Attention: open in a new window.

P3P

What is P3P?

The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit.

Why would I need it at my site?

By Default IE is at best set to Low; which means that unless you have a P3P Policy at your site, IE will block all your Cookies; yes; it blocks them as in they do not work.

Now you could ask your users to change their settings to Accept all cookies; you might get a few of them to do that; but why would you want to? Just because your too lazy to create a P3P Policy?

In this Example I'm going to setup a P3P Policy to Collect only Customization Data; no person data; so it will work from Low to High

If they Block all cookies; there is nothing you can do; but not that many people are going to do something that stupid.

Setting it to High: Note that the higher the setting the more restrictive it is; but for our example of collecting data just for customization; it will still work.

Setting it to Medium High: Still works

Setting it to Medium: Still works

To get started: First download a P3P Editor; I'm only going to use this Java Application "P3P Policy Editor" at IBM's web site; I've used it and it works great; so lets get started.

Download P3P Editor Here

You have to have Java on the machine you are using to run this; then just click on the p3p.jar file to run the App.
The first time we run it we will create a blank policy.
Click on the Menu Item Policy and click on Policy Properties.

Now fill out each field.
Note: If you put bogus Information into this Policy you will create a Policy that can not be Trusted; if you care if people can Trust your site; only put Correct Information in here.

On the Web Sites Tab make sure you fill out the Policy Name; you need to remember this for later when we need to reference it.

Note: URL of human-readable privacy policy: If you are using the Binary Bit Flesh template you can just make a link to it's Privacy Statement; otherwise you will have to create one and link to it from your web site.

Now we need to set the Access Permissions; I'll pick Other Information for this Example.

Assurances is a third party arbitrator.
I strongly suggest you learn more about this option; it is beyond what I want to do in this Example; but very important to creating a Trusted site.

We will set this Policy to expire at the end of time.
Note: On the day after this end of time date; you will want to pick another date; like 25 Dec 2038.

Now right click on the New Group icon and click on Properties.
We want to name the Group something descriptive; in this case Custom; and give a good reason to collect the data.

For this Example we are only collection data for Site Customization.

We are only collecting the data for our site

And since we are collecting it to the end of time; we want to set it to Indefinitely.

Now we need to add a Data Element for HTTP Cookies.
Expand the Dynamic Data Elements and Drag and Drop the "HTTP Cookies" element onto the Custom Group

Now Save it.
Now Create a folder "w3c" in the root of your web site and upload it there.

Now click on Create Policy Reference File and we will chose One policy for this example.

Now type in the URL of your web site, the w3c folder and the name of the p3p file we saved above and a hash # sign.

Now Remember the name of the Policy I said you'd need to remember? Type it in here.

Now save it; do not rename it; very important; this will not work if you rename it. Now upload this to w3c folder also.

That is a very cut and dry bare bones setup; but its good enough to work. I urge you to fix all errors in the error tab if any exist.

Test it in IE6, IE7 and IE8.