Skip to content

Start-ups and Data Protection – Purpose Specification and Limitation

Author: Grafenstein, M. v.
Published in: iLINC Policy Briefs
Year: 2015
Type: Other publications

Start-ups often face the challenge of meeting two fundamental requirements provided for by European data protection law. First, the requirement to specify the purpose of their processing operations the moment personal data is collected by them (‘purpose specification’); and, second, the requirement that the collected data must not be processed further in a way that is incompatible with the initially specified purpose (‘purpose limitation’). In particular, Start-ups have difficulties specifying the purpose because they often do not know their final product or service (and sometimes have not even finished their business model) when they commence collecting data. This brief thus focuses on the criteria, which assist start-ups to comply with the two requirements as well as comply with specific regulation instruments transposing these requirements in the private sector and, simultaneously, meeting a need for openness toward innovation as well as legal certainty.

Visit publication
Download Publication


Connected HIIG researchers

Maximilian von Grafenstein, Prof. Dr.

Associated Researcher, Co-Head of Research Programme

    Explore current HIIG Activities

    Research issues in focus

    HIIG is currently working on exciting topics. Learn more about our interdisciplinary pioneering work in public discourse.