diff --git a/administrator/components/com_privacy/helpers/privacy.php b/administrator/components/com_privacy/helpers/privacy.php
index 6c56b2483e8e2..98aa232e37aa3 100644
--- a/administrator/components/com_privacy/helpers/privacy.php
+++ b/administrator/components/com_privacy/helpers/privacy.php
@@ -32,5 +32,11 @@ public static function addSubmenu($vName)
 			'index.php?option=com_privacy',
 			$vName === 'requests'
 		);
+
+		JHtmlSidebar::addEntry(
+			JText::_('COM_PRIVACY_SUBMENU_CAPABILITIES'),
+			'index.php?option=com_privacy&view=capabilities',
+			$vName === 'capabilities'
+		);
 	}
 }
diff --git a/administrator/components/com_privacy/models/capabilities.php b/administrator/components/com_privacy/models/capabilities.php
new file mode 100644
index 0000000000000..e6c90c29953b4
--- /dev/null
+++ b/administrator/components/com_privacy/models/capabilities.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_privacy
+ *
+ * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Capabilities model class.
+ *
+ * @since  __DEPLOY_VERSION__
+ */
+class PrivacyModelCapabilities extends JModelLegacy
+{
+	/**
+	 * Retrieve the extension capabilities.
+	 *
+	 * @return  array
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function getCapabilities()
+	{
+		$app = JFactory::getApplication();
+
+		/*
+		 * Capabilities will be collected in two parts:
+		 *
+		 * 1) Core capabilities - This will cover the core API, i.e. all library level classes
+		 * 2) Extension capabilities - This will be collected by a plugin hook to select plugin groups
+		 *
+		 * Plugins which report capabilities should return an associative array with a single root level key which is used as the title
+		 * for the reporting section and an array with each value being a separate capability. All capability messages should be translated
+		 * by the extension when building the array. An example of the structure expected to be returned from plugins can be found in the
+		 * $coreCapabilities array below.
+		 */
+
+		$coreCapabilities = array(
+			JText::_('COM_PRIVACY_HEADING_CORE_CAPABILITIES') => array(
+				JText::_('COM_PRIVACY_CORE_CAPABILITY_SESSION_IP_ADDRESS_AND_COOKIE'),
+				JText::sprintf('COM_PRIVACY_CORE_CAPABILITY_LOGGING_IP_ADDRESS', $app->get('log_path', JPATH_ADMINISTRATOR . '/logs')),
+				JText::_('COM_PRIVACY_CORE_CAPABILITY_COMMUNICATION_WITH_JOOMLA_ORG'),
+			)
+		);
+
+		/*
+		 * We will search for capabilities from the following plugin groups:
+		 *
+		 * - Authentication: These plugins by design process user information and may have capabilities such as creating cookies
+		 * - Captcha: These plugins may communicate information to third party systems
+		 * - Installer: These plugins can add additional install capabilities to the Extension Manager, such as the Install from Web service
+		 * - Privacy: These plugins are the primary integration point into this component
+		 * - User: These plugins are intended to extend the user management system
+		 *
+		 * This is in addition to plugin groups which are imported before this method is triggered, generally this is the system group.
+		 */
+
+		JPluginHelper::importPlugin('authentication');
+		JPluginHelper::importPlugin('captcha');
+		JPluginHelper::importPlugin('installer');
+		JPluginHelper::importPlugin('privacy');
+		JPluginHelper::importPlugin('user');
+
+		$pluginResults = $app->triggerEvent('onPrivacyCollectAdminCapabilities');
+
+		// We are going to "cheat" here and include this component's capabilities without using a plugin
+		$extensionCapabilities = array(
+			JText::_('COM_PRIVACY') => array(
+				JText::_('COM_PRIVACY_EXTENSION_CAPABILITY_PERSONAL_INFO'),
+			)
+		);
+
+		foreach ($pluginResults as $pluginResult)
+		{
+			$extensionCapabilities += $pluginResult;
+		}
+
+		// Sort the extension list alphabetically
+		ksort($extensionCapabilities);
+
+		// Always prepend the core capabilities to the array
+		return $coreCapabilities + $extensionCapabilities;
+	}
+
+	/**
+	 * Method to auto-populate the model state.
