Each P3P Policy element has been mapped to a user-friendly adaptation.
| Policy Node | Value | P3P Spec Definition | User Focused Definition |
| Category | | Categories are elements inside data elements that provide hints to users and user agents as to the intended uses of the data. Categories are vital to making P3P user agents easier to implement and use. Note that categories are not data elements: they just allow users to express more generalized preferences and rules over the exchange of their data. | What kind of information does this Web site collect? |
| | Physical | Physical Contact Information: Information that allows an individual to be contacted or located in the physical world -- such as telephone number or address. | "Information that allows an individual to be contacted or located in the physical world, such as a telephone number or a postal address." |
| | Online | "Online Contact Information: Information that allows an individual to be contacted or located on the Internet -- such as email. Often, this information is independent of the specific computer used to access the network. (See the category ""Computer Information"") " | "Information that allows an individual to be contacted or located on the Internet, such as an e-mail address. Often, this information is independent of the specific computer used to access the network." |
| | Uniqueid | "Unique Identifiers: Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying the individual. These include identifiers issued by a Web site or service. " | Unique identifiers issued by a Web site or service for the purpose of identifying an individual over time. |
| | Purchase | "Purchase Information: Information actively generated by the purchase of a product or service, including information about the method of payment. " | "Information generated by the purchase of a product or service, including information about the method of payment." |
| | Financial | "Financial Information: Information about an individual's finances including account status and activity information such as account balance, payment or overdraft history, and information about an individual's purchase or use of financial instruments including credit or debit card information. Information about a discrete purchase by an individual, as described in ""Purchase Information,"" alone does not come under the definition of ""Financial Information."" " | "Information about an individual's finances, including account status, account balance, payment or overdraft history, and information about an individual's purchase or use of financial instruments, including credit cards or debit cards." |
| | Computer | "Computer Information: Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system. " | "Information about the computer system that the individual is using to access the Internet, such as the IP number, domain name, browser type, or operating system. " |
| | navigation | "Navigation and Click-stream Data: Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page. " | "Information generated by browsing the Web site, such as which pages are visited, and how long an individual stays on each page. " |
| | interactive | "Interactive Data: Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity. " | "Information generated from or reflecting explicit interactions with the Web site, such as queries to a search engine, or logs of account activity." |
| | demographic | "Demographic and Socioeconomic Data: Data about an individual's characteristics -- such as gender, age, and income." | "Demographic and socioeconomic data, , such as gender, age, and income, not tied to an identifiable person. " |
| | content | "Content : The words and expressions contained in the body of a communication -- such as the text of email, bulletin board postings, or chat room communications. " | "The words and expressions contained in the body of a communication. For example, the text of an e-mail message, bulletin board postings, or chat room communications. " |
| | state | State Management Mechanisms: Mechanisms for maintaining a stateful session with a user or automatically identifying users who have visited a particular site or accessed particular content previously -- such as HTTP cookies. | "Mechanisms, such as HTTP cookies, for maintaining an active connection with an individual or for automatically identifying an individual who has visited a particular site or previously accessed particular content. " |
| | political | "Political Information: Membership in or affiliation with groups such as religious organizations, trade unions, professional associations, political parties, etc. " | "Information about membership in or affiliation with groups such as religious organizations, trade unions, professional associations, political parties, etc. " |
| | health | "Health Information: information about an individual's physical or mental health, sexual orientation, use or inquiry into health care services or products, and purchase of health care services or products. " | "Information about an individual's physical or mental health, sexual orientation, use of or inquiry into health care services or products, and purchase of health care services or products." |
| | preference | Preference Data: Data about an individual's likes and dislikes -- such as favorite color or musical tastes. | "Data about an individual's likes and dislikes, such as favorite color or musical tastes. " |
| | location | Location Data: Information that can be used to identify an individual's current physical location and track them as their location changes -- such as GPS position data. | "Information, such as global positioning data, that can be used to identify an individual's current physical location and track him as his location changes. " |
| | government | Government-issued Identifiers: Identifiers issued by a government for purposes of consistently identifying the individual. | "Identifiers issued by a government for purposes of identifying an individual over time, such as a driver� s license number, social security number, or passport number." |
| | other-category | "Other: Other types of data not captured by the above definitions. (A human readable explanation should be provided in these instances, between the and the tags.) " | Other: %User Agents display the policies string here% |
| Access | | "the ability of the individual to view identifiable information and address questions or concerns to the service provider. Service providers MUST disclose one value for the access attribute. The method of access is not specified. Any disclosure (other than ) is not meant to imply that access to all data is possible, but that some of the data may be accessible and that the user should communicate further with the service provider to determine what capabilities they have. Note that service providers may also wish to provide capabilities to access information collected through means other than the Web at the discuri. However, the scope of P3P statements are limited to data collected through HTTP or other Web transport protocols. Also, if access is provided through the Web, use of strong authentication and security mechanisms for such access is recommended; however, security issues are outside the scope of this document. " | What types of information about myself do I have access to? |
