ConsumerPrivacyGuide.org

Glossary of Internet Privacy Terms

Understanding privacy and taking charge of how your information is collected and used online requires an understanding of basic terms related to the Internet, information technologies and privacy. As often as possible, we've attempted to link to this glossary from terms as they arise in this site. But you may also encounter new terms when installing new software, hooking up a new computer, or reading about privacy issues in the press. This glossary is an alphabetical list of terms and definitions you may find helpful as you encounter unfamiliar words.

a | b | c | d | e | f | g | h |i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z

Access: The third principle of fair information practices, along with (1) Notice, (2) Choice, and (4) Security. Refers to the user's ability to view the data collected about him or her, and challenge its accuracy and completeness.
Affirmative customization: Refers to a site's or an Internet service provider's use of personal data to tailor or modify the content or design of the site to specifications affirmatively selected by a particular individual. For example, you may permit a shopping site to use the record of your book purchases to make recommendations of other publications that may interest you. The site will thus display a list of its recommendations every time you visit.
Aggregate: Refers to data that is linked without revealing information that identifies an individual. The statistic "70% of users of this Web site live in New York City" is an example of aggregated information.
Anonymity (also see Pseudonymity and Pseudonymous profiling): A condition in which your true identity is not known. Your online service provider may allow you, as a subscriber, to participate in online activities anonymously (not known at all) or pseudonymously (taking on a different identity).
Anonymizer (also see Anonymous remailer): An anonymizer is essentially a shield between your computer and the Internet that relays Web traffic through an intermediary server. It hides personally identifying information—such as IP address, browser software used, surfing patterns, etc.—from any Web site you visit, and prevents sites from adding any cookies or other files to your computer. Anonymizers work in the same way as many firewalls.