+	 *
+	 * @return  void
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	protected function populateState()
+	{
+		// Load the parameters.
+		$this->setState('params', JComponentHelper::getParams('com_privacy'));
+	}
+}
diff --git a/administrator/components/com_privacy/views/capabilities/tmpl/default.php b/administrator/components/com_privacy/views/capabilities/tmpl/default.php
new file mode 100644
index 0000000000000..4f0e03e27e1a9
--- /dev/null
+++ b/administrator/components/com_privacy/views/capabilities/tmpl/default.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_privacy
+ *
+ * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/** @var PrivacyViewCapabilities $this */
+
+?>
+<?php if (!empty($this->sidebar)) : ?>
+	<div id="j-sidebar-container" class="span2">
+		<?php echo $this->sidebar; ?>
+	</div>
+	<div id="j-main-container" class="span10">
+<?php else : ?>
+	<div id="j-main-container">
+<?php endif; ?>
+	<div class="alert alert-info">
+		<h4 class="alert-heading"><?php echo JText::_('COM_PRIVACY_MSG_CAPABILITIES_ABOUT_THIS_INFORMATION'); ?></h4>
+		<?php echo JText::_('COM_PRIVACY_MSG_CAPABILITIES_INTRODUCTION'); ?>
+	</div>
+	<?php if (empty($this->capabilities)) : ?>
+		<div class="alert alert-no-items">
+			<?php echo JText::_('COM_PRIVACY_MSG_CAPABILITIES_NO_CAPABILITIES'); ?>
+		</div>
+	<?php else : ?>
+		<?php $i = 0; ?>
+		<?php echo JHtml::_('bootstrap.startAccordion', 'slide-capabilities', array('active' => 'slide-0')); ?>
+
+		<?php foreach ($this->capabilities as $extension => $capabilities) : ?>
+			<?php echo JHtml::_('bootstrap.addSlide', 'slide-capabilities', $extension, 'slide-' . $i); ?>
+				<?php if (empty($capabilities)) : ?>
+					<div class="alert alert-no-items">
+						<?php echo JText::_('COM_PRIVACY_MSG_EXTENSION_NO_CAPABILITIES'); ?>
+					</div>
+				<?php else : ?>
+					<ul>
+						<?php foreach ($capabilities as $capability) : ?>
+							<li><?php echo $capability; ?></li>
+						<?php endforeach; ?>
+					</ul>
+				<?php endif; ?>
+			<?php echo JHtml::_('bootstrap.endSlide'); ?>
+			<?php $i++; ?>
+		<?php endforeach; ?>
+
+		<?php echo JHtml::_('bootstrap.endAccordion'); ?>
+	<?php endif; ?>
+</div>
diff --git a/administrator/components/com_privacy/views/capabilities/view.html.php b/administrator/components/com_privacy/views/capabilities/view.html.php
new file mode 100644
index 0000000000000..91532075f39c4
--- /dev/null
+++ b/administrator/components/com_privacy/views/capabilities/view.html.php
@@ -0,0 +1,86 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_privacy
+ *
+ * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Capabilities view class
+ *
+ * @since  __DEPLOY_VERSION__
+ */
+class PrivacyViewCapabilities extends JViewLegacy
+{
+	/**
+	 * The reported extension capabilities
+	 *
+	 * @var    array
+	 * @since  __DEPLOY_VERSION__
+	 */
+	protected $capabilities;
+
+	/**
+	 * The HTML markup for the sidebar
+	 *
+	 * @var    string
+	 * @since  __DEPLOY_VERSION__
+	 */
+	protected $sidebar;
+
+	/**
+	 * The state information
+	 *
+	 * @var    JObject
+	 * @since  __DEPLOY_VERSION__
+	 */
+	protected $state;
+
+	/**
+	 * Execute and display a template script.
