For security and privacy management and enforcement purposes, various policy languages have been presented. We give an overview on 27 security and privacy policy languages and present a categorization framework for policy languages. We show how the current policy languages are represented in the framework and summarize our interpretation. We show up identified gaps and motivate for the adoption of policy languages for the specification of privacy-utility trade-off policies.