1.1.1 Goals and Capabilities of P3P 1.1

P3P version 1.0 is a protocol designed to inform Web users about the data-collection practices of Web sites. It provides a way for a Web site to encode its data-collection and data-use practices in a machine-readable XML format known as a P3P policy. The P3P specification defines:

• A standard schema for data a Web site may wish to collect, known as the "P3P base data schema" (5.5)
• A standard set of uses, recipients, data categories, and other privacy disclosures
• An XML format for expressing a privacy policy
• A means of associating privacy policies with Web pages or sites, and cookies
• A mechanism for transporting P3P policies over HTTP

The goal of P3P is twofold. First, it allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. Second, it enables Web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may "opt-out" of or "opt-in" to.

A number of changes were made in P3P version 1.1. These are enumerated in the changelog at the end of this document. The most significant changes are summarized here:

• All the errata from P3P 1.0 have been incorporated into this specification.
• In Section 1.3, definitions are now provided for identified, identifiable, linked, and linkable data
• In Section 2.3.2.9 an optional OUR-HOST element has been added for declaring domain relationships, allowing user agents to recognize when hosts in different domains are owned by the same entity or entities acting as agents for one another.
• In Section 2.5 a new P3P generic attribute for XML applications has been added. This is a new mechanism for binding P3P policies to XML elements that describe interfaces, for example, in XForms or WSDL.
• In Section 3.2.3 and Section 3.3.2 a mechanism has been added for naming P3P STATEMENT elements and grouping STATEMENT elements together. This allows user agents to better organize the summary display of P3P policies.
• In Section 3.2.8 new definitions are provided for the DISPUTES and REMEDIES elements and their sub-elements.
• In Section 3.36 a new definition is provided for the RECIPIENT element.
• In Section 3.4 a new definition is provided for the demographic element.
• In Section 3.3.5.1 an optional ppurpose element has been added added to allow user agents to determine the primary reason why the data recipient is collecting data.
• In Section 3.3.6.1 an optional JURSIDICTION element has been added for declaring the jurisdiction of data recipients.
• In Section 4 language was added to explain the use of compact policies as a performance optimization, and to emphasize their optional nature and non-authoritative status.
• In Section 4.2.10 new syntax has been added to provide a compact version of the STATEMENT element for use in compact policies. This allows for the creation of compact policies that make more granular statements about data practices than is possible with the P3P 1.0 syntax.
• In Section 5, the format for specifying P3P data schemas has been changed substantially so that it is now simpler and more standardized than the format used in P3P 1.0. The new format uses the XML Schema Definition Standard (XSD) format, which can be validated against an XML schema. In Appendix 3 the P3P base data schema definition has been updated to reflect this change.
• In Section 6 new user agent guidelines have been added to assist user agent implementers. These guidelines include a set of plain language translations of P3P vocabulary elements.
• The XML DTD definition for P3P has been removed from Appendix 5.

1.1.7

Add the following to the end of 1.1.7 Backwards Compatibility:

Note, P3P 1.1 data schemas cannot be read by P3P 1.0 user agents. This only impacts P3P 1.0 user agents that download and parse data schemas, and only when they access P3P 1.1 web sites that make use of data schemas beyond the P3P base data schema.