Grounding Data Purpose And Data Usage For Better Privacy Requirements Development: An Information System Perspective

Data purpose is a central concept to modeling privacy requirements for information systems. Existing purpose-centric approaches for privacy protection have mainly focused on access control. The problem of ensuring the consistency between data purpose and data usage has been under-addressed. Given the lack of practical purpose-centric solutions, we argue that a grounded understanding of the underlying concepts of data purpose and usage is fundamental to modeling privacy requirements. In recognition of an existing “privacy rights” framework, this paper develops an ontological grounding of data purpose and usage that can be used to understand their implications on fundamental privacy rights for modeling privacy requirements for information systems.