This paper puts forward a verification method for compound purposes and
compound reasons to be used during purpose limitation.
When it is absolutely necessary to collect privacy related information, it is essential that
privacy enhancing technologies (PETs) protect access to data – in general accomplished
by using the concept of purposes bound to data. Compound purposes and reasons
are an enhancement of purposes used during purpose limitation and binding and are
more expressive than purposes in their general form. Data users specify their access
needs by making use of compound reasons which are defined in terms of (compound)
purposes. Purposes are organised in a lattice with purposes near the greatest lower
bound (GLB) considered weak (less specific) and purposes near the least upper bound
(LUB) considered strong (most specific).
Access is granted based on the verification of the statement of intent (from the data
user) against the compound purpose bound to the data; however, because purposes
are in a lattice, the data user is not limited to a statement of intent that matches the
purposes bound to the data exactly – the statement can be a true reflection of their
intent with the data. Hence, the verification of compound reasons against compound
purposes cannot be accomplished by current published verification algorithms.
Before presenting the verification method, compound purposes and reasons, as well
as the structures used to represent them, and the operators that are used to define
compounds is presented. Finally, some thoughts on implementation are provided.