Microsoft and Electronic Frontier Foundation Propose Solutions For Simplifying Adoption of Internet Privacy Standards

WASHINGTON, April 6, 1999 — Microsoft Corp. and the Electronic Frontier Foundation (EFF) today jointly announced newly proposed guidelines for the Privacy Preferences Project (P3P) at the Computers, Freedom and Privacy conference, an annual gathering of Internet policy-makers and the Internet industry. The new technology and standards-based solution is designed to accelerate the widespread adoption of P3P, a privacy framework that puts people in control of their personal information and makes the Web a safer place for commerce. The proposed guidelines, which will be submitted to the World Wide Web Consortium (W3C), simplify the process by which Web sites of all sizes can post privacy policies, and make privacy and security a central part of e-commerce transactions.

“Creating solutions that accelerate the development of a standards-based ‘trust’ infrastructure will build people’s confidence in the Internet as a global medium for communications and commerce,”
said Bob Herbold, executive vice president and chief operating officer at Microsoft.
“Over the last two years, Microsoft has been working closely with EFF and other standards groups, industry organizations and leading businesses to advance the development of a trusted Internet infrastructure. We believe this joint proposal is a great example of how the industry, working with the privacy community, can develop a technology-based solution that also incorporates thoughtful policy-based guidelines.”

Recent surveys have confirmed that privacy is the No. 1 concern for people using the Internet today, and a study announced last week that was conducted by the Information Technology Association of America and Ernst & Young showed that respondents believe privacy is a top barrier to the continued growth of e-commerce. However, only 14 percent of Web sites disclose their privacy and information practices, a situation particularly prevalent among small Web sites, according to a survey conducted by the Federal Trade Commission (FTC) last year. (FTC’s study, Privacy Online: A Report to Congress, June 1998, is available online at .)

“E-commerce and privacy go hand in hand,”
said Tara Lemmey, president and executive director of EFF.
“Any Web site that collects people’s personal information has a responsibility to disclose how it is using that information. But creating a trust framework that gives users control over their information, yet is flexible enough to adapt to various local policy requirements, is a real challenge. These standards and guidelines are the next step toward making this happen.”

Simplifying the Adoption of the P3P

The P3P specification is designed to enable Web sites to express their privacy practices and users to exercise preference over those practices, but until now it has been very difficult for P3P to be implemented on Web sites. Microsoft and EFF’s proposed P3P guidelines are intended to simplify the process by which P3P-ready privacy policies can be created and posted. A P3P-based privacy statement is an Extensible Markup Language (XML) document that states the information practices of a Web site or page. In addition, because it is a structured expression of a Web site’s privacy practices, it can be easily interpreted by software. It is designed to provide Web site owners with an easy way to do the following:

  • Create and publish their privacy practices in both human and machine-readable format, using structured XML syntax

  • Lay a foundation for Internet clients and navigation services to notify customers of their privacy practices

  • Subscribe to independent enforcement and appropriate regulatory bodies

Making P3P Available to Small Businesses and Web Site Owners

The first application of the P3P syntax to privacy statements will be available as a Web-based service called the Privacy Wizard. It is a simple-to-use and easy-to-implement privacy solution for Web site owners who have limited technical and policy resources. The Privacy Wizard was developed by Microsoft and TRUSTe, a nonprofit organization dedicated to building consumer trust on the Internet, and will be available by the end of the week through MSN TM LinkExchange ( ). MSN LinkExchange is a provider of services that helps small businesses and Web site owners promote, improve and earn revenues from their Web sites.

Simplifying the Creation and Use of Privacy Policies

The structured format of the P3P privacy statement will help developers create the next generation of privacy-enabled Internet applications and services, such as these:

  • Wizards to help businesses write privacy statements

  • Search services that bring Web sites with preferred practices and trust seals to a user’s attention

  • Client software that displays a site’s privacy statement in a language or form preferred by the user

P3P E-Commerce Data Schema and Privacy Guidelines

Microsoft and EFF will also submit a new P3P data schema for e-commerce to the W3C. Developed in collaboration with a group of industry-leading companies, this schema will address one of the most popular and important uses of the Internet: facilitating trusted e-commerce between consumers and merchants. An accompanying set of privacy and security guidelines help Web sites implement the schema in a way that will make e-commerce safer for consumers. The guidelines call for Web sites to do the following:

  • Implement and disclose a P3P privacy policy governing the use of the requested
    e-commerce information

  • Ensure that the privacy policy adheres to guidelines appropriate to their business as outlined by a recognized industry association or nongovernmental organization

  • Abide by appropriate privacy-enforcement mechanisms (e.g., TRUSTe, BBBOnline, the European Union Data Directive, national law)

More information about the development and deployment of practical solutions for online privacy can be found in a case study, co-authored by EFF, Microsoft, and Ernst and Young, titled
“Architecture Is Policy: Cooperative Development as a Means for a Standards-Based Implementation for Privacy on the Internet”
( ).

About EFF

The Electronic Frontier Foundation (EFF) is one of the leading civil liberties organizations devoted to preserving civil rights and promoting civil responsibility on the Internet. EFF works to ensure that the Internet remains a global vehicle for free expression and that the privacy and security of online communication is preserved. Founded in 1990 as a nonprofit, public interest organization, EFF is based in San Francisco. EFF maintains an extensive archive on civil rights and responsibilities, privacy, and free expression at .

About Microsoft

Founded in 1975, Microsoft (Nasdaq
) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day. For more information about efforts Microsoft has made to protect personal privacy online, please visit .


Microsoft and MSN are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

Other product and company names herein may be trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at on Microsoft’s corporate information pages.

Related Posts