posted on 2008-01-01, 00:00authored byLorrie F Cranor, Serge Egelman, Steve Sheng, Aleecia M McDonald, Abdur Chowdhury
We studied the deployment of computer-readable privacy policies encoded using
the standard W3C Platform for Privacy Preferences (P3P) format to inform
questions about P3P’s usefulness to end users and researchers. We found that P3P
adoption is increasing overall and that P3P adoption rates greatly vary across industries.
We found that P3P had been deployed on 10% of the sites returned in the
top-20 results of typical searches, and on 21% of the sites returned in the top-20
results of e-commerce searches. We examined a set of over 5,000 web sites in both
2003 and 2006 and found that P3P deployment among these sites increased over
that time period, although we observed decreases in some sectors. In the Fall of 2007
we observed 470 new P3P policies created over a two month period. We found high
rates of syntax errors among P3P policies, but much lower rates of critical errors
that prevent a P3P user agent from interpreting them.We also found that most P3P
policies have discrepancies with their natural language counterparts. Some of these
discrepancies can be attributed to ambiguities, while others cause the two policies
to have completely different meanings. Finally, we show that the privacy policies of
P3P-enabled popular websites are similar to the privacy policies of popular websites
that do not use P3P.