This article describes the Platform for Privacy Preferences
(P3P) project. P3P is a combined protocol and architecture designed to inform
Web users of the data-collection practices of Web sites. Internet Explorer 6
supports the use of P3P version 1 Compact policies by Web sites to report their
intended use of cookie information. The Compact policy information is used in
combination with user preferences to determine whether Internet Explorer 6 will
accept or block cookies from the Web site. The P3P specification and associated
documents are located at the following World Wide Web Consortium Web site:
Microsoft
provides third-party contact information to help you find technical support.
This contact information may change without notice. Microsoft does not
guarantee the accuracy of this third-party contact
information.
Back to the top
The P3P Specification
The P3P specification defines:
| • | A standard schema for data a Web site may want to
collect. |
| • | A standard set of privacy disclosures. |
| • | A means of associating privacy policies with Web pages and
cookies. |
| • | An XML format for expressing privacy policies. |
| • | A mechanism for transporting P3P policies over
HTTP. |
Back to the top
P3P Goals
The two main goals of P3P are:
| • | To enable Web sites to present their data-collection
practices in a standardized, computer-readable, easy-to-locate
manner. |
| • | To enable Web users to understand what data will be
collected by sites, how that data will be used, and what data and uses they may
"opt-out" of or "opt-in" to. |
Back to the top
P3P Policies
A P3P-compliant Web site encodes its data collection and use
practices in a computer-readable XML format known as a P3P policy.
Back to the top
Compact Policies
A Compact policy is a summarized version of a full P3P policy.
Compact policies are a performance optimization that allows the user agent to
make quick, synchronous decisions about applying policy. P3P version 1 Compact
policies contain policy information related to cookies only. The P3P full
policy that is summarized by the P3P Compact policy applies to both data stored
within the cookie and to data at the Web site that is referenced by the cookie.
The Compact policy must represent all of the cookies that are referenced in the
P3P full policy.
Note that P3P Compact policies are optional for both
user agents and servers. User agents that are unable to obtain enough
information from a Compact policy to apply the user's privacy preferences
should fetch the full policy.
Back to the top
Compact Policy Scope and Lifetime
When a P3P Compact policy is included in an HTTP response header,
it applies to cookies that are set by the current response. This includes
cookies set through the use of an "HTTP SET-COOKIE" header or cookies that are
set by script. Because Compact policies can apply policy only to cookies that
are set in the current response, Compact policies cannot apply policy to
cookies from a different namespace.
The P3P policy summarized by the
Compact policy must span the lifetime of the cookie. When a server sends a
Compact policy, it is asserting that the Compact policy and the corresponding
full P3P policy will be in effect for at least the lifetime of the cookie to
which it applies.
Back to the top