+	 *
+	 * @param   string  $tpl  The name of the template file to parse; automatically searches through the template paths.
+	 *
+	 * @return  mixed  A string if successful, otherwise an Error object.
+	 *
+	 * @see     JViewLegacy::loadTemplate()
+	 * @since   __DEPLOY_VERSION__
+	 * @throws  Exception
+	 */
+	public function display($tpl = null)
+	{
+		// Initialise variables
+		$this->capabilities = $this->get('Capabilities');
+		$this->state        = $this->get('State');
+
+		// Check for errors.
+		if (count($errors = $this->get('Errors')))
+		{
+			throw new Exception(implode("\n", $errors), 500);
+		}
+
+		$this->addToolbar();
+
+		$this->sidebar = JHtmlSidebar::render();
+
+		return parent::display($tpl);
+	}
+
+	/**
+	 * Add the page title and toolbar.
+	 *
+	 * @return  void
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	protected function addToolbar()
+	{
+		JToolbarHelper::title(JText::_('COM_PRIVACY_VIEW_CAPABILITIES'), 'dashboard');
+
+		JToolbarHelper::preferences('com_privacy');
+	}
+}
diff --git a/administrator/language/en-GB/en-GB.com_privacy.ini b/administrator/language/en-GB/en-GB.com_privacy.ini
index 95c32c8c72337..9977faebccdee 100644
--- a/administrator/language/en-GB/en-GB.com_privacy.ini
+++ b/administrator/language/en-GB/en-GB.com_privacy.ini
@@ -6,6 +6,11 @@
 COM_PRIVACY="Privacy"
 COM_PRIVACY_ACTION_VIEW="View Request"
 COM_PRIVACY_CONFIGURATION="Privacy: Options"
+COM_PRIVACY_CORE_CAPABILITY_COMMUNICATION_WITH_JOOMLA_ORG="When a network connection is available, a Joomla installation will attempt to communicate with the joomla.org servers for various capabilities, to include:<ul><li>Checking for updates for the Joomla application</li><li>Help screens for core Joomla extensions</li><li>The Install from Web service (opt-in)</li><li>The statistics collection server (opt-in)</li></ul>As with all HTTP requests, the IP address of your server will be transmitted as part of the request. For information on how Joomla processes data on its servers, please review our <a href=\"https://www.joomla.org/privacy-policy.html\" target=\"_blank\" rel=\"noopener noreferrer\">privacy policy</a>."
+; The placeholder for this key is the configured log path for the site.
+COM_PRIVACY_CORE_CAPABILITY_LOGGING_IP_ADDRESS="Joomla's logging system records the IP address of the visitor which led to a message being written to its log files. These log files are used to record various activity on a Joomla site, including information related to core updates, invalid login attempts, unhandled errors, and development information such as the use of deprecated APIs. The format of these log files may be customised by any extension which configures a logger, therefore you are encouraged to download and review the log files for your website which may be found at `%s`."
+COM_PRIVACY_CORE_CAPABILITY_SESSION_IP_ADDRESS_AND_COOKIE="All requests to a Joomla website start a session which stores the IP address in the session data and creates a session cookie in the user's browser. The IP address is used as a security measure to help protect against potential session hijacking attacks and this information is deleted once the session has expired and its data purged. The session cookie's name is based on a randomly generated hash and therefore does not have a constant identifier. The session cookie is destroyed once the session has expired or the user has exited their browser."
+COM_PRIVACY_EXTENSION_CAPABILITY_PERSONAL_INFO="In order to process information requests, information about the user must be collected and logged for the purposes of retaining an audit log. The request system is based on an individual's email address which will be used to link the request to an existing site user if able."
