Watchfire, PwC unveil privacy tool

While pushing a joint privacy management product to enterprises earlier this week, Watchfire Corp. and PricewaterhouseCoopers LLP (PwC) also raised a new specter for the holiday e-buying season.

New York-based PwC along with Watchfire, in Ottawa, said their product, WebCPO, can help companies comply with a new privacy-related standard called P3P (Platform for Privacy Preferences).

It’s a crucial capability, the companies contend, because Microsoft Corp.’s new IE (Internet Explorer) 6.0 browser includes technology that could steer consumers away from e-commerce sites that are either non compliant with P3P or are without other adequate privacy protections.

P3P lets Web sites crank out machine-readable versions of data collection and sharing practices, and was designed by the World Wide Web Consortium (W3C) to increase consumer confidence in the Web. The standard is supposed to eliminate the need for shoppers to separately peruse each privacy policy posted on the sites they visit.

Under its default settings, IE 6.0 will automatically block many cookies routinely placed on visiting browsers, unless a site has acceptable privacy provisions in place and those provisions are spelled out in the P3P format, said Michael Wallent, product unit manager in Windows Client Group for Redmond, Wash.-based Microsoft.

In a move to support “notice and choice” options for online consumers, IE 6.0 was designed to require P3P compliance and block cookies only from third parties, usually online advertisers such as DoubleClick, and never the cookies of first-party retailers, Wallent said.

“This isn’t about making your Amazon shopping basket not work. This is about making sure content aggregation and companies that trace your actions across the Web know that consumers have more choice and notice about those processes,” Wallent said. “We found that blocking these cookies causes no detriments to the customers, but it can for the site, so the site is urged to comply with P3P.”

But IE 6.0 does allow consumers to block any cookies they wish through manual controls, Wallent added.

At the first instance of a non P3P-compliant site, IE 6.0 will pop up a dialogue box informing the end-user of the notice. For any subsequent sites that customers visit where cookies are blocked, a “red-eye” icon will appear in the bottom toolbar.

Concern exists that the red-eye marker on non-compliant sites could startle some users and perhaps drive them away from doing business on a particular Web site.

Watchfire bills WebCPO as a way for enterprises – especially e-commerce companies – to tackle any issues that may arise with the release of IE 6.0. PWC has signed on to provide associated professional consulting services.

In the debut of P3P functionality, executives from both companies expressly pointed at the holiday buying season as a time when enterprises can ill afford to take risks in noncompliance.

A Watchfire spokeswoman pointed to recent figures that estimate there will be 10 million IE 6.0 users by year’s end.

WebCPO functionality is described as a way to scour an enterprise Web site through a reporting functionality to determine data collection and sharing practices.

Many industry experts agree that the grueling process of settling on privacy practices – and formulating sound policies that reflect those practices – remains the most difficult part of the modern corporate dance with consumer privacy.

Getting those policies in P3P-compliant form, however, is more urgent given IE 6.0’s release, vendors argue.

WebCPO pricing starts at about US$15,000.