Platform for Privacy Preferences (P3P) Specification

W3C Working Draft 26 August 1999

This Version 
Latest Version: 
Previous Version:
Massimo Marchiori, W3C/MIT, (massimo@w3.org)
Joseph Reagle, W3C/MIT, (reagle@w3.org)


This document describes the Platform for Privacy Preferences (P3P). P3P enables Web sites to express their privacy practices and enables users to exercise preferences over those practices. P3P compliant products will allow users to be informed of site practices (in both machine and human readable formats), to delegate decisions to their computer when appropriate, and to tailor their relationship to specific sites. Site practices that are compatible with a user's preferences can, at the user's option, be accessed "seamlessly". Otherwise users will be notified of a site's practices and have the opportunity to agree to those terms or other terms and continue browsing if they wish.

P3P gives users the ability to make informed decisions regarding their Web experience and the ability to control the use of their information. Sites can use P3P to increase the level of confidence users place in their services, as well as improve the quality of the services offered, customize content, and simplify site access, offering facilities like auto fill-in of forms, customized profiles, automatic electronic commerce transactions.

Status of This Document 

This is the fifth W3C public working draft for review by W3C members and other interested parties. This document has been produced as part of the P3P Activity, and will eventually be advanced toward W3C Recommendation status. It is inappropriate to use W3C Working Drafts as reference material or to cite them as other than "work in progress." The underlying concepts of the draft are fairly stable and we encourage the development of experimental implementations and prototypes so as to provide feedback on the specification. However, this Working Group will not allow early implementations to affect their ability to make changes to future versions of this document.

This draft document will be considered by W3C and its members according to W3C process. This document is made public for the purpose of receiving comments that inform the W3C membership and staff on issues likely to affect the implementation, acceptance, and adoption of P3P. A brief annex with the status of some ongoing work is also available. W3C members can access the updated list of pending issues.

Please send comments to www-p3p-public-comments@w3.org (archived at http://lists.w3.org/Archives/Public/www-p3p-public-comments/).

Attention is called to the possibility that implementation of this Technical Report may require use of subject matter covered by patent rights. By publication of this Technical Report, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The W3C shall not be responsible for identifying patent rights for which a license may be required to implement a W3C Technical Report or for conducting inquiries into the existence, legal validity or scope of those patent rights that are brought to its attention.

The P3P 1.0 specification consists of three documents. P3P1.0 compliant implementations must abide by the conformance requirements of each.

Syntax  Specification
This is the core and lengthiest specification; it documents the requirements, assumptions, and specifies the P3P protocols, transport methods, and the data structures' syntax and encoding. The actual attribute values for privacy disclosures and data element (names of the information exchanged, like "User.Name.")  are specified in the following two documents.

Base Data Set Specification
This document specifies the names of base P3P data elements, sets, and their data types.

Harmonized Vocabulary Specification
This document specifies the English language semantics for privacy related disclosures such as categories, purpose, identifiable use, recipients, and access.


Master Table of Contents

Syntax Specification

  1. Introduction
    1. Problem space
    2. About this specification
    3. Operational description
    4. Assumptions
    5. Terminology
    6. Conformance requirements
  2. Scenarios
  3. Data Transport
    1. Protocol Model
      1. Client Actions
      2. Server Actions
    2. HTTP Extension Framework and P3P
    3. Protocol Actions
      1. P3P Client Actions
      2. P3P Server Actions
      3. Protocol Example
    4. Error messages
    5. Limited Protocol
  4. P3P markup and processing
    1. Example proposal
      1. English language proposal
      2. XML/RDF encoding of proposal
    2. Proposals
      1. The PROP element
      2. The REALM element
      3. The DISCLOSURE element
      4. The ASSURANCE element
    3. Data Transmission
    4. Statements
      1. The STATEMENT element
      2. The CONSQ element
      3. The PURPOSE element
      4. The RECPNT element
      5. The REF element
      6. Null Values
      7. The source attribute
    5. Categories
      1. Fixed-Category Data Elements
      2. Variable-Category Data Elements
    6. Creating new data sets
      1. Repository Data
      2. Non-Repository Data
  5. Appendices
    Appendix 1: References (Normative)
    Appendix 2: ABNF Notation (Non-normative)
    Appendix 3: Working Group Contributors (Non-normative)

Base Data Set and Data Types Specification

  1. Introduction
  2. Required Base Data Elements and Sets
    1. User Data
    2. Dynamic Data
  3. Data Types
    1. Dates
    2. Names
    3. certificates
    4. Telephones
    5. Contact Information
      1. Postal
      2. Telecommunication
      3. Online
    6. Primitive Data Types
  4. The Data Schema
  5. Appendix: References

Harmonized Privacy Vocabulary Specification

  1. Introduction
  2. Compliance Requirements
  3. Definitions
  4. Data Categories: a type, or quality of specific data element such as last_name.
  5. Data Collection Purposes:  the purpose of the data collection
  6. Qualifications on Purposes: additional information on how the purpose is realized
  7. General Disclosures: describe the user's capabilities to further understand a service provider's practices
  8. References
  9. Acknowledgements