Why Some Web Publishers Still Aren't P3P Compliant

A once under-the-radar privacy protection initiative is causing big headaches for Web publishers, and some may not even know it.

Microsoft’s Internet Explorer 6 browser looks for machine-readable privacy policies called P3P statements on third party servers. If they’re not there, or don’t meet standards, IE’s default settings block third party cookies, which can wreak havoc on ad serving, reach and frequency capping, campaign and site measurement and more. (See the first of this two-part series for more details.)

About half of Web surfers across the globe use IE 6 according to Browser News. Factor in the folks using AT&T’s Privacy Bird software which alerts users to potential privacy and P3P-related concerns, and P3P is a force to be reckoned with. AT&T’s Privacy Bird software has been downloaded about 32,000 times according to AT&T.

“Here’s the rub,” says Dave Morgan, president and CEO of audience management software firm Tacoda Systems, “publishers don’t know if the cookies are being blocked because the browser doesn’t tell, so the ad server doesn’t know the cookies got blocked.” He worries that because Web publishers and advertisers have grown accustomed to discrepancies in reporting numbers, alarms aren’t going off.

Back when Microsoft warned publishers to prepare for the coming of IE6, there was a lot of buzz about how to get sites up to snuff. Typically, computer technology resources or IT developers say enabling a site for P3P might take an hour or two and shouldn’t be too expensive.

The Online Publishers Association has made efforts to assist publishers in implementing P3P statements, but “hasn’t studied P3P to great detail,” according to Michael Zimbalist, executive director of the industry trade group. “I think it’s a little hiccup for some people,” he adds.

Considering TRUSTe’s estimate that only around 35% of the top 100 sites have implemented P3P statements, that’s one mighty hiccup.

What’s the hold up? For one thing, integrating back end systems is no easy task, especially for large site networks where information feeds in from multiple domains. Plus, tough economic times cause publishers to wonder if fiddling with the infrastructure is really such a good idea right now. Perhaps even more significant, implementing P3P requires communication between technology and business and editorial departments. “A lot of publishers don’t want to know what goes on inside the black box,” observes Morgan. “They just want the pages to work.”

Don’t forget the lawyers. Standard P3P language is not always consistent with actual site privacy policies which are usually laden with legalese. “Our privacy policy is much, much, much more stringent than the P3P norm,” stresses Carl Fischer, VP corporate communications at iVillage. “Legally we won’t put a privacy statement intact that doesn’t reflect what we’re actually doing.”

Although publishers are ultimately accountable under general Federal Trade Commission regulations, there’s no real P3P patroller on duty. Still, P3P is nothing to ignore. Urges Morgan, “The advertising industry has to drive how these technologies function because that’s where the revenue comes from.”

Next story loading loading..