diff --git a/index.html b/index.html
index 5c5591ad..2018442e 100644
--- a/index.html
+++ b/index.html
@@ -761,15 +761,15 @@
       "id": "web-without-3p-cookies"
     }
   },
-  "publishISODate": "2023-10-25T00:00:00.000Z",
-  "generatedSubtitle": "W3C Editor's Draft 25 October 2023"
+  "publishISODate": "2023-11-01T00:00:00.000Z",
+  "generatedSubtitle": "W3C Editor's Draft 01 November 2023"
 }</script>
 <link rel="stylesheet" href="https://www.w3.org/StyleSheets/TR/2021/W3C-ED"></head>
 <body data-cite="html indexedDB service-workers fingerprinting-guidance url infra" class="h-entry informative"><div class="head">
     <p class="logos"><a class="logo" href="https://www.w3.org/"><img crossorigin="" alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72">
   </a></p>
     <h1 id="title" class="title">Privacy Principles</h1> 
-    <p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">W3C Editor's Draft</a> <time class="dt-published" datetime="2023-10-25">25 October 2023</time></p>
+    <p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">W3C Editor's Draft</a> <time class="dt-published" datetime="2023-11-01">01 November 2023</time></p>
     <details open="">
       <summary>More details about this document</summary>
       <dl>
@@ -876,7 +876,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
   </p><p>
                   This document is governed by the
                   <a id="w3c_process_revision" href="https://www.w3.org/2023/Process-20230612/">12 June 2023 <abbr title="World Wide Web Consortium">W3C</abbr> Process Document</a>.
-                </p></section><nav id="toc"><h2 class="introductory" id="table-of-contents">Table of Contents</h2><ol class="toc"><li class="tocline"><a class="tocxref" href="#abstract">Abstract</a></li><li class="tocline"><a class="tocxref" href="#sotd">Status of This Document</a></li><li class="tocline"><a class="tocxref" href="#how-this-document-fits-in">How This Document Fits In</a></li><li class="tocline"><a class="tocxref" href="#audience">Audiences for this Document</a></li><li class="tocline"><a class="tocxref" href="#intro"><bdi class="secno">1. </bdi>An Introduction to Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#autonomy"><bdi class="secno">1.1 </bdi>Individual Autonomy</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#opt-in-out"><bdi class="secno">1.1.1 </bdi>Opt-in, Consent, Opt-out, Global Controls</a></li><li class="tocline"><a class="tocxref" href="#privacy-labour"><bdi class="secno">1.1.2 </bdi>Privacy Labour</a></li></ol></li><li class="tocline"><a class="tocxref" href="#collective"><bdi class="secno">1.2 </bdi>Collective Governance</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#group-privacy"><bdi class="secno">1.2.1 </bdi>Group Privacy</a></li><li class="tocline"><a class="tocxref" href="#transparency-for-research"><bdi class="secno">1.2.2 </bdi>Transparency and Research</a></li></ol></li><li class="tocline"><a class="tocxref" href="#user-agents"><bdi class="secno">1.3 </bdi>User Agents</a></li><li class="tocline"><a class="tocxref" href="#balancing"><bdi class="secno">1.4 </bdi>Incorporating Different Privacy Principles</a></li></ol></li><li class="tocline"><a class="tocxref" href="#principles-for-privacy-on-the-web"><bdi class="secno">2. </bdi>Principles for Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#identity"><bdi class="secno">2.1 </bdi>Identity on the Web</a></li><li class="tocline"><a class="tocxref" href="#data-minimization"><bdi class="secno">2.2 </bdi>Data Minimization</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#ancillary-uses"><bdi class="secno">2.2.1 </bdi>Ancillary uses</a></li></ol></li><li class="tocline"><a class="tocxref" href="#information"><bdi class="secno">2.3 </bdi>Information access</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#unavoidable-information-exposure"><bdi class="secno">2.3.1 </bdi>Unavoidable information exposure</a></li></ol></li><li class="tocline"><a class="tocxref" href="#hl-sensitive-information"><bdi class="secno">2.4 </bdi>Sensitive Information</a></li><li class="tocline"><a class="tocxref" href="#data-rights"><bdi class="secno">2.5 </bdi>Data Rights</a></li><li class="tocline"><a class="tocxref" href="#deidentified-data"><bdi class="secno">2.6 </bdi>De-identified Data</a></li><li class="tocline"><a