Rosenlaw & Einschlag

Technology Law Offices

Lawrence Rosen   ●  3001 King Ranch Road, Ukiah, CA 95482  ●  707-485-1242

Michael B. Einschlag   ●  25680 Fernhill Drive, Los Altos Hills, CA 94024  ●  650-949-2267


Online Privacy

A privacy policy is a statement made by a website owner that it will use your private information only for certain stated purposes.  You are expected to review the privacy policies of the websites you visit and to avoid those websites that won’t safeguard your private information according to your preferences. 

Failure by a website owner to comply with its own published privacy policy may be actionable under the law, for example as negligence or fraud.  Gross recklessness or intentional misrepresentation regarding privacy promises may also result in a website owner paying substantial punitive damages. 

Most of us ignore online privacy, though.  In our interactions on the Internet, for example, we no longer even bother to read the “Privacy Policy” statement that is a link on almost every page.  We either assume that data about us is not being collected and disseminated by the website owner without our express approval, or we no longer care that our private information is being shared. 

As for me, I had concluded that the battle for my privacy was lost because I didn’t have the energy any more to do what it takes to secure it.  I stopped reading privacy policies.  I even ignored the notices from my banks giving me the option to prevent the sharing of private financial data they held about me.  (I bet the vast majority of readers of this article are just like me in this regard!)  There is so much data gathering and data sharing going on that protecting privacy had become impossible to worry about.

Then a friend of mine brought the P3P standard to my attention.  Promulgated by the World Wide Web Consortium (W3C), the “Platform for Privacy Policy” standard empowers users to control their online privacy in a simple and effective way. 

Danny Weitzner, the Technology and Society Domain Leader of W3C and the chairman of the P3P committee, described the new standard this way in his testimony before the United States Senate Committee on Commerce, Science, and Transportation:

“W3C and its members became concerned about privacy on the Web because people won't use the Web to its full potential if they have to face such uncertainty. The majority of users are perfectly willing to share some information on the Web. At the same time, basic human dignity demands that we have meaningful control over which information we chose to expose to the public. Our goal is to include in the basic infrastructure of the Web the building blocks of tools that can provide each user this basic control.”

Here’s how the P3P standard works:

·         You instruct your browser to check whether websites you visit support the P3P standard.  You can elect to avoid those that do not support the standard, or you can simply be more vigilant about sharing your personal information with such websites.

·         Your browser automatically retrieves, from P3P-enabled websites, machine-readable XML information that encapsulates the website’s privacy policy.  Your browser can thus determine whether the website owner promises to safeguard your private information, or whether it shares your information with others.

·         You can set your browser to refuse to visit, or you can refuse to share data with, websites that don’t satisfy your privacy preferences. 

You will no longer have to read lengthy (and boring) privacy policies on each website you visit.  Instead, software built into your web browser, plug-ins, or other tools can enforce your privacy rights automatically and effectively by exchanging XML data with the website before you even get there.

Many of the major proprietary software companies, including Microsoft of course, participated in the W3C P3P committee.  The resulting standard has also been supported by consumer-focused organizations, including the Electronic Frontier Foundation.

Our privacy rights have become so fundamental to us that they are usually taken for granted.  But privacy must be hard won through diligence.  The software tools we create have the potential to help us secure our privacy rights – and the P3P standard is one kind of software tool that does just that.

Send mail to lrosen@rosenlaw.com with questions or comments about this website.
Copyright © 2004 Rosenlaw & Einschlag.
Last modified: 05/25/2004