How can a user of P3P know if a site really follows its privacy policy?
P3P by itself does not enforce anything, but it does allow web sites to indicate mechanisms by which enforcement can take place. The DISPUTES-GROUP element allows sites to describe what dispute resolution procedures will be followed if a user feels the site has not followed its own privacy practices. Sites may also describe remedies available to users who feel their privacy has been violated. P3P can also help self-regulatory bodies and/or data commissioners. As P3P is a machine-readable way of talking about privacy, such bodies could set up programs to automatically check web site policies. Additionally, P3P could allow users to keep track of where they have left data, thus providing a better basis to articulate complaints about secondary use of data. In most jurisdictions, a false statement in a Web site’s privacy policy would violate privacy and/or anti-fraud laws.