IP: P3P, IE6 and Legal Liability: [risks] Risks Digest 21.82

[David Farber <dave () farber net>]

Date: Mon, 10 Dec 2001 10:07:12 -0500
From: Ben Wright <Ben_Wright () compuserve com>
Subject: P3P, IE6 and Legal Liability

Privacy filters in Microsoft's new Internet Explorer 6 pose for Web
administrators an unexpected legal predicament.

The filters force administrators to post new privacy policies for their Web
sites, coded in a technical language called P3P.   The filters punish
administrators who fail to publish properly coded P3P privacy policies by
blocking or impeding their cookies.

The P3P coding language raises, for any corporation, government agency or
other institution that uses it, a lawsuit danger.  A privacy policy written
in it exposes the organization to liability, with little or no escape.

A privacy policy, even one written in computer codes, can be legally
enforceable like a contract.  In lawsuits filed in 1999, plaintiffs forced
US Bancorp to pay $7.5 million for misstatements in a privacy policy posted
on its Web site.

Web administrators face a dilemma.  They want to satisfy IE 6's technical
requirement for P3P codes, but they also want to sidestep liability.  See
Webserver Online Magazine article:
  http://webserver.cpg.com/news/6.12/n5.shtml

One solution is to deploy dummy P3P codes, with an extra legal code that
disavows any liability for the codes, as explained at
http://www.disavowp3p.com.

P3P is the Platform for Privacy Preferences, developed under the sponsorship
of a non-profit organization named the World Wide Web Consortium (also
called W3C) http://www.w3.org/p3p, a coalition of industry and non-profit
groups.

--Ben Wright  ben_wright@comp

For archives see:
http://www.interesting-people.org/archives/interesting-people/