[uf-new] RFC on privacy policy microformat loosely based on p3p

Gordon Oheim go at omnia-computing.de
Wed Feb 21 05:32:55 PST 2007

Hi all,

My name is Gordon. My company develops websites and webapplications and
infrastructure solutions in Germany.
I am writing to get some feedback on a new microformat in planning. The
aim of this microformat is to inform visitors of a website about the
data collection/privacy policy of a website.

The background (and problem) for this microformat is a new law in
Germany (the "Telemediengesetz"), which demands website owners to
provide a policy about what data is collected about the user during his
visit, by whom it is collected, for how long and why and how this data
is used. This applies to personal data as well as connection data. The
policy has to be presented before any data collection takes place. Since
this is virtually impossible and heavily debated atm, I was looking for
something to get close to this requirement.

P3P policies might be one close solution, but its a hassle to implement
and for small and medium sized businesses or even private website owners
it is overkill. Forcing visitors to read any policies before they can
access the content on site doesn't appear too user-friendly to me
either. I need something simple, but effective.

So I developed a small matrix to structure our policy information in
compact form.
This matrix is composed of three main elements "personal-data",
"connection-data" and "cookie-tracking".
For all those elements we get the attributes "collected" (indicating
when), "duration" (indicating how long) and "access" (indicating who can
access this data).
All attributes can have several values: collected can be "always",
"never", "opt-in" or "opt-out" and duration can be "once", "timed",
"indefinite" and access can be "company", "isp" and "3rd party".
Since this is just a request for comments I wont go into much more
detail about what these values mean. I hope they are more or less
self-explanatory anyway. I based them on the P3P specs loosely.

This compact matrix could be presented to the user anywhere on the site
to give him an idea about what to expect. He can then choose to read the
entire policy or just surf on. My idea was to style this data into a
graphic similar to the creative commons logos that tell about what a
license allows and requires. Or maybe a browser plugin could read the
format and popup when the data deviates from a user-specified setting
(much like IE handles P3P policies).

Well, so much for the basic concept. I'm looking forward to some
constructive comments, whether this would be useful addition to the
microformat family.

Thanks. Cheers,

Gordon Oheim
Omnia Computing

More information about the microformats-new mailing list