Is it legally OK to have only a P3P compact policy (allowing cookies in IE6+)? The P3P XML will also be present with company details and a link to the privacy policy, but nothing more. What are the legal implications of P3P and an incorrect implementation, especially in the UK?
A:
You should consult your company's legal council and ignore any other advice given here.
P3P is an industry standard for conveying information, not a law. I'm not a lawyer, but in general, if you're not lying and doing nefarious things contrary to your P3P policy, you should be okay. Though in the US people can sue you over anything anytime, so...
Also, you should have a look at the W3C FAQ.
jeffamaphone
2010-04-22 17:09:42