Re P3P and liability ([dave () farber net: IP: P3P, IE6 and Legal Liability: [risks] Risks Digest 21.82])

[David Farber <dave () farber net>]

> Date: Fri, 14 Dec 2001 18:08:56 -0800
> From: Seth David Schoen <schoen () eff org>
> To: eff-priv () eff org
>
>
> This is actually an ad for an article its author is selling about how
> to avoid legal liability for claims made with P3P.
>
> My main concern with P3P was that it wasn't clear to me that a P3P
> document was a valid contract, and not clear that it could be enforced
> (or would actually be monitored by anyone).  The structure of P3P is
> approximately that a web server can send you a structured document
> which means something like "On my honor as an HTTP/1.1 server, I
> promise not to share personally identifiable information with any
> other companies".
>
> It's hard for me to see what the right way of doing this is.  On the
> one hand, it's nice to have a formal language for talking about
> privacy policies (although it could be argued that very few people
> think about their privacy in terms which map strictly into the P3P
> language).  On the other hand, the legal liability and enforceability
> issues are huge, almost the whole point, and W3C deliberately declines
> to address them (much like the folks at CPTWG saying "We're going to
> make up a technical architecture for broadcast video copy protection,
> and not talk about how it's going to be enforced").
>
> P3P is parallel to PICS, in many ways -- it was organized as a
> "voluntary" "interindustry" "consensus" "solution" (and both are open
> standards).  Both schemes rely on publishers to make certain
> representations about themselves in a formal language, assume that
> users' software will explain the policies to the users (and possibly
> not allow the users to communicate with sites which don't make
> statements about their policies).

For archives see:
http://www.interesting-people.org/archives/interesting-people/