Most anonymizers also provide remailer services.
Anonymous remailer (also see Anonymizer): An anonymous remailer is a special email server that acts as a middleman. It strips your outgoing email of all personally identifying information (except any information you might type in the body of the message), then forwards it to its destination, usually with the IP address of the remailer attached. Some remailers allow users to use their real name on the message.
BBBOnline: The Better Business Bureau's Online privacy seal program. BBBOnline certifies sites that meet baseline privacy standards. The program requires its licensees to implement certain fair information practices and to submit to various types of compliance monitoring in order to display a privacy seal on their Web sites.
Blocking software: A computer program that allows parents, teachers, or guardians to "block" access to certain Web sites and other information available over the Internet. All blocking software has filtered the information before blocking access to it.
Bookmark: A placeholder for interesting or frequently used Web sites, so that these sites can be revisited easily without having to remember or retype the Internet address.
Browser: A software product that lets you find, see, and hear material on the World Wide Web, including text, graphics, sound, and video. Popular browsers are Netscape Navigator and Microsoft Internet Explorer.
Bulletin board (also see Chat and Chat room): A public area online where you can post a message for everyone to read. If you post a message to a bulletin board, in nearly all cases, other member participants will be able to contact you by email.
Cache: A cache is a place on your hard drive where the Web browser stores information (text, graphics, sounds, etc.) from pages or sites that you have visited recently so that returning to those pages or sites is faster and easier.
Chat (see also Bulletin board): A feature of online services or Web sites that allows participants to "talk" by typing messages that everyone can read at the same time. Here's how it works: The participant enters the chat room, types a message on his or her computer, and sends it. It is instantly displayed on the screens of the other users in the chat room. Admission is generally not restricted.
Chat room: A "place" or page in a Web site or online service where people can chat, or "talk," with each other by typing messages. It's "real-time" communication like talking on the phone, except the "talkers" are typing text as with email. Email, on the other hand, is delayed communication.
Choice: Refers to companies' providing consumers with options regarding whether and how personal information collected from them may be used for purposes other than those for which it was provided.
Client-based filter (see also filter and blocking software): A software program that a user installs on his or her own computer to block access to inappropriate material, prevent kids from accessing the Internet at certain times, or to prevent kids from revealing personal information.
Collection: Online collection of personal information (i.e., shopping preferences, interests, physical contact information) occurs in two ways. First, data may be collected through your input of information, such as during a financial transaction, acquisition of a membership, or application for a service. Second, detailed personal information may be collected while you engage in "passive" online activity—for example, when you participate in chat rooms, glance at bulletin boards or browse through online libraries. When you ftp a file, your actions may generate a personally identifiable record. Your personal information may thus be collected and stored without your immediate knowledge.
Commercial service: General term for large online services. These services are like special clubs that require membership dues. Besides providing access to the Internet, commercial services offer content, games, and chat rooms that are available only to members.
Commercial online service: An online service that maintains a closed proprietary network, providing a variety of information and other services to its subscribers. Commercial online services generally provide their own content, forums, and information available only to its subscribers.
Completion and support of current activity: Refers to a site's or a service provider's use of personal data to complete the activity for which it was provided, such as the provision of information, communications, or interactive services—for example, to return the results from a Web search, forward email, or place an order.
Computer information: Information about the computer system that the individual uses to access the network—such as the IP number, domain name, browser type or operating system.
Consent: Explicit permission, given to a Web site by a visitor, to handle her personal information in specified ways. "Informed consent" implies that the company fully discloses its information practices prior to obtaining personal data or permission to use it.
Content: The actual text of a communication or information sent. Includes text of emails, bulletin board postings, chat room communications, files and graphics. Content does not include routing information, the date, time, or subject of the message, or other transactional data.
Cookie: A piece of information unique to you that your browser saves and sends back to a Web server when you revisit a Web site (the Web server is the computer that "hosts" a Web site that your browser downloads or "sees"). The server "tells" your browser where to put the cookie on the server. Cookies contain information such as log-in or registration information, online "shopping cart" information (your online buying patterns in a certain retail site), user preferences, what site you came from last, etc. CookieCentral provides detailed information on Internet cookies and how to stop them.
Correction: User ability to alter incomplete or inaccurate personal information that a company has collected.
CPNI: Customer Proprietary Network Information, which applies to information about how you use your telephone. Includes the location, duration, and frequency of phone calls.
Cyberspace: A very general term used in a number of ways. "Cyberspace" can refer to the electronic areas and communities on the Internet and other computer networks; the culture developing on (or across) the global network of phone wires that make up the Internet; a new publishing or communications medium separate from conventional media; and a "place" separate from or in addition to physical space.
Data element: An individual data entity, such as last name or telephone number.
Data category: A significant attribute of a data element or data set that may be used by a trust engine to determine what type of element is under discussion, such as physical contact information.
Data mining (also see Online Profiling): The practice of compiling information about Internet users by tracking their motions through Web sites, recording the time they spend there, what links they click on and other details, usually for marketing purposes.
Demographic and socioeconomic data: Data about an individual's characteristics—such as gender, age, and income.
Digital storm: A new generation of analytic tools, currently being developed by the FBI, to sift and link data from disparate sources. Currently, law enforcement agencies have access to a vast and growing array of digital information. See CDT's presentation on Digital Storm.
Directories: Similar to search engines, directories are indexes of Web pages organized by subject.
Disclosure: Refers to companies' practice of making personal information available to third parties, e.g., marketing lists, other organizations that provide similar services, etc.
Discussion group: An area online focused on a specific topic where users can read and add or "post" comments ("post" in the sense of posting something on a bulletin board). You can find discussion groups, also referred to as "discussion boards," for almost any topic.
Domain name (also see URL): A Web site address, usually followed by .com, .org or .edu.
Download (also see Upload): Copying data from another computer to your computer. "Download" is also used to mean viewing a Web site, or material on a Web server, with a Web browser.
Downstream data use: Refers to companies' practice of disclosing personal information collected from users to other parties "downstream" to facilitate a transaction. For example, a content provider may disclose your personal information to a shipping company that will deliver the order to your house. The content provider may also disclose your personal information to a billing or credit card company in order to charge you for the transaction.
Email: Electronic Mail. A way of sending messages electronically from one computer to another. Users can send memos, letters, and other word-based messages, as well as multimedia documents. Emailing requires having a modem, connecting a telephone line to your computer, and an email address (recognizable because of the "@" symbol, such as president@whitehouse.gov).
Email header: Information that identifies the sender and recipient of a message, information about how the message was routed through the network, the date and time at which the message was sent, and the subject of the message.
Encryption: Technology that scrambles digital content, with the use of a private code, so that it cannot be read without the key to the code. Encryption facilitates secure transmissions.
Enforcement: A principle of fair information guidelines, along with (1) Notice, (2) Choice, (3) Access, and (4) Security. Refers to the use of a reliable mechanism to impose sanctions for Web sites that do not comply with the above information practices. The Federal Trade Commission has identified Enforcement as a critical ingredient in any government or self-regulatory program that seeks to ensure privacy online.
FAQ: A list of "Frequently Asked Questions" about a specific Web site, mailing list, product, or game. Reading the FAQ first is a great idea when you are new to a site, mailing list, discussion group, or product.
FTP: File Transfer Protocol - A way to transfer ("upload" or "download") files from one computer to another, for example from your hard drive to a Web server in order to update a Web site.
Fair information practices: Privacy guidelines, which predate the online medium, that were enumerated in the 1973 report released by the U.S. Department of Health, Education, and Welfare, which addressed privacy protections in the age of digital data collection. The principles, which include, among others, (1) Notice, (2) Choice, (3) Access, and (4) Security, have been developed and recognized by agencies in the U.S., Canada, and Europe. A more comprehensive iteration of fair information practices is embedded in the OECD Guidelines.
Fairness: A goal of Fair Information Practices, which requires a company to use personal information only for the purpose for which it was initially collected.
Filter: Software that sorts information on the Internet and classifies it according to content. Some filtering software allows the user to block certain kinds of information on the Internet. See also Blocking software, Client-based filter, and Server-based filter.
Financial information (also see Purchase information): Information about an individual's finances, including account status and activity information such as account balance, payment or overdraft history, and information about an individual's purchase or use of financial instruments including credit or debit card information.