class="tocxref" href="#collective-privacy"><bdi class="secno">2.7 </bdi>Collective Privacy</a></li><li class="tocline"><a class="tocxref" href="#device-administrators"><bdi class="secno">2.8 </bdi>Device Owners and Administrators</a></li><li class="tocline"><a class="tocxref" href="#protecting-web-users-from-abusive-behaviour"><bdi class="secno">2.9 </bdi>Protecting web users from abusive behaviour</a></li><li class="tocline"><a class="tocxref" href="#vulnerability"><bdi class="secno">2.10 </bdi>Vulnerability</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#guardians"><bdi class="secno">2.10.1 </bdi>Guardians</a></li></ol></li><li class="tocline"><a class="tocxref" href="#transparency"><bdi class="secno">2.11 </bdi>Transparency</a></li><li class="tocline"><a class="tocxref" href="#consent-principles"><bdi class="secno">2.12 </bdi>Consent, Withdrawal of Consent, Opt-Outs, and Objections</a></li><li class="tocline"><a class="tocxref" href="#interruptions"><bdi class="secno">2.13 </bdi>Notifications and Interruptions</a></li><li class="tocline"><a class="tocxref" href="#non-retaliation"><bdi class="secno">2.14 </bdi>Non-Retaliation</a></li><li class="tocline"><a class="tocxref" href="#support-choosing-info"><bdi class="secno">2.15 </bdi>Support Choosing Which Information to Present</a></li></ol></li><li class="tocline"><a class="tocxref" href="#boring-terminology"><bdi class="secno">A. </bdi>Common Concepts</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#people"><bdi class="secno">A.1 </bdi>People</a></li><li class="tocline"><a class="tocxref" href="#context"><bdi class="secno">A.2 </bdi>Contexts</a></li><li class="tocline"><a class="tocxref" href="#parties"><bdi class="secno">A.3 </bdi>Server-Side Actors</a></li><li class="tocline"><a class="tocxref" href="#acting-on-data"><bdi class="secno">A.4 </bdi>Acting on Data</a></li><li class="tocline"><a class="tocxref" href="#recognition"><bdi class="secno">A.5 </bdi>Recognition</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#recognition-types"><bdi class="secno">A.5.1 </bdi>Recognition Types</a></li><li class="tocline"><a class="tocxref" href="#user-agent-recognition"><bdi class="secno">A.5.2 </bdi>User agent awareness of recognition</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#threats"><bdi class="secno">B. </bdi>High-Level Threats</a></li><li class="tocline"><a class="tocxref" href="#bp-summary"><bdi class="secno">C. </bdi>Principles Summary</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#issue-summary"><bdi class="secno">E. </bdi>Issue summary</a></li><li class="tocline"><a class="tocxref" href="#references"><bdi class="secno">F. </bdi>References</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#informative-references"><bdi class="secno">F.1 </bdi>Informative references</a></li></ol></li></ol></nav>
+                </p></section><nav id="toc"><h2 class="introductory" id="table-of-contents">Table of Contents</h2><ol class="toc"><li class="tocline"><a class="tocxref" href="#abstract">Abstract</a></li><li class="tocline"><a class="tocxref" href="#sotd">Status of This Document</a></li><li class="tocline"><a class="tocxref" href="#how-this-document-fits-in">How This Document Fits In</a></li><li class="tocline"><a class="tocxref" href="#audience">Audiences for this Document</a></li><li class="tocline"><a class="tocxref" href="#intro"><bdi class="secno">1. </bdi>An Introduction to Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#autonomy"><bdi class="secno">1.1 </bdi>Individual Autonomy</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#opt-in-out"><bdi class="secno">1.1.1 </bdi>Opt-in, Consent, Opt-out, Global Controls</a></li><li class="tocline"><a class="tocxref" href="#privacy-labour"><bdi class="secno">1.1.2 </bdi>Privacy Labour</a></li></ol></li><li class="tocline"><a class="tocxref" href="#collective"><bdi class="secno">1.2 </bdi>Collective Governance</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#group-privacy"><bdi class="secno">1.2.1 </bdi>Group Privacy</a></li><li class="tocline"><a class="tocxref" href="#transparency-for-research"><bdi class="secno">1.2.2 </bdi>Transparency and Research</a></li></ol></li><li class="tocline"><a class="tocxref" href="#user-agents"><bdi class="secno">1.3 </bdi>User Agents</a></li><li class="tocline"><a class="tocxref" href="#balancing"><bdi class="secno">1.4 </bdi>Incorporating Different Privacy Principles</a></li></ol></li><li class="tocline"><a class="tocxref" href="#principles-for-privacy-on-the-web"><bdi class="secno">2. </bdi>Principles for Privacy on the Web</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#identity"><bdi class="secno">2.1 </bdi>Identity on the Web</a></li><li class="tocline"><a class="tocxref" href="#data-minimization"><bdi class="secno">2.2 </bdi>Data Minimization</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#ancillary-uses"><bdi class="secno">2.2.1 </bdi>Ancillary uses</a></li></ol></li><li class="tocline"><a class="tocxref" href="#information"><bdi class="secno">2.3 </bdi>Information access</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#unavoidable-information-exposure"><bdi class="secno">2.3.1 </bdi>Unavoidable information exposure</a></li></ol></li><li class="tocline"><a class="tocxref" href="#hl-sensitive-information"><bdi class="secno">2.4 </bdi>Sensitive Information</a></li><li class="tocline"><a class="tocxref" href="#data-rights"><bdi class="secno">2.5 </bdi>Data Rights</a></li><li class="tocline"><a class="tocxref" href="#deidentified-data"><bdi class="secno">2.6 </bdi>De-identified Data</a></li><li class="tocline"><a class="tocxref" href="#collective-privacy"><bdi class="secno">2.7 </bdi>Collective Privacy</a></li><li class="tocline"><a class="tocxref" href="#device-administrators"><bdi class="secno">2.8 </bdi>Device Owners and Administrators</a></li><li class="tocline"><a class="tocxref" href="#protecting-web-users-from-abusive-behaviour"><bdi class="secno">2.9 </bdi>Protecting web users from abusive behaviour</a></li><li class="tocline"><a class="tocxref" href="#vulnerability"><bdi class="secno">2.10 </bdi>Vulnerability</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#guardians"><bdi class="secno">2.10.1 </bdi>Guardians</a></li></ol></li><li class="tocline"><a class="tocxref" href="#purpose-limitation"><bdi class="secno">2.11 </bdi>Purpose limitation</a></li><li class="tocline"><a class="tocxref" href="#transparency"><bdi class="secno">2.12 </bdi>Transparency</a></li><li class="tocline"><a class="tocxref" href="#consent-principles"><bdi class="secno">2.13 </bdi>Consent, Withdrawal of Consent, Opt-Outs, and Objections</a></li><li class="tocline"><a class="tocxref" href="#interruptions"><bdi class="secno">2.14 </bdi>Notifications and Interruptions</a></li><li class="tocline"><a class="tocxref" href="#non-retaliation"><bdi class="secno">2.15 </bdi>Non-Retaliation</a></li><li class="tocline"><a class="tocxref" href="#support-choosing-info"><bdi class="secno">2.16 </bdi>Support Choosing Which Information to Present</a></li></ol></li><li class="tocline"><a class="tocxref" href="#boring-terminology"><bdi class="secno">A. </bdi>Common Concepts</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#people"><bdi class="secno">A.1 </bdi>People</a></li><li class="tocline"><a class="tocxref" href="#context"><bdi class="secno">A.2 </bdi>Contexts</a></li><li class="tocline"><a class="tocxref" href="#parties"><bdi class="secno">A.3 </bdi>Server-Side Actors</a></li><li class="tocline"><a class="tocxref" href="#acting-on-data"><bdi class="secno">A.4 </bdi>Acting on Data</a></li><li class="tocline"><a class="tocxref" href="#recognition"><bdi class="secno">A.5 </bdi>Recognition</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#recognition-types"><bdi class="secno">A.5.1 </bdi>Recognition Types</a></li><li class="tocline"><a class="tocxref" href="#user-agent-recognition"><bdi class="secno">A.5.2 </bdi>User agent awareness of recognition</a></li></ol></li></ol></li><li class="tocline"><a class="tocxref" href="#threats"><bdi class="secno">B. </bdi>High-Level Threats</a></li><li class="tocline"><a class="tocxref" href="#bp-summary"><bdi class="secno">C. </bdi>Principles Summary</a></li><li class="tocline"><a class="tocxref" href="#acknowledgements"><bdi class="secno">D. </bdi>Acknowledgements</a></li><li class="tocline"><a class="tocxref" href="#issue-summary"><bdi class="secno">E. </bdi>Issue summary</a></li><li class="tocline"><a class="tocxref" href="#references"><bdi class="secno">F. </bdi>References</a><ol class="toc"><li class="tocline"><a class="tocxref" href="#informative-references"><bdi class="secno">F.1 </bdi>Informative references</a></li></ol></li></ol></nav>
 
