From P3P to Data Licenses

  • Shi-Cho Cha
  • Yuh-Jzer Joung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2760)


P3P provides a standard means for Web sites to disclose their privacy policies when they need users’ personal data for processing. A user can then decide whether or not to provide personal data to the sites based on the disclosed policies. The decision process can also be made automatic through an agent or browser via the privacy preferences set by the user. As can be seen, however, this mechanism cannot guarantee that Web sites do act according to their policies once they have obtained user’s personal data. In light of this, we proposed a new technical and legal approach, called Online Personal Data Licensing (OPDL). The idea is that the use of a person’s data must be authorized by the person through the issue of data licenses. Licenses can then be checked to prevent personal data from being misused. This paper focuses on the implementation of OPDL. As P3P provides a standard format for expressing privacy practices about personal data, we use it here to implement data licenses.


Service Provider Personal Data Security Policy User Agent Digital Right Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: Platform for Privacy Preference (P3P). In: W3C Recommendations (2002), Retrieved from
  2. 2.
    EPIC, Junkbuster: Pretty poor privacy: An assessment of p3p and internet privacy (2000),
  3. 3.
    Isenberg, D.: The GigaLaw—Guide to Internet Law. Random House Trade Paperbacks (2002)Google Scholar
  4. 4.
    Cha, S.C., Joung, Y.J.: Online Personal Data Licensing. In: Proceedings of the 3rd International Conference of Law and Technology (LAWTECH2002), pp. 28–33 (2002)Google Scholar
  5. 5.
    TRUSTe: (2002), Retrieved from
  6. 6.
    Benassi, P.: TRUSTe: an online privacy seal program. Communications of the ACM 42, 56–59 (1999)CrossRefGoogle Scholar
  7. 7.
    for Economic Cooperation, O., (OECD), D.: Guidelines on the protection of privacy and transborder flows of personal data. Committee for Information, Computer, and Communication Policy (1980)Google Scholar
  8. 8.
    U.S. Federal Trade Commission: Privacy online: a report to congress (1998), Retrieved from
  9. 9.
    U.S. Department OF Commerce: Safe harbor privacy principles (2000),
  10. 10.
    European Comission: Platform for privacy preferences and the open profiling standard. Draft opinion of the working party on the protection of individuals with regard to the processing of personal data (1998),
  11. 11.
    World-Wide Web Consortium: W3C publishes first public working draft of P3P 1.0 (1998),
  12. 12.
    Hensley, P., Metral, M., Shardanand, U., Converse, D., Meyers, M.: Proposal for an open profiling standard. In: W3 Consortium (1997), available as
  13. 13.
    Kristol, D.M.: HTTP Cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology (TOIT) 1, 151–198 (2001)CrossRefGoogle Scholar
  14. 14.
    W3C: Removing data transfer from P3P (1999), Retrieved from
  15. 15.
    US Department of Defense: Trusted Computer System Evaluation Criteria. Technical Report 5200.28, US Department of Defense (1985)Google Scholar
  16. 16.
    Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World. Prentice Hall, Englewood Cliffs (2002) ISBN: 0-13-046019-2Google Scholar
  17. 17.
    Calder, A., Watkins, S.: IT Governance: Data Security & BS 7799/ISO 17799. Kogan Page Ltd. (2002) ISBN: 0-7494-3845-2Google Scholar
  18. 18.
    Cranor, L., Langheinrich, M., Zurich, E.: A P3P Preference Exchange Language 1.0 (APPEL1.0). In: W3C Working Draft (2002), Retrieved August 20, (2002) from
  19. 19.
    Boyer, J.: Canonical XML. W3C Recommendation Version 1.0, W3C (2001)Google Scholar
  20. 20.
    Sonera Plaza Ltd MediaLab: Digital Rights Management white paper. Technical report, Sonera Plaza Ltd. (2002),
  21. 21.
    Microsoft Corporation: Windows Media Rights Manager 9 series - Live DRM. Technical report, Microsoft Corporation White Paper (2002),
  22. 22.
    IBM Corporation: Electronic Media Management System. Technical report, IBM Corporation (2000),
  23. 23.
    Ayars, J.: XMCL - the eXtensible Media Commerce Language. W3c note, W3C (2002)Google Scholar
  24. 24.
    ContentGuard: XrML 2.1 overview. Technical report, ContentGard (2002)Google Scholar
  25. 25.
    Lessig, L.: Code and other Laws of Cyberspace. Basic Books, New York (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Shi-Cho Cha
    • 1
  • Yuh-Jzer Joung
    • 1
  1. 1.National Taiwan UniversityTaipeiTaiwan

Personalised recommendations