Internal Market and Financial Services

Free movement of information, company law and financial infommation

Free movement of information and data protection, including international aspects

XV D/5032/98

WP 11

Working Party on the Protection of Individuals
with regard to the processing of Personal Data


Platform for Privacy Preferences (P3P)
and the Open Profiling Standard (OPS)

Adopted by tile Working Party on 16 June 1998

Platform for Privacy Preferences (P3P) and the Open Profiling Standard (OPS)

Draft Opinion of the Working Party

The Platform for Privacy Preferences Project (P3P) conceives of privacy and data protection as something to be agreed between the Internet user, whose data are collected, and the website that collects the data. The philosophy is based on the idea that the user consents to the collection of his personal data by a site (the Open Profiling Standard is intended to provide for secure transmission of a standard profile of personal data), provided that the site's declared privacy practices, such as the purposes for which data are collected and whether or not data are used for secondary purposes or passed on to third parties, satisfy the user's requirements. The World Wide Web Consortium has sought to develop a single vocabulary through which a user's preferences and the site's practices are articulated. The possibility of adapting this vocabulary to the needs and regulatory context of specific geographic regions is not envisaged. Surprisingly, given the intention that P3P be applicable worldwide, the vocabulary has not been developed with reference to the highest known standards of data protection and privacy, but has instead sought to forrnalise lower common standards. These policy decisions mean that the implementation of P3P and OPS within the European Union is likely to raise a number of specific problems, which are discussed below. If P3P and OPS are to have a positive impact on privacy protection in the on-line environment, it is essential that these issues are addressed.

Given the importance of tile implementation process of P3P and OPS, and the separate issues currently under consideration by the Working Party in relation to the functionality of web protocols (HTTP), the Working Party encourages the development of Internet software consistent witll tile data protection rules applicable in the European Union and considers tllat it would be appropriate to develop mechanisms to verify the conformity of Internet software in this regard.

1This is without prejudice to a more detailed examination of Article 4 of directive 95/46/EC, which could be construed as rendering the directive applicable to third country websites collecting data from EU-based users.