.svg){kind=logo}
Purpose limitation
Purpose limitation or data use limitations, under CCPA Section 1798.100, requires that businesses ensure that they limit the use of personal information (PI) to the purposes for which it was collected.
The GDPR provides more leeway when it comes to purpose limitation. GDPR Article 5 indicates that “further processing” may be permitted when the new purposes are “not… considered… incompatible with the initial purposes.”
Related Terms
Data Protection Impact Assessment (DPIA) is a requirement that compels businesses to assess the risk and impact of their processing activities.While the CCPA does not require businesses to conduct a DPIA, the California Consumer Privacy Act (CPRA) under Section 1798.185(a)(15) requires businesses to perform an assessment on processing activities that may expose personal data to significant risks.
Learn MoreNotice at Collection, is a transparency requirement that compels businesses to inform consumers, at or before the point of collection, about the category of personal information (PI) that they collect.
Learn More