Note: Purchase information alone does not constitute financial information.
Firewall: A security device that places a protective "wall" around a computer or network of computers, keeping it from being accessible to the public.
HTML: Hypertext Markup Language - The standard language used for creating documents on the World Wide Web.
HTTP: Hypertext Transfer Protocol - The standard language that computers connected to the World Wide Web use to communicate with each other.
Hardware: The nuts, bolts, and wires of a computer and computer-related equipment, also the actual computer and related machines such as scanners and printers.
Health information: Personal data, which may be collected by a site or a service provider, about an individual's physical or mental health, sexual orientation, use or inquiry into health care services or products, and purchase of health care services or products.
Home page: The first page or document Web users see when connecting to a Web server or when visiting a Web site.
Hyperlink (also see Link): An image or portion of text on a Web page that is linked to another Web page (either on the same site or in another Web site). If it's a word or phrase, the link is another color, underlined, or both. If it's an image, the hyperlink has a border around it, or the cursor changes to a little hand when the cursor is dragged over the image with the mouse. The user clicks on the link to go to another Web page or another place on the same page.
IM or Instant message (also see Web-based instant messaging): A chat-like technology on an online service that notifies a user when a friend is online, allowing for simultaneous communication (like talking on the phone, only with text).
IP: Internet protocol - The computer language that allows computer programs to communicate over the Internet.
IP address (or IP number): A set of four numbers, each between zero and 255, separated by periods that uniquely identifies a computer or other hardware device (such as a printer) on the Internet.
ISP: Internet Service Provider - A company that sells access to the Internet, most often through a local phone number. ISPs are usually distinguished from commercial services, which link to the Internet but also offer additional services, such as content and chat, only available to their subscribers.
Individual profiling: Refers to a site's or a service provider's use of personal data to create or build a record on the particular individual or computer for the purpose of compiling habits or personally identifiable information of that individual or computer. For example, online stores may recommend products based on the visitor's purchasing history on the specific Web site or online in general.
Interactive data: Data actively generated by or reflecting your interactions with a service provider through its site. Interactive data could include queries to a search engine or logs of account activity.
Internet: Referred to as "Net" for short, a collection of thousands of connected computers and computer networks.
Keyword: On Web search engines, words typed into the search form, or search "window," to search the Web for pages or sites that contain the keyword and information related to it.
Kids' Web sites: A Web site for children under 13 years old (or those sites that know that their visitors are under 13 years old).
Limitation collection: Refers to the established principle that collection of personal data should be limited to information that is necessary to complete a transaction. For instance, an online service provider that requires you to provide a copy of your tax returns as a condition of becoming a subscriber obviously collects more information than it requires to process a membership. When personally identifiable information is not necessary to support the initial activity, users should have the opportunity to restrict or deny its collection.
Link (also see Hyperlink): Highlighted text that is designed so that clicking on it will take you to another document, Web page, or Web site.
Location Data: Information that can be used to identify an individual's current physical location and track her as the location changes.
Mailing list: An email-based discussion forum dedicated to a topic of interest. An interested Internet user can subscribe to a mailing list by sending an email message that contains appropriate instructions to a specific email address. The computer that houses the mailing list program maintains a list of subscribers and routes all posted messages to subscribers' electronic mailboxes. Mailing lists are either publicly and privately maintained, and can either be moderated or unmoderated.
Modem: A hardware device that allows computers to communicate with each other over telephone lines. Modems come in different speeds: The higher the speed, the faster the data are transmitted. A modem enables what is generally referred to as "dial-up access." The fastest widely available modems are "56K" (or 56 kilobits per second).
Monitoring software: A type of software product that allows a parent or caretaker to monitor the Web sites or email messages that a child visits or reads, without necessarily blocking access.
Mouse (also see Hardware): A small device attached to your computer by a cord, which lets you give commands to the computer by clicking.
Navigation and click-stream data: Refers to user data passively generated by browsing the Internet. Includes information regarding the links on which a user clicks, pages a user visits and the amount of time spent on each page.
Notice: Refers to data collectors' disclosure of their information practices prior to collecting personal information from consumers.

