Press Release

July 16, 1999
New Media Development Association
Electronic Network Consortium

Privacy Information Management System P3P is Now Available on the Internet
Toward User-Oriented E-Commerce


The Internet has no structure which lets users know precisely and easily if online service providers properly manage privacy information. Thus, users are exposed to substantial risk when they make e-commerce transactions.

To change this situation, the Electronic Network Consortium (chairman : Kakutaro Kitashiro) announced the Guideline For Protecting Personal Data In Electronic Network Management in February 1994 and revised this document in December 1997. The consortium has been requesting that online service providers refer to this guideline in order to manage and protect privacy information properly.

In support of this effort, the New Media Development Association (chairman : Masao Kamei), which acts as the Consortium's secretariat, has developed the Privacy Information Management System P3P as a part of the Advanced Information System Development Validation Project implemented by Information-Technology Promotion Agency and funded by the Ministry of International Trade and Industry. Privacy Information Management System P3P enables selective and subjective transactions of privacy information on the Internet based on users' approval. This system is available online from today.

Privacy Information Management System P3P aims to support e-commerce and ensure privacy protection at the same time. This is the first system in the world based on the standard specification P3P (Platform for Privacy Preferences) developed by the WWW Consortium (W3C).

1.Background

It is now becoming possible to rapidly process large amounts of privacy information thanks to the swift development of information technology and the expansion of open networks such as the Internet in recent years. These changes are causing significant violations of privacy, including the misuse and leakage of privacy information.

The Japan Information Processing Development Center (JIPDEC) established the System for Granting Marks of Confidence for Privacy Protection in April 1997. This system grants a privacy mark to private enterprises that have sufficient measures for appropriately protecting privacy information. A Japanese Industry Standard (JIS) for privacy information protection was also implemented in March 1999. Today, the importance of privacy information protection is more widely recognized than ever before.

Nevertheless, there is no structure on the Internet which lets users know precisely and easily if online providers properly manage privacy information, so users are forced to bear major risks when they engage in e- commerce.

To change this situation, the Electronic Network Consortium (chairman : Kakutaro Kitashiro) announced the Guideline For Protecting Personal Data In Electronic Network Management in February 1994 and revised this document in December 1997. The consortium has been requesting that online service providers refer to this guideline in order to manage and protect privacy information properly.

In support of this effort, the New Media Development Association (chairman : Masao Kamei), which acts as the consortium's secretariat, has developed the Privacy Information Management System P3P as a part of the Advanced Information System Development Validation Project implemented by Information-Technology Promotion Agency and funded by the Ministry of International Trade and Industry. Privacy Information Management System P3P enables selective and subjective transactions of privacy information on the Internet based on users' approval. This system is available online from today. Opinions and comments from users are welcomed.

2. Privacy Information Management System P3P

With Privacy Information Management System P3P, the intended use and disclosure range of privacy information can be clearly shown to users when Web sites on the Internet collect privacy information. This allows users to give privacy information to sites only when they consent to proposals.

This informed consent for privacy information disclosure and collection is performed when users automatically indicate consent, partial consent, or rejection or make their own offers and to Web sites that show the nature of collected information, its intended use, and the range of collected information.

This is the first system in the world based on the standard specification P3P version of November 1998 developed by W3C. This is also the privacy information management system supported by AT & T, IBM, AOL, and other leading enterprises, and is regarded as a de facto world standard.

3. Functions of Privacy Information Management System P3P

The functions distributed online now are mainly those adopted by Web sites (CGI authoring tools) and those adopted by Web browsers (Preference Bureau/User Agent).

Web site administrators can easily make privacy information proposals that show the intended use and the disclosure range using authoring tools. In addition, Privacy Wizard (OECD version, P3P version) enables them to easily create a privacy policy. The distributed authoring tools operate on Windows 95/98 and Windows NT.

The Preference Bureau is installed in PCs on which Web browsers operate and enables users to set their own privacy information settings in advance. Preferences indicate the principles that stipulate privacy information disclosure for Web sites, the intended use of this information and its disclosure range. To set preferences, users should enter the Intended Use of Privacy Information sent to Web sites as well as Disclosure Range and should decide if they will allow the information to be used as Information to Specify Individuals for each Privacy Information Category. Because such settings are quite complicated, P3P has 4 preferences (No privacy, Basic, Standard, Full) so that users can choose one setting, ranging from full disclosure to complete refusal to provide privacy information.

User Agent automatically collates Web site proposals with users' preferences so as to decide if they consent to Web site proposals. When they do, User Agent will send the information to the Web site. It also has a function to show the Web site proposals on the Web browser so that users can read them. This enables the transmission of privacy information to Web sites after users consent to each proposal.

Preference Bureau and User Agent can be installed in proxy servers in offices and schools as well as in individual PCs. Therefore, it is unnecessary to install them in each PC used by students or office staff. This also makes it possible to intensively manage the privacy information of many users (students or employees). These functions operate on Windows 95/98 and Windows NT. Operation in a Linux environment is planned.

4. Advantages of Introducing P3P

Using Proposal and User Agent, Web site administrators can show users their privacy policy based on the templates of the OECD and other organizations when they collect or request privacy information. The privacy policy will describe which kind of privacy information they collect, how they use collected information, to whom the information will be given, how they deal with privacy protection, how to contact with them, and other related matters. Internet users will be able to select, consent to, or refuse privacy information requests after reading the privacy policy. This is the first advantage.

After registering a Privacy Statement describing privacy policy in the separately established Site Bureau, users can check through the User Agent to see that it is not changed and not used on a malicious Web site. If a third party that guarantees Web site reliability exists and administers the Site Bureau, the Internet user can check if the Web site is guaranteed or not.

Web site administrators also can take advantage of the introduction of P3P. They will be able to customize Web pages for users (Dynamic content creation). For example, when an enterprise has a shopping site on the Internet, it is effective to change information on goods, taking users' ages and other specifications like gender into consideration. It is also convenient for users. For instance, both hosts and users hope that information on youth-oriented goods are shown to younger generations, rather than information on goods for middle-aged consumers.

5. Demonstration and Future Plans

The functions adopted by Web sites and Web browsers are distributed online as of today. Users' feedback is welcomed. The New Media Development Association will demonstrate the advantages of P3P introduction. An online shopping site using P3P is also available on the WWW in collaboration with the Echigo Traditional Sake Association so that many Web site administrators and Internet users will have the chance to become more familiar with P3P. (Please click here to see more information.)

In the future, we will broadly call for introduction of P3P to Web sites whose administrators recognize the importance of privacy protection and we plan to link the Site Bureau with the JIPDEC System for Granting Marks of Confidence for Privacy Protection. We will also contribute to the standardization effort of P3P by W3C, making use of the P3P development results.

For further information, please contact to:
Shimizu
New Media Development Association
Mita 1-4-28 Mita-kokusai bldg. 23 F
Minato-ku Tokyo108-0073, Japan
Tel +81-3-3457-0671
Fax +81-3-3451-9604
E-mail p3p-info@nmda.or.jp


Return to ENC Home Page
e-mail address p3p-info@nmda.or.jp
(c)1999 ELECTRONIC NETWORK CONSORTIUM