 ; You can use the following merge codes for all COM_PRIVACY_EMAIL strings:
 ; [SITENAME]  Site name, as set in Global Configuration.
 ; [URL]       URL of the site's frontend page.
@@ -28,6 +33,7 @@ COM_PRIVACY_FIELD_STATUS_DESC="The status of the information request."
 COM_PRIVACY_FIELD_USER_ID_DESC="The user account for the individual owning the information being requested, if one exists."
 COM_PRIVACY_FIELD_USER_ID_LABEL="Associated User"
 COM_PRIVACY_FILTER_SEARCH_LABEL="Search Requests"
+COM_PRIVACY_HEADING_CORE_CAPABILITIES="Joomla Core Capabilities"
 COM_PRIVACY_HEADING_EMAIL_ASC="Email ascending"
 COM_PRIVACY_HEADING_EMAIL_DESC="Email descending"
 COM_PRIVACY_HEADING_REQUEST_TYPE="Request Type"
@@ -40,7 +46,11 @@ COM_PRIVACY_HEADING_REQUESTED_AT_ASC="Requested ascending"
 COM_PRIVACY_HEADING_REQUESTED_AT_DESC="Requested descending"
 COM_PRIVACY_HEADING_STATUS_ASC="Status ascending"
 COM_PRIVACY_HEADING_STATUS_DESC="Status descending"
+COM_PRIVACY_MSG_CAPABILITIES_ABOUT_THIS_INFORMATION="About This Information"
+COM_PRIVACY_MSG_CAPABILITIES_INTRODUCTION="The information on this screen is collected from extensions which report their privacy related capabilities to this system. It is intended to help site owners be aware of the capabilities of installed extensions and provide information to help owners create local site policies such as a privacy policy. As this screen requires extensions to support its reporting system, and only displays information from enabled extensions, this should not be considered a complete list and you are encouraged to consult each extension's documentation for more information."
+COM_PRIVACY_MSG_CAPABILITIES_NO_CAPABILITIES="There are no reported extension capabilities."
 COM_PRIVACY_MSG_CONFIRM_EMAIL_SENT_TO_USER="A confirmation email for this request has been sent to the user."
+COM_PRIVACY_MSG_EXTENSION_NO_CAPABILITIES="This extension does not report any capabilities."
 COM_PRIVACY_MSG_REQUESTS_NO_REQUESTS="There are no information requests matching your query."
 COM_PRIVACY_REQUEST_COMPLETED="The request has been completed."
 COM_PRIVACY_REQUEST_INVALIDATED="The request has been invalidated."
@@ -50,11 +60,13 @@ COM_PRIVACY_STATUS_CONFIRMED="Confirmed"
 COM_PRIVACY_STATUS_INVALID="Invalid"
 COM_PRIVACY_STATUS_PENDING="Pending"
 COM_PRIVACY_SEARCH_IN_EMAIL="Search in requestor email address. Prefix with ID: to search for a request ID."
+COM_PRIVACY_SUBMENU_CAPABILITIES="Capabilities"
 COM_PRIVACY_SUBMENU_REQUESTS="Requests"
 COM_PRIVACY_TOOLBAR_COMPLETE="Complete"
 COM_PRIVACY_TOOLBAR_INVALIDATE="Invalidate"
 COM_PRIVACY_USER_FIELD_EMAIL_DESC="The email address of the individual owning the information being requested."
 COM_PRIVACY_VIEW_REQUEST_ADD_REQUEST="Privacy: New Information Request"
 COM_PRIVACY_VIEW_REQUEST_SHOW_REQUEST="Privacy: Review Information Request"
+COM_PRIVACY_VIEW_CAPABILITIES="Privacy: Extension Capabilities"
 COM_PRIVACY_VIEW_REQUESTS="Privacy: Information Requests"
 COM_PRIVACY_XML_DESCRIPTION="Component for managing privacy related actions."