In the online context, notice means that Internet users learn from the online service provider or Web site whether and to what extent the service or site collects and uses their personal information.
OECD guidelines: Privacy Guidelines issued in late 1980 by the Organization for Economic Cooperation and Development. Albeit broad, the OECD guidelines set up important standards for future governmental privacy rules; the guidelines underpin most current international agreements, national laws, and self-regulatory policies.
One-time tailoring: Refers to a site's or a service provider's use of personal data to tailor or modify content or design of the site not affirmatively selected by the particular individual, where the information is used only for a single visit to the site and not used for any kind of future customization. For example, an online store may suggest items a visitor may wish to purchase based on the products that she has already placed in her shopping basket.
Online contact information (also see Physical contact information): Information that allows an individual to be contacted or located on the Internet, such as the email address. Often, this information is independent of the specific computer used to access the network.
Online Privacy Alliance (OPA): The OPA, a group of more than 80 global corporations and associations, was created to lead and support industry self-regulatory initiatives. The OPA identifies and advances online privacy policies across the private sector, supports the development and use of self-regulatory enforcement mechanisms and activities, as well as user empowerment technology tools designed to protect individuals' privacy, and supports compliance with and strong enforcement of applicable laws and regulations.

OPA's privacy policy guidelines.
Online profiling (also see Individual profiling and Data mining): The practice of aggregating information about consumers' preferences and interests, gathered primarily by tracking their online movements and actions, with the purpose of creating targeted advertisement using the resulting profiles.
Operating system: The main program that runs on a computer. An operating system allows other software to run and prevents unauthorized users from accessing the system. Major operating systems include UNIX, Windows, MacOS, and Linux.
Operator: The person who is responsible for maintaining and running a Web site.
Opt-in (versus "Opt-out"): An option that requires your explicit consent for the use and disclosure of your personal information beyond the original, primary purpose for which it was collected.

