Compact Policy Cross-Reference
Compact
Policy Description
P3P compact policies use tokens representing the
following elements from the P3P vocabulary: ACCESS,
CATEGORIES, DISPUTES, NON-INDENTIFIABLE, PURPOSE,
RECIPIENT, REMEDIES and RETENTION. The P3P compact
policy vocabulary is expressed using a
developer-readable language to reduce the number of
bytes transferred over the wire within a HTTP response
header.
Compact
Policy Access Element
The ACCESS element indicates whether the site provides
access to various kinds of information.
| Tag | Description |
| NOI | Web Site does not collected identified data. |
| ALL | All Identified Data: Access is given to all identified data. |
| CAO | Identified Contact Information and Other Identified Data: access is given to identified online and physical contact information as well as to certain other identified data. |
| IDC | Identifiable Contact Information: access is given to identified online and physical contact information (e.g., users can access things such as a postal address) |
| OTI | Other Identified Data: access is given to certain other identified data (e.g., users can access things such as their online account charges). |
| NON | None: no access to identified data is given. |
2.2 Compact
Policy Disputes Element
A policy should contain a DISPUTES element. These
elements describe dispute resolution procedures that
may be followed for disputes about a services' privacy
practices. If a privacy policy contains any disputes
elements, the compact policy will contain a disputes
token.
| Tag | Description |
| DSP | The privacy policy contains DISPUTES elements. |
2.3 Compact
Policy Remedies Element
Each DISPUTES element may contain a REMEDIES element
that describes the remedies in case a policy breach
occurs.
| Tag | Description |
| COR | Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service. |
| MON | If the service provider violates its privacy policy it will pay the individual an amount specified in the human readable privacy policy or the amount of damages. |
| LAW | Remedies for breaches of the policy statement will be determined based on the law referenced in the human readable description. |
2.4 Compact
Policy Non-Identifiable Element
If each statement of a privacy policy contains the
NON-IDENTIFIABLE element, then the compact privacy
policy may specify the NID token.
| Tag | Description |
| NID | Non-identifiable. |
2.5 Compact
Policy Purpose Element
Each statement in a privacy policy that does not
contain a non-identifiable element must contain a
PURPOSE element that contains one or more purposes of
data collection or uses of data.
| Tag | Description |
| CUR | Information is used to complete the activity for which it was provided. |
| ADM | Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage (same as tag ADMa). |
| ADMa | Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage. |
| ADMi | Information may be used for the technical support of the Web site and its computer system. Opt-in means prior consent must be provided by users. |
| ADMo | Information may be used for the technical support of the Web site and its computer system. Users may opt-out of the data being used for this purpose. |
| DEV | Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage (same as tag DEVa). |
| DEVa | Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage. |
| DEVi | Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Opt-in means prior consent must be provided by users. |
| DEVo | Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users may opt-out of the data being used for this purpose. |
| TAI | Information may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Users cannot opt-in or opt-out of this usage (same as tag TAIa). |
| TAIa | Information may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Users cannot opt-in or opt-out of this usage. |
| TAIi | Information may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Opt-in means prior consent must be provided by users. |
| TAIo | Information may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Users may opt-out of the data being used for this purpose. |
| PSA | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage (same as tag PSAa). |
| PSAa | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage. |
| PSAi | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users. |
| PSAo | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Users may opt-out of the data being used for this purpose. |
| PSD | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage (same as tag PSDa). |
| PSDa | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage. |
| PSDi | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users. |
| PSDo | Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Users may opt-out of the data being used for this purpose. |
| IVA | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Users cannot opt-in or opt-out of this usage (same as tag IVAa). |
| IVAa | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Users cannot opt-in or opt-out of this usage. |
| IVAi | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Opt-in means prior consent must be provided by users. |
| IVAo | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Users may opt-out of the data being used for this purpose. |
| IVD | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Users cannot opt-in or opt-out of this usage (same as tag IVDa). |
| IVDa | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Users cannot opt-in or opt-out of this usage. |
| IVDi | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Opt-in means prior consent must be provided by users. |
| IVDo | Information may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Users may opt-out of the data being used for this purpose. |
| CON | Information may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Users cannot opt-in or opt-out of this usage (same as tag CONa). |
| CONa | Information may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Users cannot opt-in or opt-out of this usage. |
| CONi | Information may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Opt-in means prior consent must be provided by users. |
| CONo | Information may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Users may opt-out of the data being used for this purpose. |
| HIS | Information may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Users cannot opt-in or opt-out of this usage (same as tag HISa). |
| HISa | Information may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Users cannot opt-in or opt-out of this usage. |
| HISi | Information may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Opt-in means prior consent must be provided by users. |
| HISo | Information may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Users may opt-out of the data being used for this purpose. |
| TEL | Information may be used to contact the individual via a voice telephone call for promotion of a product or service. Users cannot opt-in or opt-out of this usage (same as tag TELa). |
| TELa | Information may be used to contact the individual via a voice telephone call for promotion of a product or service. Users cannot opt-in or opt-out of this usage. |
| TELi | Information may be used to contact the individual via a voice telephone call for promotion of a product or service. Opt-in means prior consent must be provided by users. |
| TELo | Information may be used to contact the individual via a voice telephone call for promotion of a product or service. Users may opt-out of the data being used for this purpose. |
| OTP | Information may be used in other ways not captured by the above definitions. Users cannot opt-in or opt-out of this usage (same as tag OTPa). |
| OTPa | Information may be used in other ways not captured by the above definitions. Users cannot opt-in or opt-out of this usage. |
| OTPi | Information may be used in other ways not captured by the above definitions. Opt-in means prior consent must be provided by users. |
| OTPo | Information may be used in other ways not captured by the above definitions. Users may opt-out of the data being used for this purpose. |
2.6 Compact
Policy Recipient Element
Each statement in a privacy policy must contain a
RECIPIENT element that contains one or more recipient
of the collected data.
