Internet Explorer 6.0's Privacy Protocol May Hamper Advertising

The P3P protocol that protects Internet Explorer 6.0 users from unwanted privacy intrusions could also thwart a site’s ability to track and measure visitors – and ads – served up by cookies.

Dave Morgan, president and chief executive officer of audience measurement company Tacoda Systems, is warning online publishers that the P3P protocol that was theory two years ago is fast becoming reality today.

About two years ago, Microsoft announced that newer versions of its Internet Explorer browsers – the beta version 5.5 and full-release 6.0 – would include a privacy tool that would limit the ability of third parties to send and receive cookies. The P3P protocol was designed to maximize the Web user’s privacy by allowing them to choose their level of protection, from low to high. The browser’s default was medium.

Many online publishers, aware of the legal and technical concerns that would go along with such a tool, began to work on ways to comply with the protocol. Sites would no longer just be able to print a privacy policy; the policy would now have to be integrated into the cookies that many sites use to track visitors and help serve ads, content and e-commerce applications.



“Not only would you publish a privacy policy on the Web, you’d embed a version of the privacy policy so that a browser could try to evaluate it,” Morgan said. The browser has the ability to reject a cookie if it doesn’t meet the standards.

That’s a great tool for the user but it causes complications – some of which could be unknown – for publishers, who don’t always exclusively carry content on their own sites. Some publishers buy content – and ads – from other sources that might not be aligned to their privacy policy. If the browser decides that a part of the site doesn’t meet its specifications, then it won’t accept a cookie from that part of the site.

And this is particularly unsettling for publishers because they’ll send a cookie but won’t know that it’s been rejected. “All they know is they sent a cookie down. They don’t know it wasn’t received,” said Morgan.

“It’s been known for some time that the new browsers were going to do this, with the privacy management tool turned on at the medium setting,” Morgan said.

Michael Zimbalist, executive director of the Online Publishers Association, said the P3P concerns are valid but many of the larger sites are already aware of it and are taking steps to prevent it.

“Sites do need to take certain things into consideration,” he said. How much of a problem it is depends on the complexity of the website.

“Most publishers are getting on top of it,” he said.

Morgan said those at greatest risk are the publishers who are under-resourced, because they won’t be able to manage the complication. But he said everyone should be aware that privacy issues will only get more complicated.

“I see it as a small- to medium-size problem that’s very manageable today. But this is probably the precursor to a number of similar issues that will be bigger in the future,” Morgan said.

Next story loading loading..