Berkman Center for Internet & Society
  • Privacy and Identity
  • Privacy Standards
  • Cross-Border Issues
  • Encryption
  • Cookies and Clickstreams
  • Free Speech and Filtering
  • Workplace Privacy
  • Medical Records
  • Lecture Hall

    Lesson beginning: March 23, 1999 - 12:00:00 AM (midnight Monday)

    Jump to: lessons | readings | events

    2. Who's Watching the Watchers?: Privacy Standards

    We began last week by considering the nature of privacy itself and discussing some of the privacy concerns raised by the availability of information on the Internet. This week, we will look at how industry groups are addressing these concerns by developing both privacy policies and technological solutions. Consider whether these standards might make it easier for users to protect themselves without having to investigate the privacy policies and technical specifications of every individual web site they visit. Or are standards, like individual privacy policies and techniques, useless if they are not backed up by clear legal enforcement? Please take the time to go over the readings and react to them in your discussion groups.

      For a useful overview of this week's topic, here is a concise article by the Co-chair of the World Wide Web Consortium's P3P Interest Group. (details)
    • Fair Information Practice Principles
      Both industry groups and government regulators have outlined seven basic Fair Information Practice Principles. As you go over them, query whether the websites that you frequent have privacy policies that incorporate these principles. (details)
    • Privacy Online: A Report to Congress, Federal Trade Commission, June 1998
      The Commission examined the practices of commercial sites on the World Wide Web. The Commission's survey of over 1,400 Web sites led it to conclude, among other things, that industry's efforts to encourage voluntary adoption of the most basic fair information practice principle -- notice -- have fallen far short of what is needed to protect consumers.

      If you don't have time to peruse the reading at length, make sure you at least read the executive summary. (details)
    • Competing privacy standards are proposed, The Associated Press
      The computer industry has responded to privacy concerns by creating various initiatives setting privacy standards. The World Wide Web Consortium put forth the Platform for Privacy Preferences, known as P3P, which allows users to set preferences that reflect the information they are willing to release when visiting a web site. Netscape put forth the Open Profiling Standard, currently the base of P3P, which purports to allow information exchange in a convenient and secure manner given a match between a user's preferences and a site's practices. The Electronic Frontier Foundation put forth TRUSTe, which uses a "seal of approval" to inform web browsers of a web site's privacy policy. (details)
    • P3P in a Nutshell, Joseph Reagle and Lorrie Faith Cranor
      P3P is a developing specification that allows end-users to select privacy preferences about the type and amount of data they want to share with web site operators. Sites whose privacy practices fall within the range of a user's preference will be accessed "seamlessly"; otherwise users will be notified of a site's practices and have the opportunity to either agree to those terms or
      continue browsing elsewhere. (details)
    • Euro Commission Plays Down Opinion on Privacy Standards, Elizabeth de Bony
      The European Union has voiced concerns about the compatibility of P3P with the EU's data protection directive. (details)
    • Proposed Standards Fail to Please Advocates of Online Privacy, Jeri Clausing
      This article shows what some of the critics of P3P have to say. One feels that the only way to protect consumers is through strong privacy laws like the European Union directive. (details)
    • TRUSTe
      The TRUSTe program hinges on the trustmark, an online branded symbol that signifies a web site has made a commitment to disclose its privacy practices. A click on the trustmark will bring up the site's privacy statement. To ensure that privacy principles and disclosed practices are met, the program is backed by a multi-faceted assurance process. Two similar programs include BBBOnline ( and PNI ( (details)
    • Privacy Watchdog Declines to Pursue Microsoft, a Backer, Jeri Clausing
      New York Times, March 23
      Abstract: TRUSTe, a third-party provider of "privacy seals of approval" for the web, rebuked Microsoft but did not audit the company for its use of a Global User Identification number.

    Berkman Center for Internet & Society