22.1. IntroductionAlan Westin defines privacy as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." He goes on to explain that "each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others, in light of the environmental conditions and social norms set by the society in which he lives."[2] Westin's definition envisions an individual actively involved in a decision-making process. It assumes a certain level of individual awareness of the consequences of both disclosing and not disclosing personal information, and the ability to effectively control whether information is disclosed. In practice, individuals are often unable to make such informed decisions or to take the necessary actions to control information disclosure because they lack knowledge about how their personal information may be used and how they can exercise control.
Privacy policies have emerged as mechanisms for communicating about information collection and use. On the World Wide Web, privacy policies have been widely adopted. These policies are encouraged by consumer and industry groups, and in some jurisdictions are even required by law. The purpose of these policies is to inform web site visitors about how sites will use their personal information and what choices are available to them. Thus, individuals should be able to gather the information they need to take advantage of privacy-related options at the sites they visit and to choose sites based on their privacy policies. Unfortunately, while many privacy policies are posted, in practice few are read.[3] Studies have shown that consumers find privacy policies time consuming to read and difficult to understand,[4] and readability experts have found that privacy policies typically require college-level reading skills to comprehend.[5] In addition, privacy policy formats are not standardized, making comparisons between policies difficult. Consumers who do read these policies are also frustrated by the fact that they may change unexpectedly.
When personal information is collected electronically, the potential exists to automate the process of informing individuals about how that information will be used and to give them tools to automate their ability to exercise controls. We can imagine a world in which all web sites and electronic forms are accompanied by privacy policies,[6] and all RFID readers,[7] video surveillance cameras,[8] and other automated personal data collectors broadcast privacy policies that can be understood and acted upon by personal electronic agents. In order to realize this vision, we need standards for encoding and transferring privacy policies and electronic agents that have the ability to understand their users' privacy needs.[9]
In the next section, I discuss the Platform for Privacy Preferences (P3P), which provides a standard mechanism for encoding and transferring web site privacy policies. In the two sections that follow, I describe the design and evaluation of a P3P user agent called Privacy Bird that can read and interpret P3P-encoded privacy policies and compare them with an individual's privacy preferences. Finally, I return to the vision introduced here and discuss ways that P3P might evolve to bring us closer to that vision. |