Privacy is increasingly a major concern that prevents the exploitation of the Internet's full potential. Consumers are concerned about the trustworthiness of the websites to which they entrust their sensitive information. Although significant industry efforts are seeking to better protect sensitive information online, existing solutions are still fragmented and far from satisfactory. Specifically, existing languages for specifying privacy policies lack a formal and unambiguous semantics, are limited in expressive power and lack enforcement as well as auditing support. Moreover, existing privacy management tools aimed at increasing end-users' control over their privacy are limited in capability or difficult to use. This project seeks to provide a comprehensive framework for protecting online privacy, covering the entire privacy policy life cycle. This cycle includes enterprise policy creation, enforcement, analysis and auditing, as well as end user agent presentation and privacy policy processing. The project integrates privacy-relevant human, legal and economic perspectives in the proposed framework. This project will develop an expressive, semantics-based formal language for specifying privacy policies, an access control and auditing language for enforcing privacy policies in applications, as well as theory and tools for verifying privacy policies. Additionally, experiments and surveys will be conducted to better understand the axes of users' privacy concerns and protection objectives. Results from this empirical work will be used to develop an effective paradigm for specifying privacy preferences and methods to present privacy policies to end users in an accurate and accessible way.