For instance, example.com may provide an empty check-box and state, "I permit example.com to share my personal information beyond the purpose for which it was collected." The company thus requires you to affirmatively consent, or opt-in, before it will use or share your personal information beyond the primary purpose. The Web site's default program assumes that you have not consented to such use unless you check off the box.
Opt-out (versus "Opt-in"): An option that allows you to prevent the use and disclosure of your personal information beyond the original, primary purpose for which it was collected.

For instance, example.com may display a checked-off box and state, "I permit example.com to share my personal information beyond the purpose for which it was collected." You must un-check the box, or opt-out, to prevent the company from using or sharing your personal information beyond the primary purpose. The Web site's default program assumes that you have consented such use unless you un-check the box.

See CDT's Operation Opt-Out.
P3P: See Platform for Privacy Preferences Project
Personally identifiable transactional data: Information that describes your online activities such as the Web sites that you have visited, addresses to which you have sent email, files that you have downloaded, and other information revealed in the normal course of using the Internet. Transactional data differs from the content of a communication since it is not the actual substance of your communication, but rather the information about your communication.

Traditionally, the content of your communications received greater statutory protection than transactional data. Recent legislative developments, however, have strengthened privacy protections for transactional data since it became widely acknowledged that transactional data may reveal as much sensitive information as the actual content of a communication.

Personal user preferences tracked by a Web site via a online cookies are also considered personally identifiable when linked to other personally identifiable information provided by online users.
Physical contact information (versus Online contact information): Information that allows an individual to be contacted or located in the physical world—such as a telephone number or an address.
Platform for Privacy Preferences Project (P3P): A set of software-writing guidelines developed by the World Wide Web Consortium (W3C), the standard-setting body for the Web.

P3P is designed to provide Internet users with a clear understanding of how personal information will be used by a particular Web site, empowering users to avoid sites that do not meet their privacy preferences.

