This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
There is a typo in 3.2.2.... this section should indicate that the DISPUTES-GROUP is optional, not mandatory. The BNF is correct as is section 3.2.6 and Appendix 4. This should be fixed and added to the errata list.
Actual text now in 3.2.2: <p>The <code>POLICY</code> element contains a complete P3P policy. Each P3P policy MUST contain exactly one <code>POLICY</code> element. The policy element MUST contain an <code>ENTITY</code> element that identifies the legal entity making the representation of the privacy practices contained in the policy. In addition, the policy element MUST contain an <code>ACCESS</code> element <span class="change">and</span>one or more <code> STATEMENT</code> elements.<span>It SHOULD contain</span> a <code>DISPUTES-GROUP</code> element. <span class="change">It may contain</span> a <a href="#Data_Schemas">P3P data schema</a> and one or more extensions.</p>
The POLICY element contains a complete P3P policy. Each P3P policy MUST contain exactly one POLICY element. The policy element MUST contain an ENTITY element that identifies the legal entity making the representation of the privacy practices contained in the policy. In addition, the policy element MUST contain an ACCESS element andone or more STATEMENT elements.It SHOULD contain a DISPUTES-GROUP element. It may contain a P3P data schema and one or more extensions.
Was fixed long time ago