Defined terms
Most of these terms are defined by the World Wide Web Consortium
and repeated here for the sake of convenience.
Such terms are identified by the following icon:

- assurance
- a means of indicating how disputes or discrepancies with a
privacy policy is addressed. This can be through an independent,
third-party organization, a customer service department, or under
legal or judicial guidelines.
- base data schema

- A standard data schema in the P3P specification
defining a wide variety of commonly used data elements
and data types,
which can be reused by other new schemas.
The P3P base data schema is available at http://www.w3.org/TR/P3P/base .
- blank policy
- A policy that can be loaded into the P3P editor every time you start the
editor.
- character

- Strings consist of a sequence of zero or more characters, where a
character is defined as in the XML recommendation.
A single character in P3P thus corresponds to a
single Unicode abstract character with a single corresponding Unicode
scalar value (see [UNICODE]).
- click-stream data
- a list of links or pages requested by a site visitor
- data element

-
An individual data entity, such as last name or telephone number. For
interoperability, P3P1.0 specifies a base set of data elements. The
data elements in the base data schema, plus any additional data elements
defined in the current policy, are shown in the left panel of the policy editor.
- data category

-
A significant attribute of a data element or
data set that may be used by P3P client software
such as a Web browser or trust engine to
determine what type of element is under discussion, such as physical
contact information. P3P1.0 specifies base data categories.
- data controller
- See legal entity .
- data set

-
A known grouping of data elements, such as
user.home.postal. A set is represented
with a trailing period. P3P1.0 specifies a number of base data sets.
- DISPUTE
- an element in a privacy policy that defines assurance.
See assurance.
Although the DISPUTES element is not required, at
least one is recommended, and a privacy policy can indicate more than one.
- equable practice
-
A practice that is very similar to another in that the purpose and recipients are
the same or more constrained than the original, and the other disclosures are not
substantially different. For example, two sites with otherwise similar practices
that follow different - but similar - sets of industry guidelines.
- human-readable
- published in a natural language and intended for people to
read. The P3P editor creates an XML-formatted policy that is intended to be
interpreted by user agents,
such as browsers,
and not by people. A human-readable policy is typically formatted in HTML.
- legal entity
-
The person or legal entity which offers information, products or services
from a Web site, collects information, and is responsible for the representations
made in a practice statement. Synonymous with service provider
and data controller .
- personally identified data

- Data that reasonably can be used by the data collector to identify an individual.
- policy
-
A collection of one or more privacy statements together with information
asserting the identity, URI, assurances, and dispute resolution procedures
of the service covered by the policy.
Unless otherwise specified, 'policy' refers to the
XML-formatted privacy policy that governs a Web site, rather than the
HTML-formatted privacy policy. These two policies must be equivalent.
- policy element
- A data element or data set that has been declared in a policy. This can be
one of the base data elements or categories or it can be a unique data
element created just for the organization. Either way, the data element
has to be moved into a data group to be declared part of the P3P policy.
- practice

-
The set of disclosures regarding data usage, including purpose, recipients,
and other disclosures.
- preference

-
A rule, or set of rules, that determines what action(s) a user agent will
take. A preference might be expressed as a formally defined computable statement
(e.g., the APPEL preference exchange language).
- purpose
-
The reason(s) for data collection and use.
- repository

-
A mechanism for storing user information under the control of the user
agent.
- Safe Zone

- Part of a Web site where the service provider performs only minimal data
collection, and any data that is collected is used only in non-identifiable
ways. The safe zone is intended to ensure that certain data is not collected
before the P3P policy has been received by the user agent.
- service
-
A program that issues policies and (possibly) data requests. By this definition,
a service may be a server (site), a local application, a piece of locally
active code, such as an ActiveX control or Java applet, or even another user
agent.
- service provider
- See legal entity .
- statement
-
A P3P statement is a set of privacy practice disclosures relevant to a collection
of data elements.
- URI
-
A Uniform Resource Identifier used to identify Web resources. For definitive
information on URI syntax and semantics, see
RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax and Semantics
at http://www.ietf.org/rfc/rfc2396.txt
- user
-
An individual (or group of individuals acting as a single entity) on whose
behalf a service is accessed and for which personal data exists.
- user agent
-
A program whose purpose is to mediate interactions with services on behalf
of the user under the user's preferences. A Web browser is a typical example
of a user agent. A user may have more than one user
agent, and agents need not reside on the user's desktop, but any agent
must be controlled by and act on behalf of only the user. The trust
relationship between a user and her agent may be governed by constraints
outside of P3P. For instance, an agent may be trusted as a part of the user's
operating system or Web client, or as a part of the terms and conditions
of an Internet service provider or privacy proxy.
- UNICODE
- a character coding system designed to support the interchange, processing,
and display of the written texts of the diverse languages of the modern world.
The Unicode Standard is published at
http://www.unicode.org/unicode/standard/standard.html .