Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages.

Published byArron Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages."— Presentation transcript:

1

2 Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages (Kiel, 19.-20.06.2003) Legal localization of P3P as a requirement for its privacy enhancing effect Jan Möller Independent Centre for Privacy Protection (ICPP) P3P Project

3 Legal localization of P3P as a requirement for its privacy enhancing effect 2 P3P and legal privacy standards Website Provider Internet Surfer W3C P3P Specification Laws or Agreements P3P Policy Legal privacy standards Sets minimum privacy standard Set Recommends Provides Reflects Bind Defines technical requirements Controls / Enforces Protect Informs

4 Legal localization of P3P as a requirement for its privacy enhancing effect 3 Binding effect of legal privacy standard included in the P3P Specification Website Provider Internet Surfer offers P3P by referencing a P3P Policy P3P Specification offering P3P = promise to apply includes Minimum legal privacy standard Website provider‘s P3P offer commits himself to minimum privacy standard

5 Legal localization of P3P as a requirement for its privacy enhancing effect 4 What is legal localization? Legal localization of P3P = adaption of P3P privacy policy (and the described data processing!) and privacy preferences of P3P agents to the legal privacy standards the parties are bound to or protected by.

6 Legal localization of P3P as a requirement for its privacy enhancing effect 5 Legal localization of P3P - why? Website Provider’s perspective Website Provider are bound to legal privacy standards. Incorporating these standards is an obligation by law. Showing non-compliance with the law may deter users and may attract supervising authorities.

7 Legal localization of P3P as a requirement for its privacy enhancing effect 6 Legal localization of P3P - why? Internet surfer’s perspective Internet surfers are used to their local legal privacy standard. Legally localized P3P preferences include this known standard as a reference. The website’s data processing practices can be compared with this reference. P3P agents can signal illegal data processing practices if user and website’s P3P Policy are configured according to the same legal privacy standard.

8 Legal localization of P3P as a requirement for its privacy enhancing effect 7 Legal localization of P3P - why? General reasons Combining P3P with higher legal privacy standards spreads and rises acceptance for these standards. Within member states of the European Union it is mandatory to legally localize P3P. If this does not happen de facto privacy standards are on risk to be lowered to the P3P minimum legal privacy standard. A legally localized P3P can help bridging the gap between de facto and legal privacy standard by incorporating laws into the surfing process.

9 Legal localization of P3P as a requirement for its privacy enhancing effect 8 Legal localization of P3P - how to? Legal localization of P3P policies Legal privacy standards can require that certain options and fields in P3P may not be used under certain circumstances or may not be used at all. Defining which options and fields are affected for a certain website requires in-depth knowledge of the legal privacy standard applicable to the website provider. To support legal localization policy generators should use legal configuration files which disallow certain fields and options or change the wizard for the building process.

10 Legal localization of P3P as a requirement for its privacy enhancing effect 9 Legal localization of P3P - how to? Legal localization of P3P agents P3P should be activated by default. Default P3P preferences should be legally localized (e.g. European languages versions of P3P agents should have EU Directive compliant P3P preferences). P3P agents should support an standardized preferences format with import and export capabilities (e.g. an improved APPEL format). Different formats complicate the development of legally localized P3P preferences by 3rd parties. No import function means offering many configuration options within the P3P agent or restricting the privacy protection functionality of P3P. A central download website for legally localized preference files should be referenced visibly within the P3P agent.

11 Legal localization of P3P as a requirement for its privacy enhancing effect10 Legal localization of P3P - how to? Extensions to the P3P standard Legal localization requires the possibilities to express local laws in P3P format. Currently some requirements of law can only be accounted for in natural language fields (e.g. information that an acceptance of data use may be canceled every time, other: see Alonso-Blas/Hogben last P3P workshop) which undermines core P3P functionality. P3P vocabulary should be extended to maintain at least the standard user rights of privacy protection laws Extended use of P3P in different fields (e.g. mobile devices) may require the extension of base data scheme (e.g. mobile IDs, device profiles/capabilities)

12 Legal localization of P3P as a requirement for its privacy enhancing effect11 Legal localization of P3P - who should support it? Companies building P3P policy generators Building P3P policies requires more than stating data processing practises in a correct syntax Basic legal requirements could be taken into account in the building process Companies building P3P policy generators should offer configuration files or an option for legally localized policy generation

13 Legal localization of P3P as a requirement for its privacy enhancing effect12 Legal localization of P3P - who should support it? Companies offering P3P agents P3P requires both parties internet surfer and website to adopt P3P P3P should be activated by default Default preferences of the P3P agent should be legally localized preferences (e.g. European languages versions of the P3P agent with EU Directive compliant P3P preferences) Upload possibility for standardized preferences files with link to website offering legally localized preference files