 <section class="introductory" id="how-this-document-fits-in"><div class="header-wrapper"><h2 id="how-this-document-fits-in-0">How This Document Fits In</h2><a class="self-link" href="#how-this-document-fits-in" aria-label="Permalink for this Section"></a></div>
 
@@ -1255,8 +1255,8 @@ <h1 id="title" class="title">Privacy Principles</h1>
 
 
 
-<p>This is a special case of the more general principle that data should not be used for more
-<a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-6">purposes</a> than the data's subjects understood it was being collected for.</p>
+<p>This is a special case of the <a href="#no-secondary-use">more general principle that data should not be used for more
+purposes than those specified when the data was collected</a>.</p>
 <p>Services sometimes use people's data in order to protect those or other people.
 A service that does this should explain what data it's
 using for this purpose. It should also say how it might use or share a person's
@@ -1743,7 +1743,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 different data sets involving this <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-38">data</a>; and</p>
 </li>
 <li><p>there exist contractual terms between the <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-4">first party</a> and <a data-link-type="dfn|abstract-op" href="#dfn-third-parties" class="internalDFN" id="ref-for-dfn-third-parties-6">third party</a>
-describing the limited <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-7">purpose</a> for which the data is being shared.</p>
+describing the limited <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-6">purpose</a> for which the data is being shared.</p>
 </li>
 </ul>
 <p>Note that <a data-link-type="dfn|abstract-op" href="#dfn-controlled-de-identified-data" class="internalDFN" id="ref-for-dfn-controlled-de-identified-data-5">controlled de-identified data</a>, on its own, is not sufficient to make
@@ -1996,8 +1996,28 @@ <h1 id="title" class="title">Privacy Principles</h1>
 <a data-link-type="dfn|abstract-op" href="#dfn-guardian" class="internalDFN" id="ref-for-dfn-guardian-13">guardian</a> for access to the help they need.</p>
 </aside>
 
