|
International Working Group on Data Protection in Telecommunications
Common Position
on
Essentials for privacy-enhancing technologies (e.g. P3P) on the WorldWideWeb
adopted at the 23rd Meeting in Hong Kong SAR, China
15 April 1998
The International Working Group on Data Protection in Telecommunications supports any effort to develop technologies which help to improve the protection of user privacy in the WorldWideWeb.
In this respect the Working Group has with particular interest at its 22nd meeting in Berlin on 2 September 1997 and at its 23rd meeting in Hong Kong on 14 April 1998 taken note of the Platform for Privacy Preferences Project (P3P) which is currently promoted by the WorldWideWeb Consortium.
While a number of technical details still need to be clarified, including the extent to which issues such as security, data quality, periods of retention and access and correction are dealt with, the Working Group wishes to set out the following essential conditions that should be met by any technical platform for privacy protection on the WorldWideWeb with the objective of avoiding a systematic collection of personal data:
1. Technology cannot in itself be the solution for securing privacy on the Web. It needs to be applied according to a regulatory framework (enshrined in law as well as contracts and codes of conduct providing similar guarantees in terms of their enforcement, including sanctions and an effective and independent auditing system and legal recourse for the individual).
2. Any user should have the option to browse the Web anonymously. This applies also to the downloading of information in the public domain. Personal information should in this case only be processed as long as the user is reading the website, except for the connection data so far as necessary for the purpose of security.
3. Before personal data, in particular those disclosed by the user, are processed by the provider of a website, the user's informed consent is necessary. Moreover, certain non-waivable groundrules should be built into the default configuration of the technical platform. Personal data must not be transmitted to a website in an automatic procedure, without prior notification to the data subject who should always have the option to block the transmission.
4. The implementation of the P3P-Project will be of crucial importance and needs to be closely monitored.
|