14 Legal localization of P3P as a requirement for its privacy enhancing effect13 Legal localization of P3P - who should support it? Authorities supervising legal privacy standards Assistance for website provider Give instructions how to include legal standard into P3P Provide legally localized standard policies for typical web services Assistance for the user Offer legally localized preferences in standardized file format Give instructions for privacy friendly preferences

15 Legal localization of P3P as a requirement for its privacy enhancing effect14 Legal localization support infrastructure Website provider Companies offering policy generators P3P policy P3P agent preferences Authorities Companies offering P3P agents User 1. uses P3P 2. loads legally localized pref. 3. arranges own pref. 1. P3P activated by default 2. legally localized default preferences 3. Upload possibility with link to legally localized preferences files 1. legallly localized preferences files 2. instructions for privacy friendly pref. 1. legally localized standard policies for typical web services 2. instructions how to include legal standard into P3P policy. includes legal privacy standard in P3P policy configuration files for legally localized policy generation 1. transparency 2. reference to judge privacy level of a website 3. fulfilled legal obligations

16 Legal localization of P3P as a requirement for its privacy enhancing effect15 The P3P projekt at the ICPP Supporting further privacy friendly development of the P3P standard and P3P applications Legal localization of P3P to encourage usage in accordance with European and German privacy laws Spreading knowledge on P3P and how to use it Targets

17 Legal localization of P3P as a requirement for its privacy enhancing effect16 The P3P project of the ICPP Legally localized P3P preferences according to European and German privacy laws Analysis of and information on legal privacy requirements for websites Legal checks of P3P policies with “ICPP tested“ seal for law compliant P3P policies (planned) Offers

18 Legal localization of P3P as a requirement for its privacy enhancing effect17 The P3P project of the ICPP Offers Information on download, installation and privacy friendly configuration of P3P agents Privacy friendly APPEL files for download (planned) Information on writing a privacy policy according to existing data processing practices Adaptable standard P3P policies for typical web services for download (planned)

19 Legal localization of P3P as a requirement for its privacy enhancing effect18 More information? www.datenschutzzentrum.de/p3p/ moeller@datenschutzzentrum.de

Download ppt "Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages."

Similar presentations

An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.

An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.
1 An Introduction to Filtering: Issues and Possible Solutions Sarah Ormes UKOLN University of Bath Bath, BA2 7AY UKOLN is funded by the Library and Innovation.

1 An Introduction to Filtering: Issues and Possible Solutions Sarah Ormes UKOLN University of Bath Bath, BA2 7AY UKOLN is funded by the Library and Innovation.
Toolkit. Definition of corporate volunteering Any effort by an employer to encourage and assist employees to volunteer in the community.

Toolkit. Definition of corporate volunteering Any effort by an employer to encourage and assist employees to volunteer in the community.
ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service.

ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service.
Overarching Issues. Competing Legislation Legal requirement for mandatory QA of professional membership vs. personal privacy protection legislation Know.

Overarching Issues. Competing Legislation Legal requirement for mandatory QA of professional membership vs. personal privacy protection legislation Know.
Configuration management

Configuration management
Introduction to Maven 2.0 An open source build tool for Enterprise Java projects Mahen Goonewardene.

Introduction to Maven 2.0 An open source build tool for Enterprise Java projects Mahen Goonewardene.
Seventh Framework Programme Grant Agreement No. 207727 Improving the Organic Certification System Workshop in Brussels, October 14, 2011 Recommendations.

Seventh Framework Programme Grant Agreement No Improving the Organic Certification System Workshop in Brussels, October 14, 2011 Recommendations.
TECHNICAL VOCATIONAL EDUCATIONAL AND TRAINING COLLEGES AN INTRODUCTION TO THE IMPEMENTATION OF A COMPLIANT RISK MANAGEMENT PROCESS July 2014.

TECHNICAL VOCATIONAL EDUCATIONAL AND TRAINING COLLEGES AN INTRODUCTION TO THE IMPEMENTATION OF A COMPLIANT RISK MANAGEMENT PROCESS July 2014.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
1 Accord Guide to Member Logins. 2 How to login to your FFC account What to do if you forget your FFC password How to change your FFC account password.

1 Accord Guide to Member Logins. 2 How to login to your FFC account What to do if you forget your FFC password How to change your FFC account password.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
Consumer Law: Protection and Compliance UCC 11 December 2014 Consumer Law: the European Agenda.

Consumer Law: Protection and Compliance UCC 11 December 2014 Consumer Law: the European Agenda.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google