diff --git a/administrator/language/en-GB/en-GB.plg_authentication_cookie.ini b/administrator/language/en-GB/en-GB.plg_authentication_cookie.ini
index 8d02e7fe9fbf7..114cea9dd3da1 100644
--- a/administrator/language/en-GB/en-GB.plg_authentication_cookie.ini
+++ b/administrator/language/en-GB/en-GB.plg_authentication_cookie.ini
@@ -9,5 +9,6 @@ PLG_AUTH_COOKIE_FIELD_COOKIE_LIFETIME_DESC="The number of days until the authent
 PLG_AUTH_COOKIE_FIELD_COOKIE_LIFETIME_LABEL="Cookie Lifetime"
 PLG_AUTH_COOKIE_FIELD_KEY_LENGTH_DESC="The length of the key to use to encrypt the cookie. Longer lengths are more secure, but they will slow performance."
 PLG_AUTH_COOKIE_FIELD_KEY_LENGTH_LABEL="Key Length"
+PLG_AUTH_COOKIE_PRIVACY_CAPABILITY_COOKIE="In conjunction with a plugin which supports a \"Remember Me\" feature, such as the \"System - Remember Me\" plugin, this plugin creates a cookie on the user's client if a \"Remember Me\" checkbox is selected when logging into the website. This cookie can be identified with the prefix `joomla_remember_me` and is used to automatically log users into the website when they visit and are not already logged in."
 PLG_AUTH_COOKIE_XML_DESCRIPTION="Handles Joomla's cookie User authentication.<br /><strong> Warning! You must have at least one other authentication plugin enabled.</strong> <br />You will also need a plugin such as the System - Remember Me plugin to implement cookie login."
 PLG_AUTHENTICATION_COOKIE="Authentication - Cookie"
diff --git a/administrator/language/en-GB/en-GB.plg_captcha_recaptcha.ini b/administrator/language/en-GB/en-GB.plg_captcha_recaptcha.ini
index 29821c12ebe7c..8a501818501b4 100644
--- a/administrator/language/en-GB/en-GB.plg_captcha_recaptcha.ini
+++ b/administrator/language/en-GB/en-GB.plg_captcha_recaptcha.ini
@@ -50,6 +50,8 @@ PLG_RECAPTCHA_ERROR_VERIFY_PARAMS_INCORRECT="The parameters to verify were incor
 PLG_RECAPTCHA_ERROR_INVALID_REFERRER="reCAPTCHA API keys are tied to a specific domain name for security reasons."
 PLG_RECAPTCHA_ERROR_RECAPTCHA_NOT_REACHABLE="Unable to contact the reCAPTCHA verify server."
 
+PLG_RECAPTCHA_PRIVACY_CAPABILITY_IP_ADDRESS="The reCAPTCHA plugin integrates with Google's reCAPTCHA system as a spam protection service. As part of this service, the IP of the user who is answering the captcha challenge is transmitted to Google."
+
 ; Uncomment(remove the ";" from the beginning of the line) the following lines if reCAPTCHA is not available in your language
 ; When uncommenting, do NOT translate PLG_RECAPTCHA_CUSTOM_LANG
 ; As of 01/01/2012, the following languages do not need translation: en, nl, fr, de, pt, ru, es, tr
diff --git a/administrator/language/en-GB/en-GB.plg_system_languagefilter.ini b/administrator/language/en-GB/en-GB.plg_system_languagefilter.ini
index 9d957af004674..bd4c481bad64e 100644
--- a/administrator/language/en-GB/en-GB.plg_system_languagefilter.ini
+++ b/administrator/language/en-GB/en-GB.plg_system_languagefilter.ini
@@ -24,5 +24,6 @@ PLG_SYSTEM_LANGUAGEFILTER_FIELD_REMOVE_DEFAULT_PREFIX_DESC="Remove the defined U
 PLG_SYSTEM_LANGUAGEFILTER_FIELD_REMOVE_DEFAULT_PREFIX_LABEL="Remove URL Language Code"
 PLG_SYSTEM_LANGUAGEFILTER_OPTION_SESSION="Session"
 PLG_SYSTEM_LANGUAGEFILTER_OPTION_YEAR="Year"
+PLG_SYSTEM_LANGUAGEFILTER_PRIVACY_CAPABILITY_LANGUAGE_COOKIE="On a site which supports multiple languages, this plugin can be configured to set a cookie on the user's browser which remembers their language preference. This cookie is used to redirect users to their preferred language when visiting the site and creating a new session. The cookie's name is based on a randomly generated hash and therefore does not have a constant identifier."