CDT's P3P and Privacy: An Update for the Privacy Community report. (also in .pdf format)
Policy: A collection of one or more privacy statements together with information that provides the identity, URL, assurances, and dispute resolution procedures of the service covered by the policy.
Privacy policy: A description of a Web site's practices with respect to its collection and use of information. A privacy policy will include information about what personal information the site collects, how it is used, with whom the site shares it, how it is secured, and whether users can exercise control over the use of their personal data.
Political information: User information, which may be collected by a site or a service provider, regarding membership in or affiliation with groups such as religious organizations, trade unions, professional associations, political parties, etc.
Preference data: Data which may be collected by a site or a service provider about an individual's likes and dislikes—such as favorite color or musical tastes.
Pseudonymity (also see Anonymity): A condition in which you have taken on an assumed identity.
Pseudonymous profiling: Refers to a site's or a service provider's use of personal data to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying personally-identifiable information (such as name, address, phone number, email address, or IP address) to the record. This profile is usually used to determine the habits, interests, or other characteristics of individuals while it is not used to attempt to identify specific individuals.
Public forums: Refers to digital entities such as bulletin boards, public directories, or commercial CD-ROM directories, where personal user data may be distributed by a site or a service provider.
Purchase information: Information actively generated by the purchase of a product or service, including information about the method of payment.
Purpose: The reason(s) for data collection and use.
Recipient: Refers to the legal entity, or domain, beyond the service provider and its agents where personal user data may be distributed. May include delivery services, unrelated third parties, and public forums.
Repository: A mechanism for storing user information under the control of the user agent.
Search engine: A tool to help people locate information available on the World Wide Web. By typing in keywords, users can find numerous Web sites that contain the information sought.
Secondary use: Refers to using personal information collected for one purpose for a second, unrelated purpose. A fundamental fair information principle is the provision of the opportunity for a user to choose if she wants her personal information used for a secondary purpose. The principle allows you to provide personal information for a specific purpose without the fear that it may later be used for an unrelated purpose without your knowledge or consent.
Security: The fourth principle of fair information guidelines, along with (1) Notice, (2) Choice, and (3) Access. Refers to data collectors' responsibility to take reasonable steps to ensure that information collected from consumers is accurate and secure from unauthorized use. There exists a number of ways that online services can safeguard data; examples include passwords, audit trails, and encryption.
Server: A host computer that stores information and/or software programs and makes them available (or "serves" them) to users of other computers. The information is downloaded from a Web server with a Web browser.
Server-based filter: Unlike client-based software, which is installed on your own computer, server-based filters work on a host server (for example, a Web server) generally located at an Internet Service Provider or a LAN at a company. Your computer is connected to this server so that you receive only the Web pages that are not filtered on the server. See also Filter and Blocking software.
Spam: Unsolicited "junk" email containing advertising or promotional messages sent to large numbers of people. Sometimes people or companies send sexually explicit unsolicited email, known as "porn spam."
State management mechanisms: Mechanisms for maintaining a stateful session with a user or automatically identifying users who have visited a particular site or accessed particular content previously. Cookies are a state management mechanism.
Subscription data: The information provided to an online service when a user signs up to become a member. Subscription data usually includes name, physical address, email address, billing information, and telephone numbers.
Transparency: A goal of Fair Information Practices, which requires a company to inform users what personal information the company collects and how the data is used.
TRUSTe: An online privacy seal program that certifies eligible Web sites, holding sites to baseline privacy standards. TRUSTe requires its licensees to implement certain fair information practices and to submit to various types of compliance monitoring in order to display a privacy seal on their Web sites.
Trustmark: An online seal awarded by TRUSTe to Web sites that agree to post their privacy practices openly via privacy statements, as well as adhere to enforcement procedures that ensure that those privacy promises are met. When you click on the TRUSTe trustmark, you're taken directly to the privacy statement of the licensed Web site.
Unique identifiers: Non-financial identifiers issued for purposes of consistently identifying the individual. These include government-issued identifiers such as a Social Security Number, as well as identifiers issued by a Web site or service.
Upload (also see Download): Copying or sending data or documents from your computer to another computer, such as the server that hosts your home page.
URL (also see Domain Name): Uniform Resource Locator - The World Wide Web address of a site on the Internet. For example, the URL for the White House is http://www.whitehouse.gov.
Use: Refers to the practice of collecting and using personal data internally, within the company or organization, for both administrative and marketing purposes. For example, an online service provider may use its own subscriber data to market a new service to its subscribers.
User: An individual (or group of individuals acting as a single entity) on whose behalf a service is accessed and for which personal data exists.
User agent: A privacy program whose purpose is to act as a go-between in interactions with services on behalf of the user under the user's preferences. A user may have more than one user agent, and agents need not reside on the user's desktop, but any agent must be controlled by and act on behalf of only the user.
Web: The World Wide Web - What most people think of when they think of the Internet. The Web is actually just one service on the Internet. It is a collection of graphical hyperlinked documents made publicly available on computers (or Web servers) around the world. The information on these servers can be viewed or accessed with a browser. Other services on the Internet include Internet Relay Chat and Newsgroups.
Web site: A collection of "pages" or files on the World Wide Web linked together and maintained by a company, organization, or individual. Anyone with a Web site may be considered a content provider or a publisher.
Web-based chat: Web-based chat allows people to chat with each other using a browser. Web-based chat rooms are found in Web sites.
Web-based email: A technology that allows you to send and receive email using only a browser (as opposed to an email software program like Eudora).
Web-based instant messaging (also see Instant messaging): Instant Messaging technology that works in Web sites (as opposed to a commercial online service).
Webmaster: The administrator responsible for the management and often the design of a Web site.
WWW (also see Web): The World Wide Web.
W3C: World Wide Web Consortium, the body that sets standards for the Web and how it should work.

ConsumerPrivacyGuide.org Sponsored by:

			Send us Feedback