npdoty
commented
10 months ago Purpose limitation (or, limitation on secondary use) is not explicitly called out as a principle, and it should be.
(This is implicit in some of the Consent section and in definitions, as well as in 1.4, but that's not as clear as it could be.)
Second principle in section 1.4 Incorporating Different Privacy Principles has: "This is a special case of the more general principle that data should not be used for more purposes than the data's subjects understood it was being collected for". Where is the more general principle spelled out? Does it go without saying?
I'm also wondering whether 1.4 shouldn't be moved to the beginning of section 2. It is a bit weird to see two principles in the introduction section, especially considering that section 2 is entitled "Principles for Privacy on the Web".