 PLG_SYSTEM_LANGUAGEFILTER_SITE_LANGUAGE="Site Language"
 PLG_SYSTEM_LANGUAGEFILTER_XML_DESCRIPTION="This plugin filters the displayed content depending on language.<br /><strong>This plugin is to be enabled only when the Language Switcher module is published.</strong><br />If this plugin is activated, it is recommended to also publish the Administrator multilingual status module."
diff --git a/plugins/authentication/cookie/cookie.php b/plugins/authentication/cookie/cookie.php
index 9a2effc87ff71..7d86105aa54f7 100644
--- a/plugins/authentication/cookie/cookie.php
+++ b/plugins/authentication/cookie/cookie.php
@@ -34,6 +34,24 @@ class PlgAuthenticationCookie extends JPlugin
 	 */
 	protected $db;
 
+	/**
+	 * Reports the privacy related capabilities for this plugin to site administrators.
+	 *
+	 * @return  array
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function onPrivacyCollectAdminCapabilities()
+	{
+		$this->loadLanguage();
+
+		return array(
+			JText::_('PLG_AUTHENTICATION_COOKIE') => array(
+				JText::_('PLG_AUTH_COOKIE_PRIVACY_CAPABILITY_COOKIE'),
+			)
+		);
+	}
+
 	/**
 	 * This method should handle any authentication and report back to the subject
 	 *
diff --git a/plugins/captcha/recaptcha/recaptcha.php b/plugins/captcha/recaptcha/recaptcha.php
index 6aae275f18ddf..213879d281a07 100644
--- a/plugins/captcha/recaptcha/recaptcha.php
+++ b/plugins/captcha/recaptcha/recaptcha.php
@@ -25,6 +25,24 @@ class PlgCaptchaRecaptcha extends JPlugin
 	 */
 	protected $autoloadLanguage = true;
 
+	/**
+	 * Reports the privacy related capabilities for this plugin to site administrators.
+	 *
+	 * @return  array
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function onPrivacyCollectAdminCapabilities()
+	{
+		$this->loadLanguage();
+
+		return array(
+			JText::_('PLG_CAPTCHA_RECAPTCHA') => array(
+				JText::_('PLG_RECAPTCHA_PRIVACY_CAPABILITY_IP_ADDRESS'),
+			)
+		);
+	}
+
 	/**
 	 * Initialise the captcha
 	 *
diff --git a/plugins/system/languagefilter/languagefilter.php b/plugins/system/languagefilter/languagefilter.php
index a04d7c4791a69..57b854e444fa5 100644
--- a/plugins/system/languagefilter/languagefilter.php
+++ b/plugins/system/languagefilter/languagefilter.php
@@ -518,6 +518,24 @@ public function parseRule(&$router, &$uri)
 		return $array;
 	}
 
+	/**
+	 * Reports the privacy related capabilities for this plugin to site administrators.
+	 *
+	 * @return  array
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function onPrivacyCollectAdminCapabilities()
+	{
+		$this->loadLanguage();
+
+		return array(
+			JText::_('PLG_SYSTEM_LANGUAGEFILTER') => array(
+				JText::_('PLG_SYSTEM_LANGUAGEFILTER_PRIVACY_CAPABILITY_LANGUAGE_COOKIE'),
+			)
+		);
+	}
+
 	/**
 	 * Before store user method.
 	 *