| | nonident | Identifiable Data is Not Used | Personally identifiable information is not collected and therefore is not accessible. |
| | all | All Identifiable Information: access is given to all identifiable information. | All personally identifiable information. |
| | contact-and-other | Identifiable Contact Information and Other Identifiable Information: access is given to identifiable online and physical contact information as well as to other information linked to an identifiable person. | "Personally identifiable online and physical contact information, as well as to other information linked to an identifiable person." |
| | ident-contact | "Identifiable Contact Information: access is given to identifiable online and physical contact information (e.g., users can access things such as a postal address). " | Personally identifiable online and physical contact information such as a postal address. |
| | other-ident | "Other Identifiable Information: access is given to certain other information linked to an identifiable person (e.g., users can access things such as their online account charges). " | Certain other information linked to an identifiable person such as online account charges. |
| | none | None: no access to identifiable information is given. | None. |
| Purpose | | purposes for data processing relevant to the Web. | Why is this information collected? |
| | current | "Completion and Support of Current Activity: Information may be used by the service provider to complete the activity for which it was provided, such as the provision of information, communications, or interactive services -- for example to return the results from a Web search, to forward email, or place an order. " | "Information may be used by the Web site to complete the activity for which it was provided, whether the activity is a one-time event, such as returning the results from a Web search, forwarding an e-mail message or placing an order; or a recurring event, such as providing a subscription service or allowing access to an online address book or electronic wallet." |
| | admin | "Web Site and System Administration: Information may be used for the technical support of the Web site and its computer system. This would include processing computer account information, information used in the course of securing and maintaining the site, and verification of Web site activity by the site or its agents. " | "Information may be used for the technical support of the Web site and its computer system. For example, to process computer account information, to secure and maintain the site, or to verify Web site activity by the site or its agents." |
| | develop | "Research and Development: Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. This does not include personal information used to tailor or modify the content to the specific individual nor information used to evaluate, target, profile or contact the individual. " | "Information may be used to enhance, evaluate, or otherwise review the Web site, service, product, or market. " |
| | tailoring | "One-time Tailoring: Information may be used to tailor or modify content or design of the site not affirmatively selected by the particular individual where the information is used only for a single visit to the site and not used for any kind of future customization. For example, an online store that suggests other items a visitor may wish to purchase based on the items he has already placed in his shopping basket. " | "Information may be used to tailor or modify the content or design of the Web site during a single visit to the site. For example, an online store might suggest other items for a visitor to purchase based on items he has already placed in his shopping basket." |
| | pseudo-analysis | "Pseudonymous Analysis: Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying personally-identifiable information (such as name, address, phone number, email address, or IP address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. For example, a marketer may wish to understand the interests of visitors to different portions of a Web site. " | "Information that is based upon a unique identifier but that cannot be linked to an individual may be used for research, analysis, and reporting. For example, the number of users within a ZIP code. " |
| | pseudo-decision | "Pseudonymous Decision: Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying personally-identifiable information (such as name, address, phone number, email address, or IP address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. For example, a marketer may tailor or modify content displayed to the browser based on pages viewed during previous visits. " | "Information that is based upon a unique identifier but that cannot be linked an individual may be used to make a decision that directly affects that individual. For example, an individual within a certain ZIP code is presented with advertisements for companies located in that same ZIP code." |
| | individual-analysis | "Individual Analysis: Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with personally identifiable information for the purpose of research, analysis and reporting. For example, an online Web site for a physical store may wish to analyze how online shoppers make offline purchases. " | "Information that can be linked to an individual may be used for research, analysis, and reporting. For example, data about the types of and price ranges of products an individual has looked at." |
| | individual-decision | "Individual Decision: Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with personally identifiable information to make a decision that directly affects that individual. For example, an online store suggests items a visitor may wish to purchase based on items he has purchased during previous visits to the Web site. " | "Information that can be linked to an individual may be used to make a decision that directly affects that individual. For example, a Web site might show an individual houses that are within her ability to purchase, regardless of the price range she has researched before. " |
| | contact | "Contacting Visitors for Marketing of Services or Products: Information may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. This does not include a direct reply to a question or comment or customer service for a single transaction -- in those cases, would be used. In addition, this does not include marketing via customized Webcontent or banner advertisements embedded in sites the user is visiting -- these cases would be covered by the , and , or and purposes. " | "Information may be used to contact an individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site." |
| | historical | "Historical Preservation: Information may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. This law or policy MUST be referenced in the element and MUST include a specific definition of the type of qualified researcher who can access the information, where this information will be stored and specifically how this collection advances the preservation of history. " | Information may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. |
| | telemarketing | "Contacting Visitors for Marketing of Services or Products Via Telephone: Information may be used to contact the individual via a voice telephone call for promotion of a product or service. This does not include a direct reply to a question or comment or customer service for a single transaction -- in those cases, would be used. " | Information may be used to contact the individual via voice telephone for promotion of a product or service. |
| | other-purpose | Other Uses: Information may be used in other ways not captured by the above definitions. (A human readable explanation should be provided in these instances). | Other Uses: %User Agents display the policies string here% |
| Recipient | | "the legal entity, or domain, beyond the service provider and its agents where data may be distributed. " | Who has access to this information? |
| | ours | "Ourselves and/or our entities acting as our agents or entities for whom we are acting as an agent: An agent in this instance is defined as a third party that processes data only on behalf of the service provider for the completion of the stated purposes. (e.g., the service provider and its printing bureau which prints address labels and does nothing further with the information.) " | "This Web site, entities for whom it is acting as an agent, and/or entities acting as its agent. An agent in this instance is defined as a third party that processes data only for the completion of the stated purpose, such as a shipping firm or printing service." |
| | delivery | Delivery services possibly following different practices: Legal entities performing delivery services that may use data for purposes other than completion of the stated purpose. This should also be used for delivery services whose data practices are unknown. | Legal entities performing delivery services that may use data for purposes other than completion of the stated purpose. |
| | same | "Legal entities following our practices: Legal entities who use the data on their own behalf under equable practices. (e.g., consider a service provider that grants the user access to collected personal information, and also provides it to a partner who uses it once but discards it. Since the recipient, who has otherwise similar practices, cannot grant the user access to information that it discarded, they are considered to have equable practices.) " | Legal entities that have equivalent practices to this Web site. |
| | other-recipient | "Legal entities following different practices: Legal entities that are constrained by and accountable to the original service provider, but may use the data in a way not specified in the service provider's practices (e.g., the service provider collects data that is shared with a partner who may use it for other purposes. However, it is in the service provider's interest to ensure that the data is not used in a way that would be considered abusive to the users' and its own interests.) " | "Legal entities that are constrained by and accountable to this Web site, but may use the data in a way not specified in this Web site� s practices." |
| | unrelated | Unrelated third parties: Legal entities whose data usage practices are not known by the original service provider. | Legal entities whose data usage practices are not known by this Web site. |
| | public | "Public fora: Public fora such as bulletin boards, public directories, or commercial CD-ROM directories. " | "Public forums such as bulletin boards, public directories, or commercial CD-ROM directories." |
| Retention | | the type of retention policy in effect | How long is the information retained? |
| | no-retention | "Information is not retained for more than a brief period of time necessary to make use of it during the course of a single online interaction. Information MUST be destroyed following this interaction and MUST not be logged, archived, or otherwise stored. This type of retention policy would apply, for example, to services that keep no Web server logs, set cookies only for use during a single session, or collect information to perform a search but do not keep logs of searches performed. " | Information is not retained longer than the single online interaction. |
| | stated-purpose | For the stated purpose: Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. | Information is retained to meet the stated purpose and discarded at the earliest time possible. |
| | legal-requirement | "As required by law or liability under applicable law: Information is retained to meet a stated purpose, but the retention period is longer because of a legal requirement or liability. For example, a law may allow consumers to dispute transactions for a certain time period; therefore a business may for liability reasons decide to maintain records of transactions, or a law may affirmatively require a certain business to maintain records for auditing or other soundness purposes. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. " | "Information is retained beyond the time it takes to complete the stated purpose because of a legal requirement or liability. For example, a law may allow consumers to dispute transactions within a certain time frame, therefore a Web site may decide to keep a record of transactions." |
| | business-practices | Determined by service provider's business practice: Information is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. | Information is retained per the service provider's stated business practices. |
| | indefinitely | "Indefinitely: Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy. " | Information is retained for an indeterminate period of time. |
| Disputes | | "Describes dispute resolution procedures that may be followed for disputes about a services' privacy practices, or in case of protocol violation. " | How does this Web site handle disputes about collected data? |
| | service | Individual may complain to the Web site's customer service representative for resolution of disputes regarding the use of collected data. The description MUST include information about how to contact customer service. | %User Agents display the policies Short Description string here% |
| | independent | Individual may complain to an independent organization for resolution of disputes regarding the use of collected data. The description MUST include information about how to contact the third party organization. | %User Agents display the policies Short Description string here% |
| | court | Individual may file a legal complaint against the Web site. | An individual may file a legal complaint against the Web site. |
| | law | Disputes arising in connection with the privacy statement will be resolved in accordance with the law referenced in the description. | %User Agents display the policies Short Description string here% |
Created by: Roberto A. Franco, June 19, 2001
CopyrightŠ 1997-2000 W3C , All Rights Reserved. W3C liability,trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.