CONCEPT Cited by 1 source

Purpose limitation

Definition

Purpose limitation is a core data-protection principle: personal data is only processed for explicitly stated, legitimate purposes and not further processed in ways incompatible with those purposes. The 2024-08-31 Meta Privacy Aware Infrastructure post canonicalizes the engineering formulation: "Purpose limitation, a core data protection principle, is about ensuring data is only processed for explicitly stated purposes. A crucial aspect of purpose limitation is managing data as it flows across systems and services."

Engineering challenge

At small scale, purpose limitation can be enforced by point-checking controls — if statements in code, ACLs on datasets. At hyperscale, point-checking breaks down:

• Code audits don't compose — they need continuous re-validation as the codebase evolves.
• ACL-based separation forces physical data duplication — each purpose gets its own dataset, exploding storage and cache cost on shared-infrastructure systems.
• Propagation is operationally unviable — when a consumer reads from source A and writes to sink B, point-checks at B must know A's purpose; this requires "complex orchestration to ensure propagation from sources to sinks."
• Data lineage helps but isn't sufficient — lineage tracks the graph but enforcement still happens at the point, still needing per-asset audits.

Meta's 2024 position: the only primitive that scales is information flow control (IFC) — enforcing purpose limitation at runtime as data flows, not at rest at the point of access.

The three needs IFC meets (and point-checking doesn't)

From the 2024-08-31 post's needs/problem/solution table:

1. Programmatic control — real-time checks at code execution instead of out-of-band human audits.
2. Granular flow control — per-request / per-function-call / per-data-element decisions on shared infrastructure, avoiding physical data separation.
3. Adaptable and extensible control — the same data asset can carry multiple, evolving privacy requirements simultaneously.

Seen in

• sources/2024-08-31-meta-enforces-purpose-limitation-via-privacy-aware-infrastructure — canonical wiki source; Meta frames purpose limitation as the "right investment to protect people's privacy at scale" and names Policy Zones as its IFC-based enforcement technology.

Related

• concepts/information-flow-control — the chosen enforcement primitive.
• concepts/point-checking-controls — the prior approach that failed at scale.
• concepts/data-lineage — discovery primitive.
• concepts/data-annotation — the label primitive that makes runtime enforcement operational.
• systems/meta-policy-zones — Meta's IFC implementation.
• systems/meta-privacy-aware-infrastructure — umbrella.
• patterns/runtime-information-flow-enforcement — the pattern.
• companies/meta