-</section></section><section id="transparency-0"><div class="header-wrapper"><h3 id="transparency"><bdi class="secno">2.11 </bdi>Transparency</h3><a class="self-link" href="#transparency" aria-label="Permalink for Section 2.11"></a></div><div class="practice principle" data-audiences="websites user-agents"><a class="marker self-link" href="#transparency-when-requested"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="transparency-when-requested">
-    When accessing data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> (and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-33">actors</a>) should provide
+</section></section><section id="purpose-limitation"><div class="header-wrapper"><h3 id="x2-11-purpose-limitation"><bdi class="secno">2.11 </bdi>Purpose limitation</h3><a class="self-link" href="#purpose-limitation" aria-label="Permalink for Section 2.11"></a></div>
+<div class="practice principle" data-audiences="websites user-agents"><a class="marker self-link" href="#purpose-specification"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="purpose-specification">
+    When accessing personal data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-33">actors</a> should specify the <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-7">purpose</a>
+    for which the data will be used.
+  </span>
+  
+</div>
+
+<div class="practice principle" data-audiences="websites user-agents"><a class="marker self-link" href="#no-secondary-use"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="no-secondary-use">
+    <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-34">Actors</a> should not use personal data for purposes other than those specified. (Other uses are often called
+    <a data-link-type="dfn|abstract-op" href="#dfn-secondary-use" class="internalDFN" id="ref-for-dfn-secondary-use-1">secondary uses</a>.)
+  </span>
+  
+</div>
+
+<p>Features that are designed-for-purpose facilitate these principles by providing functionality that is only or primarily
+useful for a particular purpose. Designed-for-purpose features make it easier to explain the purpose to people, and may
+also limit the feasible secondary uses of data.</p>
+<p><a data-link-type="dfn|abstract-op" href="#dfn-controlled-de-identified-data" class="internalDFN" id="ref-for-dfn-controlled-de-identified-data-6">Controlled de-identified data</a> may be used for additional purposes in ways that are compatible with the specified
+purpose.</p>
+</section><section id="transparency-0"><div class="header-wrapper"><h3 id="transparency"><bdi class="secno">2.12 </bdi>Transparency</h3><a class="self-link" href="#transparency" aria-label="Permalink for Section 2.12"></a></div><div class="practice principle" data-audiences="websites user-agents"><a class="marker self-link" href="#transparency-when-requested"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="transparency-when-requested">
+    When accessing data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> (and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-35">actors</a>) should provide
     <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-91">people</a> with relevant explanatory information about the use of data, and <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>
     should help present and consume that information.
   </span>
@@ -2039,7 +2059,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 processing to identify cases in which it may be harmful.</p>
 <p>Easily accessible, plain language presentation of privacy-relevant practices is necessary for
 <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-94">people</a> to be able to make informed decisions in specific cases when they choose to do so.
-<a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">Sites</a>, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>, and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-34">actors</a> all may need to present privacy-relevant practices
+<a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">Sites</a>, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>, and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-36">actors</a> all may need to present privacy-relevant practices
 to <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-95">people</a> in accessible forms.</p>
 <div class="practice principle" data-audiences="websites api-designers"><a class="marker self-link" href="#transparency-distinguishable"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="transparency-distinguishable">
     Mechanisms that can be used for <a data-link-type="dfn|abstract-op" data-lt="recognize" href="#dfn-recognize" class="internalDFN" id="ref-for-dfn-recognize-7">recognizing</a> <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-96">people</a> should be designed so that
@@ -2052,8 +2072,8 @@ <h1 id="title" class="title">Privacy Principles</h1>
 user, which undermines user control [<cite><a class="bibref" data-link-type="biblio" href="#bib-unsanctioned-tracking" title="Unsanctioned Web Tracking">UNSANCTIONED-TRACKING</a></cite>]. Designing features that minimize
 data and make requests for data explicit can enable detectability, a kind of transparency that is an
 important mitigation for <a data-type="dfn" href="https://www.w3.org/TR/fingerprinting-guidance/#dfn-browser-fingerprinting">browser fingerprinting</a>.</p>
-</section><section id="consent-withdrawal-of-consent-opt-outs-and-objections"><div class="header-wrapper"><h3 id="consent-principles"><bdi class="secno">2.12 </bdi>Consent, Withdrawal of Consent, Opt-Outs, and Objections</h3><a class="self-link" href="#consent-principles" aria-label="Permalink for Section 2.12"></a></div><div class="practice principle" data-audiences="websites"><a class="marker self-link" href="#principle-consent-user-preference"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-consent-user-preference">
-    When any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-35">actor</a> obtains <a data-link-type="dfn|abstract-op" href="#dfn-opt-in" class="internalDFN" id="ref-for-dfn-opt-in-11">consent</a> for processing from a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-97">person</a>, the
+</section><section id="consent-withdrawal-of-consent-opt-outs-and-objections"><div class="header-wrapper"><h3 id="consent-principles"><bdi class="secno">2.13 </bdi>Consent, Withdrawal of Consent, Opt-Outs, and Objections</h3><a class="self-link" href="#consent-principles" aria-label="Permalink for Section 2.13"></a></div><div class="practice principle" data-audiences="websites"><a class="marker self-link" href="#principle-consent-user-preference"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-consent-user-preference">
+    When any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-37">actor</a> obtains <a data-link-type="dfn|abstract-op" href="#dfn-opt-in" class="internalDFN" id="ref-for-dfn-opt-in-11">consent</a> for processing from a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-97">person</a>, the
     actor should design the consent request so as to learn the person's true
     intent to consent or not, and not to maximize the processing consented to.
   </span>
@@ -2063,14 +2083,14 @@ <h1 id="title" class="title">Privacy Principles</h1>
 <p>Attempts to obtain consent to <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-31">processing</a> that is not in accordance with the person's
 true preferences result in imposing unwanted <a data-link-type="dfn|abstract-op" href="#dfn-privacy-labor" class="internalDFN" id="ref-for-dfn-privacy-labor-7">privacy labour</a> on the person, and may
 result in people erroneously giving consent that they regret later.</p>
-<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-36">actor</a> should not prompt a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-98">person</a> for consent if the
+<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-38">actor</a> should not prompt a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-98">person</a> for consent if the
 person is unlikely to have sufficient information to make an informed decision to consent or not.
 In considering whether or not a person is sufficiently informed to be asked for consent,
 actors should be realistic in assessing how much time and effort would be required to understand the
 processing for which they are asking for consent.
 Simply providing a link to a complex policy is unlikely to mean that the person is informed.</p>
 <div class="practice principle" data-audiences="websites"><a class="marker self-link" href="#principle-minimize-consent-requests"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-minimize-consent-requests">
-    An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-37">actor</a> should avoid interrupting a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-99">person</a>'s use of a site for
+    An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-39">actor</a> should avoid interrupting a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-99">person</a>'s use of a site for
     consent requests when an alternative is available.
   </span>
 
