Platform for Privacy Preferences (P3P) Specification

W3C Working Draft 7 April 1999

This Version 
Latest Version: 
Previous Version:
Massimo Marchiori, W3C, (massimo@w3.org)
Joseph Reagle, W3C, (reagle@w3.org)


This document describes the Platform for Privacy Preferences (P3P). P3P enables Web sites to express their privacy practices and enables users to exercise preferences over those practices. P3P compliant products will allow users to be informed of site practices (in both machine and human readable formats), to delegate decisions to their computer when appropriate, and to tailor their relationship to specific sites. Site practices that are compatible with a user's preferences can, at the user's option, be accessed "seamlessly". Otherwise users will be notified of a site's practices and have the opportunity to agree to those terms or other terms and continue browsing if they wish.

P3P gives users the ability to make informed decisions regarding their Web experience and the ability to control the use of their information. Sites can use P3P to increase the level of confidence users place in their services, as well as improve the quality of the services offered, customize content, and simplify site access, offering facilities like auto fill-in of forms, customized profiles, automatic electronic commerce transactions.

Status of This Document 

This is the fourth W3C public working draft for review by W3C members and other interested parties. This document has been produced as part of the P3P Activity, and will eventually be advanced toward W3C Recommendation status. It is inappropriate to use W3C Working Drafts as reference material or to cite them as other than "work in progress." The underlying concepts of the draft are fairly stable and we encourage the development of experimental implementations and prototypes so as to provide feedback on the specification. However, this Working Group will not allow early implementations to affect their ability to make changes to future versions of this document.

This draft document will be considered by W3C and its members according to W3C process. This document is made public for the purpose of receiving comments that inform the W3C membership and staff on issues likely to affect the implementation, acceptance, and adoption of P3P.

Please send comments to www-p3p-public-comments@w3.org (archived at http://lists.w3.org/Archives/Public/www-p3p-public-comments/).

W3C members can access the updated list of pending issues.

Attention is called to the possibility that implementation of this Technical Report may require use of subject matter covered by patent rights. By publication of this Technical Report, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The W3C shall not be responsible for identifying patent rights for which a license may be required to implement a W3C Technical Report or for conducting inquiries into the existence, legal validity or scope of those patent rights that are brought to its attention.

The P3P 1.0 specification consists of three documents. P3P1.0 compliant implementations must abide by the conformance requirements of each.

Syntax  Specification
This is the core and lengthiest specification; it documents the requirements, assumptions, and specifies the P3P protocols, transport methods, and the data structures' syntax and encoding.
The actual attribute values for privacy disclosures and data element (names of the information exchanged, like "User.Name")  are specified in the following two documents.
Harmonized Vocabulary Specification
This document specifies the English language semantics for privacy related disclosures such as categories, purpose, identifiable use, recipients, and access.
Base Data Set Specification
This document specifies the names of base P3P data elements, sets, and their data types.

We have seperated this specification into three documents for readability purposes and for version migration. For instances, if changes were made to the harmonized vocabulary in the beginning of 2000, version P3P1.1 could be specified with a document akin to this one, but with:

  1. Its own URI (namespace):
  2. A different URI (namespace) for the Harmonized vocabulary:
  3. The same URIs (namespaces) for the Syntax and Base Data Set:


Master Table of Contents

Syntax Specification

  1. Introduction
    1. Problem space
    2. About this specification
    3. Operational description
    4. Operational design
    5. Assumptions
    6. Terminology
    7. Conformance requirements
  2. Scenarios
  3. Data Transport
    1. Protocol Model
      1. Client Actions
      2. Server Actions
    2. HTTP Extension Framework and P3P
    3. Protocol Actions
      1. Client requests proposal from the server
      2. Client returns repository data referencing a specific policy
      3. Server suggests proposal (location) to the client
      4. Server accepts a proposal /data required by the client or reports an error
    4. Reason codes definition
    5. Agreement scenario
  4. P3P markup and processing
    1. Example proposal
      1. English language proposal
      2. XML/RDF encoding of proposal
    2. Proposals
      1. The PROP element
      2. The REALM element
      3. The VOC:DISCLOSURE element
      4. The ASSURANCE element
    3. Data Transmission
    4. Statements
      1. The STATEMENT element
      2. The DATA:REF element
      3. Creating New Data Sets
  5. Appendices
    Appendix 1: References (Normative)
    Appendix 2: ABNF Notation (Non-normative)
    Appendix 3: Working Group Contributors (Non-normative)

Harmonized Privacy Vocabulary Specification

  1. Introduction
  2. Compliance Requirements
  3. Definitions
  4. Data Categories: a type, or quality of specific data element such as last_name.
  5. Data Collection Purposes:  the purpose of the data collection
  6. Qualifications on Purposes: additional information on how the purpose is realized
  7. General Disclosures: describe the user's capabilities to further understand a service provider's practices
  8. References
  9. Acknowledgements

Base Data Set and Data Types Specification

  1. Required (Base) Data Elements and Sets
  2. Data Types
  3. Abstract Elements
  4. The Data Schema