Privacylabel JSON standard

To make it easier to manage privacy labels we developed a simple standard. This page offers an introduction to the standard, while the next page discusses what is allowed and what isn't in more nitty-gritty detail.

‌Let's look at with the basic structure.

  "intro": {},
  "collection": {},
  "duration": {},
  "purpose": {},
  "legal": {},
  "sharing": {},
  "action": {},
  "updated": {},
‌ "meta": {} }

As you can see there are 9 sections. 

Intro, Action, Updated, Meta

These four sections consist of simple key-value pairs.

  "intro": {
    "title": "Small event",
    "description": "When you visit our event, we may collect and use data to improve our service."
  "collection": {},
  "duration": {},
  "purpose": {},
  "legal": {},
  "sharing": {},
  "action": {
    "privacy_policy": "",
    "manage_data": "",
    "contact": "",
    "email": "",
    "phone": "+317235467547874"
  "updated": {
    "updated_year": 2021,
    "updated_month": 11,
    "updated_day": 5
‌ "meta": { "language": "en-gb",
‌ "privacy_label_version": 2111
‌ } }

With the intro section you'll find the title and description, as well as the language in which the description and (optional) explanations are written. ‌The description is optional, as long as there is enough available context to understand what the label covers. Note that the language value is never expressed in the label, but is only used by the library.

‌The action section contains URL's for people to read more and/or ways to get in touch. Using both "contact" and "email" at the same time is frowned upon.

‌The updated section contains the date that the label was generated.

‌The meta section contains metadata. Firstly, the language in which the title, description and explanations are written (the rest of the label can be auto-translated, but these bits cannot). Secondly, the version of the privacy label standard itself. This version refers to the year and month. For example, "2106" would refer to the june 2021 release. We don't intend to create many versions, but it's best to be prepared. If more than one release of privacylabel should need to occur within one month, then a decimal will be used.

Purpose, Legal, sharing

These three sections all follow the same structure.

  "purpose": {
    "providing_goods_and_services": {},
    "education": {
      "explanation": "We may store your personal data for our internal training purposes, for example when you call us on the phone.",
      "url": ""
    "marketing_or_sales_or_customer_relations": {
      "explanation": "We may upload data, such as a list of email addresses, to marketing services."

Here you see three purposes. The first one, "providing goods and services", is very common. 

‌For the next one, "education", some optional details were added: an explanation and a URL where even more information can be found. This URL could, for example, jump to a specific section of the privacy policy. 

‌The final item shows that if an explanation is added, adding a "learn more" URL is optional. Adding only a URL is also allowed.

‌The values, such as "education", can only be selected from a finite list; you can't make up your own options. This offers readers some consistency, and it makes the auto-translate feature possible.

Data collection

This section works a bit different. It allows for five main sources ("receive from you", "receive from others", "observe", "created" and "purchase"). Within those sources you can add data types (e.g. "personal data").

  "collection": {
    "receive_from_you": {
      "personal_data": {},
      "explanation": "If you fill in forms on our website, or if you create a contract with us, then we may receive personal information such as your contact details."
    "receive_from_others": {
      "sensitive_data": {},
      "explanation": "Organisations that we work closely with may share data about you with us, in order to offer a seamless customer experience.",
      "url": "https:\/\/\/learn"
    "observe": {
      "aggregated_data": {},
      "personal_data": {}

Data types should only be present if they are being collected. An (optional) explanation text and/or URL may be added to a source.

Location & Duration

These two sections of the label are slightly different as they introduce a "value" key.

  "location": {
    "processed_outside_the_eu": {
      "value": "some_data",
      "explanation": "We make use of some services that operate out of the United States, such as Google Documents."
  "duration": {
    "most_data": {
      "value": "1_year_or_less"
    "some_data": {
      "value": "1_month_or_less",
      "explanation": "Our website only stores data for a short amount of time. We also delete security camera footage after two weeks."
    "a_little_data": {
      "value": "10_years_or_less",
      "explanation": "Our financial administration is stored for 7 years. This may include your bank records."

Location is relatively simple, since it only has one item: "processed outside the EU". This item must exist, and it must contain a value, which can be one of four options: 'no_data', 'some_data', 'most_data' or 'all_data'.

Duration is a bit more complex. It allows for up to four items, which must be 'used up' in this order:

  • most_data
  • some_data
  • a_little_data
  • least_amount_of_data

So it's possible to only have "most data" and "some data". But it's not possible to pick "most data" and "a little data" only, as that would skip "some data".

‌These items are chosen in such a way that they should cover increasingly smaller portions of the collected data. 

‌Each item can be matched to one of these values: 

  • 1_month_or_less
  • 1_year_or_less
  • 10_years_or_less
  • more_than_10_years

Each duration option may only occur once.

About the design

As you may have noticed, the JSON variable names have been designed to be as human readable as possible. Since it's possible to view a label's JSON with a single click on the code button, we wanted it to make as much sense as possible to non-technical people.

Also, the JSON tries to remain compact. If a part of the label isn't filled in, then it's omitted from the JSON.