I agree that P3P was way too complex, but so are the cookie popups that plague us today. P3P was built around legalese and privacy statements rather than simple consent, I think a modern take can do much better.
The extension you propose would be my vision of a modern P3P, but with categories you can set up with defaults. You don't want to force a NoScript/uMatrix style screen onto users, so the browser should simplify a bit, but a header that says "yes for necessary services, yes for analytics, no for tracking, no for advertising" (or something like that) would fit my requirements.
I think websites should also have a way to show _why_ and _how_ they process data, because that's part of the informed consent users give. A simple text field with a maximum size to force short descriptions, maybe with a "more details" button next to the selected purpose could be enough.
I don't think just sending a header would suffice because you'd still get consent popups if there's no other way to get consent. A boolean "sell my data" kust doesn't encompass the consent you're giving websites when you allow/deny.
It's a challenge to keep simple, for sure, but the UI and server-side API can be simpler than the underlying protocol. Consider the browser language list that nobody uses: to the user it's just an ordered list of languages, but in the user agent headers each language gets a numeric weight added to it. Or Firefoxs's "block trackers" button that substitutes Javascript when you enable it and applies all kinds of weird rules and detections to work.
The extension you propose would be my vision of a modern P3P, but with categories you can set up with defaults. You don't want to force a NoScript/uMatrix style screen onto users, so the browser should simplify a bit, but a header that says "yes for necessary services, yes for analytics, no for tracking, no for advertising" (or something like that) would fit my requirements.
I think websites should also have a way to show _why_ and _how_ they process data, because that's part of the informed consent users give. A simple text field with a maximum size to force short descriptions, maybe with a "more details" button next to the selected purpose could be enough.
I don't think just sending a header would suffice because you'd still get consent popups if there's no other way to get consent. A boolean "sell my data" kust doesn't encompass the consent you're giving websites when you allow/deny.
It's a challenge to keep simple, for sure, but the UI and server-side API can be simpler than the underlying protocol. Consider the browser language list that nobody uses: to the user it's just an ordered list of languages, but in the user agent headers each language gets a numeric weight added to it. Or Firefoxs's "block trackers" button that substitutes Javascript when you enable it and applies all kinds of weird rules and detections to work.