@@ -2100,7 +2120,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 
 <p>A <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-102">person</a> may share data about other <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-103">people</a> (e.g. a picture with both that person and others). If that person consents to the processing of that data, this does not imply that those other people have consented as well.</p>
 <div class="practice principle" data-audiences="websites"><a class="marker self-link" href="#principle-consent-otherpeople"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-consent-otherpeople">
-      <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-38">Actors</a> should provide functionality to access, correct, and remove data about
+      <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-40">Actors</a> should provide functionality to access, correct, and remove data about
       <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-104">people</a> to those <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-105">people</a> when that data has been provided by someone else.
     </span>
   
@@ -2113,7 +2133,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
   further discussion of privacy of people other than the user.</p>
 </div></div>
 
-</section><section id="notifications-and-interruptions"><div class="header-wrapper"><h3 id="interruptions"><bdi class="secno">2.13 </bdi>Notifications and Interruptions</h3><a class="self-link" href="#interruptions" aria-label="Permalink for Section 2.13"></a></div><div class="issue" id="issue-container-number-2"><div role="heading" class="issue-title marker" id="h-issue-0" aria-level="2"><span>Issue 2</span></div><aside class="">
+</section><section id="notifications-and-interruptions"><div class="header-wrapper"><h3 id="interruptions"><bdi class="secno">2.14 </bdi>Notifications and Interruptions</h3><a class="self-link" href="#interruptions" aria-label="Permalink for Section 2.14"></a></div><div class="issue" id="issue-container-number-2"><div role="heading" class="issue-title marker" id="h-issue-0" aria-level="2"><span>Issue 2</span></div><aside class="">
 
