Can User Agents Accurately Represent Privacy Policies?

22 Pages Posted: 28 Oct 2002 Last revised: 15 May 2014

See all articles by Joel R. Reidenberg

Joel R. Reidenberg

Fordham University School of Law

Lorrie Faith Cranor

Carnegie Mellon University - School of Computer Science and Carnegie Institute of Technology

Date Written: August 30, 2002

Abstract

The Platform for Privacy Preferences (P3P) is a W3C specification that provides a standard computer-readable language for web sites to encode their privacy policies. This standardization allows for the creation of web browsers and other user agents that can display privacy warnings and signals that are meaningful to users or that automate actions in accordance with user instructions. This paper shows that P3P user agents will necessarily include judgmental design decisions and that the accuracy of the P3P user agent interactions becomes a critical matter. The accuracy of P3P user agents raises significant legal concerns about privacy agreements, inadvertent deception, and liability. The technological mediation designed to make it easier for users to understand the privacy practices of web sites risks adding ambiguity, confusion and legal uncertainty. This paper argues that one way to avoid having privacy practices represented inaccurately by P3P user agents is to certify P3P user agents for the accuracy of their representations of web site P3P policies. While there are some things that P3P user agents might do that would be readily identified as inaccurate or misleading, there is a large gray area in which user agents might present factual information side-by-side with subjective judgments. These judgments may be deemed misleading by some people but not others. Many of the issues raised here are new, but this is not likely to be the last time that these issues arise. As work progresses on computer-mediated search and negotiation technologies with a wide variety of applications, these issues are likely to surface repeatedly. In this paper we explore these issues and suggest some possible solutions, as well as a number of open questions.

Keywords: Internet, privacy, P3P, user agent, web site, code, standardization, contract, misrepresentation, deception, negligence

JEL Classification: K10, K12, K13, K20, K30

Suggested Citation

Reidenberg, Joel R. and Cranor, Lorrie Faith, Can User Agents Accurately Represent Privacy Policies? (August 30, 2002). Available at SSRN: https://ssrn.com/abstract=328860 or http://dx.doi.org/10.2139/ssrn.328860

Joel R. Reidenberg (Contact Author)

Fordham University School of Law ( email )

140 West 62nd Street
New York, NY 10023
United States
212-636-6843 (Phone)
212-930-8833 (Fax)

HOME PAGE: http://faculty.fordham.edu/reidenberg

Lorrie Faith Cranor

Carnegie Mellon University - School of Computer Science and Carnegie Institute of Technology ( email )

5000 Forbes Avenue
Pittsburgh, PA 15213
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
337
Abstract Views
3,899
Rank
163,377
PlumX Metrics