class

UseForPurpose

This Eclass is the root of the purpose (i.e. use for purpose by a data processor/controller) definition. It defines information use purposes for direct processing, for further processing, and for purpose termination. It also defines the information the purpose pertains to.

Attributes

Name Type Cardinality Description
Duration EInt 0..1 Duration of the information use purpose (if applicable), as a numerical value (in this draft of the PrivacyDSL, in seconds). In future versions of the PrivacyDSL, this should be modeled using more elaborate time concepts, and also other conditions.
useForPurposeName EString 0..1 Informal textual name of the information use purpose(s).

References

Name Target Containment Cardinality Opposite Description
information Information Yes * Reference(s) to the information the purpose pertains to.
purposeForUseDirectProcessing InformationUse Yes * Reference(s) to the "direct" information use purpose(s), i.e. the purposes the privacy-relevant information is originally collected and used for. "Direct" also means that - in situations where explicit consent by data subjects is required - the data subject explicitly (i.e. directly) consented to those information use purposes.
purposeForUseFurtherProcessing InformationUse Yes * Reference(s) to the "further" information use purpose(s), i.e. the purposes the privacy-relevant information is not originally collected and used for. In other words, the data subject did not explicitly (i.e. directly) consent to those information use purposes. Examples of lawful further processing would be the transfer of information to 3rd parties for processing, processing for service provisioning (e.g. of a website), analytics etc., as long as the further proessing is in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed.
purposeUseTermination InformationUseTermination Yes * Reference(s) to the termination of information use purpose(s), i.e. when the purpose is over. This can either be pre-determined (e.g. some purpose is limited by a set time window), can be dependent on certain events happening (e.g. related task completes), can be dependent on the event that the data subject explicitly withdraws consent etc. This is related to the concept of "retention policy", which states what information is to be kept or deleted and when. Note that there is often a difference between stopping the processing (i.e. use) of collected privacy-relevant information, and the actual deletion of that information. In many jurisdictions, deletion after the termination of the information use purpose(s) does not appear to be a requirement (cf. e.g. right to be forgotten), as long as the processing stops. For example, Facebook does not appear to delete any information even if users delete their profiles.