Start here -->
Compact Policy - a performance optimization that is delivered in the header of the web page. It contains tokens representing P3P policy elements. The P3P compact policy header has a quoted string that may contain one or more space delimited tokens.
Cookie, First Party - a cookie set by a URL that is the top-level URL of the page being served.
Cookie, Persistent - cookies with a defined expiration time. They are persistent because they are maintained longer than the amount of time the user is connected to the server. Because they are maintained while the user is not connected to the server, they are stored on the hard drive so they can be retrieved.
Cookie, Session - cookies that do not have a specified expiration. The name session means that they are discarded when the browser is closed. These cookies are stored in memory instead of on the hard drive.
Cookie, Third Party - a cookie set by a URL that is not the top-level URL of the page being served (A cookie that is set by a domain other than your domain). A common use for a third-party cookie would be a shopping cart, banner ad, or a login session.
COPPA - Children's Online Privacy Protection Act. Effective April 21, 2000, if a website collects age and the user is under 13 years of age, there needs to be a mechanism which will verify parental consent for the child to use the site (i.e. email, telephone, fax). If the parental consent is not obtained then the website must deny the child entry to the site.
Data Element - An individual data entity, such as last name or telephone number. For interoperability, P3P1.0 specifies a base set of data elements.
HTTP Header - In addition to a server sending HTML to a browser, it sends other program information that is not displayed. One of these objects is called the HTTP header that can contain information about the content that is being delivered to the browser. The header can be programmed by configuring the server or by a programming language such as perl, php and asp.
Personally Identifiable Information (PII) - refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. This includes information that is used in a way that is personally identifiable, including linking it with identifiable information from other sources, or from which other personally identifiable information can easily be derived, including, but not limited to, name, address, phone number, fax number, email address, financial profiles, social security number, and credit card information. To the extent unique information (which by itself is not Personally Identifiable Information) such as a personal profile, unique identifier, biometric information, and IP address is associated with Personally Identifiable Information, then such unique information will also be considered Personally Identifiable Information. Personally Identifiable Information does not include information that is collected anonymously (i.e., without identification of the individual user) or demographic information not connected to an identified individual. In terms of P3P attributes, personally identifiable information is 1) physical contact or location information, 2) online contact or location information, 3) government issued identifier, or 4) information about an individual's finances.
Policy - A collection of one or more privacy statements together with information asserting the identity, URI, assurances, and dispute resolution procedures of the service covered by the policy.
Purpose - The reason(s) for data collection and use.
Safe Zone - Part of a Web site where the service provider performs only minimal data collection, and any data that is collected is used only in ways that would not reasonably identify an individual.
Service Provider (Data Controller, Legal Entity) - The person or legal entity which offers information, products or services from a Web site, collects information, and is responsible for the representations made in a practice statement.
Statement - A P3P statement is a set of privacy practice disclosures relevant to a collection of data elements.
Token - An abbreviation that represents a much larger word. The token is used in programming to reduce the size of the program. For example, nonidentifiable could be represented by the token NID.
User - An individual (or group of individuals acting as a single entity) on whose behalf a service is accessed and for which personal data exists. P3P policies describe the collection and use of personal data about this individual or group.
User Agent - A program whose purpose is to mediate interactions with services on behalf of the user under the user's preferences. A user may have more than one user agent, and agents need not reside on the user's desktop, but any agent must be controlled by and act on behalf of only the user. The trust relationship between a user and his or her agent may be governed by constraints outside of P3P. For instance, an agent may be trusted as a part of the user's operating system or Web client, or as a part of the terms and conditions of an ISP or privacy proxy.
Well Known Location - refers to the location of the policy reference file. This location is on the web site at the path /w3c/p3p.xml.