22 Pages Posted: 28 Oct 2002 Last revised: 15 May 2014
Date Written: August 30, 2002
The Platform for Privacy Preferences (P3P) is a W3C specification that provides a standard computer-readable language for web sites to encode their privacy policies. This standardization allows for the creation of web browsers and other user agents that can display privacy warnings and signals that are meaningful to users or that automate actions in accordance with user instructions. This paper shows that P3P user agents will necessarily include judgmental design decisions and that the accuracy of the P3P user agent interactions becomes a critical matter. The accuracy of P3P user agents raises significant legal concerns about privacy agreements, inadvertent deception, and liability. The technological mediation designed to make it easier for users to understand the privacy practices of web sites risks adding ambiguity, confusion and legal uncertainty. This paper argues that one way to avoid having privacy practices represented inaccurately by P3P user agents is to certify P3P user agents for the accuracy of their representations of web site P3P policies. While there are some things that P3P user agents might do that would be readily identified as inaccurate or misleading, there is a large gray area in which user agents might present factual information side-by-side with subjective judgments. These judgments may be deemed misleading by some people but not others. Many of the issues raised here are new, but this is not likely to be the last time that these issues arise. As work progresses on computer-mediated search and negotiation technologies with a wide variety of applications, these issues are likely to surface repeatedly. In this paper we explore these issues and suggest some possible solutions, as well as a number of open questions.
Keywords: Internet, privacy, P3P, user agent, web site, code, standardization, contract, misrepresentation, deception, negligence
JEL Classification: K10, K12, K13, K20, K30
Suggested Citation: Suggested Citation
Reidenberg, Joel R. and Cranor, Lorrie Faith, Can User Agents Accurately Represent Privacy Policies? (August 30, 2002). Available at SSRN: https://ssrn.com/abstract=328860 or http://dx.doi.org/10.2139/ssrn.328860