Privacy has been acknowledged to be a critical requirement for many business (and non-business) environments. Therefore, the definition of an expressive and easy-to-use privacyrelated access control model, based on which privacy policies can be specified, is crucial. In this work we introduce a family of models (P-RBAC) that extend the well known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We also compare our work with access control and privacy policy frameworks such as P3P, EPAL, and XACML. Categories and Subject Descriptors C.2.0 [Computer Communication Networks]: General— security and protection; D.4.6 [Operating Systems]: Security and Protection—Access Controls; K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms Management, Security, Standardization Keywords Privacy, Role Based Access Control, Model, Purpose