Privacy Policy Negotiation at User’s Side Based on P3P Tag Value Classification

Concerns of users about privacy of their personal data are of higher and higher importance to online Service Providers (SPs), as they turn into a major barrier for broad acceptance by users of services that are known to collect and utilize their personal data. With the P3P standard (Platform for Privacy Preferences), in the context of web-based applications, users are allowed to keep control over the collection, use and sharing of their personal data. However, P3P still lacks a negotiation mechanism. In this paper, we address this limitation by proposing a novel scheme to permit users to automate the negotiation of the privacy terms related to their personal data in transactions. The original idea of our contribution is to establish a classification of P3P tag values, and to define negotiation rounds and phases during which the user is able to compare his privacy preferences against the set of privacy policies provided in order of preference by the SP. For that purpose, we extended the expressiveness of the P3P and XACML languages that help users and SPs to define in an orderly way their privacy preferences / policies for the same transaction. For illustration purpose, we designed a user interface for users to define their preferences according to the classification, and we proved the feasibility of the negotiation scheme through a simple prototype. Keywords— Privacy, privacy policy, negotiation, classification of