P3P version 1.0 is a protocol designed to inform Web users about the data-collection practices of Web sites. It provides a way for a Web site to encode its data-collection and data-use practices in a machine-readable XML format known as a P3P policy. The P3P specification defines:
The goal of P3P is twofold. First, it allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. Second, it enables Web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may "opt-out" of or "opt-in" to.
A number of changes were made in P3P version 1.1. These are enumerated in the changelog at the end of this document. The most significant changes are summarized here:
OUR-HOST
element has been added for declaring domain
relationships, allowing user agents to recognize when hosts in
different domains are owned by the same entity or entities acting
as agents for one another.STATEMENT
elements and grouping
STATEMENT
elements together. This allows user agents
to better organize the summary display of P3P policies. DISPUTES
and REMEDIES
elements and their
sub-elements.RECIPIENT
element.demographic
element.
ppurpose
element has been added added to allow user
agents to determine the primary reason why the data recipient is
collecting data.JURSIDICTION
element has been added for declaring the
jurisdiction of data recipients.STATEMENT
element for use in compact policies. This
allows for the creation of compact policies that make more
granular statements about data practices than is possible with
the P3P 1.0 syntax.Add the following to the end of 1.1.7 Backwards Compatibility:
Note, P3P 1.1 data schemas cannot be read by P3P 1.0 user agents. This only impacts P3P 1.0 user agents that download and parse data schemas, and only when they access P3P 1.1 web sites that make use of data schemas beyond the P3P base data schema.