Defined terms

Most of these terms are defined by the World Wide Web Consortium and repeated here for the sake of convenience. Such terms are identified by the following icon:

W3C


assurance
a means of indicating how disputes or discrepancies with a privacy policy is addressed. This can be through an independent, third-party organization, a customer service department, or under legal or judicial guidelines.
base data schema W3C
A standard data schema in the P3P specification defining a wide variety of commonly used data elements and data types, which can be reused by other new schemas. The P3P base data schema is available at http://www.w3.org/TR/P3P/base .
blank policy
A policy that can be loaded into the P3P editor every time you start the editor.
character W3C
Strings consist of a sequence of zero or more characters, where a character is defined as in the XML recommendation. A single character in P3P thus corresponds to a single Unicode abstract character with a single corresponding Unicode scalar value (see [UNICODE]).
click-stream data
a list of links or pages requested by a site visitor
data element W3C
An individual data entity, such as last name or telephone number. For interoperability, P3P1.0 specifies a base set of data elements. The data elements in the base data schema, plus any additional data elements defined in the current policy, are shown in the left panel of the policy editor.
data category W3C
A significant attribute of a data element or data set that may be used by P3P client software such as a Web browser or trust engine to determine what type of element is under discussion, such as physical contact information. P3P1.0 specifies base data categories.
data controller W3C
See legal entity .
data set W3C
A known grouping of data elements, such as user.home.postal. A set is represented with a trailing period. P3P1.0 specifies a number of base data sets.
DISPUTE
an element in a privacy policy that defines assurance. See assurance. Although the DISPUTES element is not required, at least one is recommended, and a privacy policy can indicate more than one.
equable practice W3C
A practice that is very similar to another in that the purpose and recipients are the same or more constrained than the original, and the other disclosures are not substantially different. For example, two sites with otherwise similar practices that follow different - but similar - sets of industry guidelines.
human-readable
published in a natural language and intended for people to read. The P3P editor creates an XML-formatted policy that is intended to be interpreted by user agents, such as browsers, and not by people. A human-readable policy is typically formatted in HTML.
legal entity W3C
The person or legal entity which offers information, products or services from a Web site, collects information, and is responsible for the representations made in a practice statement. Synonymous with service provider and data controller .
personally identified data W3C
Data that reasonably can be used by the data collector to identify an individual.
policy W3C
A collection of one or more privacy statements together with information asserting the identity, URI, assurances, and dispute resolution procedures of the service covered by the policy. Unless otherwise specified, 'policy' refers to the XML-formatted privacy policy that governs a Web site, rather than the HTML-formatted privacy policy. These two policies must be equivalent.
policy element
A data element or data set that has been declared in a policy. This can be one of the base data elements or categories or it can be a unique data element created just for the organization. Either way, the data element has to be moved into a data group to be declared part of the P3P policy.
practice W3C
The set of disclosures regarding data usage, including purpose, recipients, and other disclosures.
preference W3C
A rule, or set of rules, that determines what action(s) a user agent will take. A preference might be expressed as a formally defined computable statement (e.g., the APPEL preference exchange language).
purpose W3C
The reason(s) for data collection and use.
repository W3C
A mechanism for storing user information under the control of the user agent.
Safe Zone W3C
Part of a Web site where the service provider performs only minimal data collection, and any data that is collected is used only in non-identifiable ways. The safe zone is intended to ensure that certain data is not collected before the P3P policy has been received by the user agent.
service W3C
A program that issues policies and (possibly) data requests. By this definition, a service may be a server (site), a local application, a piece of locally active code, such as an ActiveX control or Java applet, or even another user agent.
service provider W3C
See legal entity .
statement W3C
A P3P statement is a set of privacy practice disclosures relevant to a collection of data elements.
URI W3C
A Uniform Resource Identifier used to identify Web resources. For definitive information on URI syntax and semantics, see RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax and Semantics at http://www.ietf.org/rfc/rfc2396.txt
user W3C
An individual (or group of individuals acting as a single entity) on whose behalf a service is accessed and for which personal data exists.
user agent W3C
A program whose purpose is to mediate interactions with services on behalf of the user under the user's preferences. A Web browser is a typical example of a user agent. A user may have more than one user agent, and agents need not reside on the user's desktop, but any agent must be controlled by and act on behalf of only the user. The trust relationship between a user and her agent may be governed by constraints outside of P3P. For instance, an agent may be trusted as a part of the user's operating system or Web client, or as a part of the terms and conditions of an Internet service provider or privacy proxy.
UNICODE
a character coding system designed to support the interchange, processing, and display of the written texts of the diverse languages of the modern world. The Unicode Standard is published at http://www.unicode.org/unicode/standard/standard.html .