Does P3P result in an increased transfer of personal data?
This question was of particular concern when automated data-transfer protocols were being considered in earlier drafts of the P3P specification. Some privacy advocates feared that by creating a standardized vocabulary to describe data-transfer, and a protocol for automating data transfer, P3P might make it easier for companies to collect personal data. This is much less of a concern now that P3P 1.0 does not have automated data-transfer. In a related issue, Karen Coyle raised a question about the design of the specification. In a critique of P3P, Coyle noted that the data-schema concerning the web surfer was very rich while the data-schema concerning the web site was very sparse. She asked whether P3P was geared towards revealing information about the user much more than disclosing information about web sites. The Working Group has taken these concerns into account and changed the data-schema, so that it also is used to identify the web site making the statement.