| Tag | Description |
| OUR | Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent. |
| DEL | Delivery services possibly following different practices. Users cannot opt-in or opt-out of this usage (same as tag DELa). |
| DELa | Delivery services possibly following different practices. Users cannot opt-in or opt-out of this usage. |
| DELi | Delivery services possibly following different practices. Opt-in means prior consent must be provided by users. |
| DELo | Delivery services possibly following different practices. Users may opt-out of the data being used for this purpose. |
| SAM | Legal entities following our practices. Users cannot opt-in or opt-out of this usage (same as tag SAMa). |
| SAMa | Legal entities following our practices. Users cannot opt-in or opt-out of this usage. |
| SAMi | Legal entities following our practices. Opt-in means prior consent must be provided by users. |
| SAMo | Legal entities following our practices. Users may opt-out of the data being used for this purpose. |
| UNR | Unrelated third parties whose data usage practices are unknown by the original service provider. Users cannot opt-in or opt-out of this usage (same as tag UNRa). |
| UNRa | Unrelated third parties whose data usage practices are unknown by the original service provider. Users cannot opt-in or opt-out of this usage. |
| UNRi | Unrelated third parties whose data usage practices are unknown by the original service provider. Opt-in means prior consent must be provided by users. |
| UNRo | Unrelated third parties whose data usage practices are unknown by the original service provider. Users may opt-out of the data being used for this purpose. |
| PUB | Public fora such as bulletin boards, public directories, or commercial CD-ROM directories. Users cannot opt-in or opt-out of this usage (same as tag PUBa). |
| PUBa | Public fora such as bulletin boards, public directories, or commercial CD-ROM directories. Users cannot opt-in or opt-out of this usage. |
| PUBi | Public fora such as bulletin boards, public directories, or commercial CD-ROM directories. Opt-in means prior consent must be provided by users. |
| PUBo | Public fora such as bulletin boards, public directories, or commercial CD-ROM directories. Users may opt-out of the data being used for this purpose. |
| OTR | Legal entities following different practices. Users cannot opt-in or opt-out of this usage (same as tag OTRa). |
| OTRa | Legal entities following different practices. Users cannot opt-in or opt-out of this usage. |
| OTRi | Legal entities following different practices. Opt-in means prior consent must be provided by users. |
| OTRo | Legal entities following different practices. Users may opt-out of the data being used for this purpose. |
2.7 Compact
Policy Retention Element
Each statement element in a privacy policy must contain
a RETENTION element that indicates the kind of
retention policy that applies to the data referenced in
that statement.
| Tag | Description |
| NOR | Information is not retained for more than a brief period of time necessary to make use of it during the course of a single online interaction. Information MUST be destroyed following this interaction and MUST NOT be logged, archived, or otherwise stored. |
| STP | Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. |
| LEG | As required by law or liability under applicable law: Information is retained to meet a stated purpose, but the retention period is longer because of a legal requirement or liability. For example, a law may allow consumers to dispute transactions for a certain time period; therefore a business may for liability reasons decide to maintain records of transactions, or a law may affirmatively require a certain business to maintain records for auditing or other soundness purposes. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. |
| BUS | is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy. |
| IND | Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy. |
2.8 Compact
Policy Categories Element
Categories are elements inside data elements that
provide hints to users and user agents as to the
intended use of the data.
| Tag | Description |
| PHY | Information that allows an individual to be contacted or located in the physical world -- such as telephone number or address. |
| ONL | Information that allows an individual to be contacted or located on the Internet -- such as email. Often, this information is independent of the specific computer used to access the network. (See the category COM) |
| UNI | Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service. |
| PUR | Information actively generated by the purchase of a product or service, including information about the method of payment. |
| FIN | Information about an individual's finances including account status and activity information such as account balance, payment or overdraft history, and information about an individual's purchase or use of financial instruments including credit or debit card information. |
| COM | Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system. |
| NAV | Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page. |
| INT | Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity. |
| DEM | Data about an individual's characteristics -- such as gender, age, and income. |
| CNT | The words and expressions contained in the body of a communication -- such as the text of email, bulletin board postings, or chat room communications. |
| STA | Mechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously -- such as HTTP cookies. |
| POL | Membership in or affiliation with groups such as religious organizations, trade unions, professional associations, political parties, etc. |
| HEA | Information about an individual's physical or mental health, sexual orientation, use or inquiry into health care services or products, and purchase of health care services or products. |
| PRE | Data about an individual's likes and dislikes -- such as favorite color or musical tastes. |
| LOC | Information that can be used to identify an individual's current physical location and track them as their location changes -- such as GPS position data. |
| GOV | Identifiers issued by a government for purposes of consistently identifying the individual. |
| OTC | Other types of data not captured by the above definitions. |
|
P3P Compact Policy Site Home |
|
P3P Compact
Specification Compact Policy Details |
|
Token
Cross-Reference Policy tokens reference |
|
Compact
Policy Validator Verify CP string contents |
|
Definitions Understanding key terms |
|
Resources Making a compact policy |
