taken in the Internet with its data. The privacy notion, for example, the handling of cookies is automatically translated by the personal settings in the P3P agent into the P3P format. Before visiting a site then the details of the surfer with whom the provider of a web page are compared.
In German-speaking countries, the Independent Centre for Privacy Protection Schleswig -Holstein supports P3P in a project that was funded by the Ministry of Economy, Labour and Transport of Schleswig -Holstein.
Like any form of self-regulation (see, for example, ICRA ) P3P relies on the operator of the Web server truthful and complete details of the scope of data processing does. The P3P agent, and thus the end-user, the data of the web server can not validate and has to rely on this. P3P is not implemented or incomplete from many sides. So, for example, has Google bypassed by sending an invalid P3P header protocol.