Enhancing Web privacy protection through declarative policies

The platform for privacy preferences (P3P) is a W3C framework for Web privacy management. It provides a standard vocabulary that Websites can use to describe their privacy practices. The presence of Web site published P3P policies enable users to configure Web browsers to allow, block or warn users during access and data exchange with Websites. It´s a good idea that unfortunately is rarely used. We identify three primary reasons: (i) the languages available to describe user privacy preferences are not sufficiently expressive, (ii) P3P policies published by Web sites are not trusted by users and (iii) P3P framework does not provide a coherent view of available privacy protection mechanisms to the user towards addressing these issues; we present enhancements to the P3P framework. We use a more expressive policy language based on deontic concepts to describe user privacy-related policies, constraints and preferences. We introduce a new trust model for Websites and describe its use in user privacy preferences. Finally, we present sample policies to demonstrate the relevance of our work and offer it as an effective starting point towards enhancing Web privacy management.