Re: Data Purposes

Hi Harsh,

Nice work.  This was a very old appendix for an early draft of the Consent Receipt specification as mentioned when  the link was provided.  It had a mix of personal data categories and purpose. So not a good functional reference. 

But what we did find very useful was the concept of controller category.   Which provides and indication as to the type of processing that would be expected. 

References in the GDPR
Recital (98)  Associations or other bodies representing categories of controllers, 

Article 37(4) - categories of controllers appears again. 


Have you included this category? 

Regards, 

Mark 
> On 9 Dec 2018, at 20:51, Harshvardhan J. Pandit <me@harshp.com> wrote:
> 
> Hello all,
> We discussed in the Vienna F2F about high-level purposes or dimensions using examples from MyData.
> Following that, on the 4th, we looked at Purposes as defined in Consent Receipt https://kantarainitiative.org/confluence/display/infosharing/Appendix+CR+-+V.9.3+-+Example+Purpose+Categories
> TIt discusses things such as core functions (legitimate interest???), contracted service (contract???), contact requested (communication), personalisation, marketing, marketing by third parties. However, the last few purposes are very abstract as to their use and application.
> 
> I like the distinction of categorising purposes at a high-level based on how they relate to the controller and the data subject (a point which Bud raised in the F2F) i.e. which of them are essential, which are legal, and which are complimentary, or which does the user have control over.
> This would be separate from any other categorisation, such as basaed on domain or service.
> There are examples of this being used in some privacy policies (in the wild, so to speak) as well.
> 
> Regards,
> -- 
> ---
> Harshvardhan J. Pandit
> PhD Researcher
> ADAPT Centre, Trinity College Dublin
> https://harshp.com/
> 

Received on Monday, 10 December 2018 09:10:21 UTC