What Is Purpose Limitation?
Purpose Limitation is the data-protection principle that personal data collected for one specified purpose should not be further processed in a way incompatible with that purpose.
Purpose Limitation — the data-protection principle that personal data collected for one specified purpose should not be further processed in a way incompatible with that purpose.
Purpose limitation (GDPR Article 5(1)(b)) is a recurring flashpoint for AI, because data gathered for one reason — say, providing a service — is often repurposed to train models. Using personal data to train AI without a compatible lawful basis is a frequent subject of regulatory enforcement. The principle pushes organisations to be explicit at collection time about whether data may be used for AI development, and to seek a fresh basis where the new purpose is incompatible.
Source: GDPR, Article 5(1)(b)
Plain-language explanation
Purpose limitation (GDPR Article 5(1)(b)) is a recurring flashpoint for AI, because data gathered for one reason — say, providing a service — is often repurposed to train models. Using personal data to train AI without a compatible lawful basis is a frequent subject of regulatory enforcement. The principle pushes organisations to be explicit at collection time about whether data may be used for AI development, and to seek a fresh basis where the new purpose is incompatible.
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →