Description of the Platform for Privacy Preferences (P3P) Project (290333)


The information in this article applies to:

  • Microsoft Internet Explorer version 6 for Windows 98
  • Microsoft Internet Explorer version 6 for Windows 98 Second Edition
  • Microsoft Internet Explorer version 6 for Windows Millennium Edition
  • Microsoft Internet Explorer version 6 for Windows NT 4.0
  • Microsoft Internet Explorer version 6 for Windows 2000
  • Microsoft Internet Explorer version 6 for Windows XP
  • Microsoft Internet Explorer version 6 for Windows XP 64-Bit Edition
This article was previously published under Q290333

SUMMARY

This article describes the Platform for Privacy Preferences (P3P) project. P3P is a combined protocol and architecture designed to inform Web users of the data-collection practices of Web sites. Internet Explorer 6 supports the use of P3P version 1 Compact policies by Web sites to report their intended use of cookie information. The Compact policy information is used in combination with user preferences to determine whether Internet Explorer 6 will accept or block cookies from the Web site. The P3P specification and associated documents are located at the following World Wide Web Consortium Web site:

http://www.w3.org

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

MORE INFORMATION

The P3P Specification

The P3P specification defines:
  • A standard schema for data a Web site may want to collect.
  • A standard set of privacy disclosures.
  • A means of associating privacy policies with Web pages and cookies.
  • An XML format for expressing privacy policies.
  • A mechanism for transporting P3P policies over HTTP.

P3P Goals

The two main goals of P3P are:
  • To enable Web sites to present their data-collection practices in a standardized, computer-readable, easy-to-locate manner.
  • To enable Web users to understand what data will be collected by sites, how that data will be used, and what data and uses they may "opt-out" of or "opt-in" to.

P3P Policies

A P3P-compliant Web site encodes its data collection and use practices in a computer-readable XML format known as a P3P policy.

Compact Policies

A Compact policy is a summarized version of a full P3P policy. Compact policies are a performance optimization that allows the user agent to make quick, synchronous decisions about applying policy. P3P version 1 Compact policies contain policy information related to cookies only. The P3P full policy that is summarized by the P3P Compact policy applies to both data stored within the cookie and to data at the Web site that is referenced by the cookie. The Compact policy must represent all of the cookies that are referenced in the P3P full policy.

Note that P3P Compact policies are optional for both user agents and servers. User agents that are unable to obtain enough information from a Compact policy to apply the user's privacy preferences should fetch the full policy.

Compact Policy Scope and Lifetime

When a P3P Compact policy is included in an HTTP response header, it applies to cookies that are set by the current response. This includes cookies set through the use of an "HTTP SET-COOKIE" header or cookies that are set by script. Because Compact policies can apply policy only to cookies that are set in the current response, Compact policies cannot apply policy to cookies from a different namespace.

The P3P policy summarized by the Compact policy must span the lifetime of the cookie. When a server sends a Compact policy, it is asserting that the Compact policy and the corresponding full P3P policy will be in effect for at least the lifetime of the cookie to which it applies.
Modification Type:MinorLast Reviewed:11/22/2005
Keywords:kbenv kbinfo KB290333
©2004 Microsoft Corporation. All rights reserved.