 <p>This is related to <a data-link-type="dfn|abstract-op" href="#dfn-autonomous" class="internalDFN" id="ref-for-dfn-autonomous-14">autonomy</a>.</p>
 </aside></div>
@@ -2149,16 +2169,16 @@ <h1 id="title" class="title">Privacy Principles</h1>
   Permissions should be requested in context.</p>
 </div>
 
-</section><section id="non-retaliation-0"><div class="header-wrapper"><h3 id="non-retaliation"><bdi class="secno">2.14 </bdi>Non-Retaliation</h3><a class="self-link" href="#non-retaliation" aria-label="Permalink for Section 2.14"></a></div><div class="practice principle" data-audiences="websites"><a class="marker self-link" href="#principle-do-not-retaliate"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-do-not-retaliate">
-    <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-39">Actors</a> must not retaliate against <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-106">people</a> who protect their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-42">data</a> against
+</section><section id="non-retaliation-0"><div class="header-wrapper"><h3 id="non-retaliation"><bdi class="secno">2.15 </bdi>Non-Retaliation</h3><a class="self-link" href="#non-retaliation" aria-label="Permalink for Section 2.15"></a></div><div class="practice principle" data-audiences="websites"><a class="marker self-link" href="#principle-do-not-retaliate"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-do-not-retaliate">
+    <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-41">Actors</a> must not retaliate against <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-106">people</a> who protect their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-42">data</a> against
     non-essential <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-32">processing</a> or exercise rights over their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-43">data</a>.
   </span>
   
 </div>
 
-<p>Whenever people have the ability to cause an <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-40">actor</a> to process less of their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-44">data</a> or to stop
+<p>Whenever people have the ability to cause an <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-42">actor</a> to process less of their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-44">data</a> or to stop
 carrying out some given set of data processing that is not essential to the service, they must be
-allowed to do so without the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-41">actor</a> retaliating, for instance by artificially removing an
+allowed to do so without the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-43">actor</a> retaliating, for instance by artificially removing an
 unrelated feature, by decreasing the quality of the service, or by trying to cajole, badger, or
 trick the <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-107">person</a> into opting back into the <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-33">processing</a>.</p>
 <div class="issue" id="issue-container-number-3"><div role="heading" class="issue-title marker" id="h-issue-1" aria-level="2"><span>Issue 3</span></div><aside class="">
@@ -2166,14 +2186,14 @@ <h1 id="title" class="title">Privacy Principles</h1>
 <p>Some services have the user pay for their use in data. These services aren't necessarily retaliating by denying their services to users who refuse to pay with data, but the details are more complex than we've had time to write.</p>
 </aside></div>
 
-</section><section id="support-choosing-which-information-to-present"><div class="header-wrapper"><h3 id="support-choosing-info"><bdi class="secno">2.15 </bdi>Support Choosing Which Information to Present</h3><a class="self-link" href="#support-choosing-info" aria-label="Permalink for Section 2.15"></a></div><div class="practice principle" data-audiences="user-agents"><a class="marker self-link" href="#principle-support-choosing-info"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-support-choosing-info">
-    <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">User agents</a> should support <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-108">people</a> in choosing which information they provide to <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-42">actors</a> that
+</section><section id="support-choosing-which-information-to-present"><div class="header-wrapper"><h3 id="support-choosing-info"><bdi class="secno">2.16 </bdi>Support Choosing Which Information to Present</h3><a class="self-link" href="#support-choosing-info" aria-label="Permalink for Section 2.16"></a></div><div class="practice principle" data-audiences="user-agents"><a class="marker self-link" href="#principle-support-choosing-info"><bdi lang="en">Principle</bdi></a>: <span class="practicelab" id="principle-support-choosing-info">
+    <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">User agents</a> should support <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-108">people</a> in choosing which information they provide to <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-44">actors</a> that
     request it, up to and including allowing users to provide arbitrary information.
   </span>
   
 </div>
 
-<p><a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-43">Actors</a> can invest time and energy into automating ways of gathering <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-45">data</a> from <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-109">people</a> and can
+<p><a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-45">Actors</a> can invest time and energy into automating ways of gathering <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-45">data</a> from <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-109">people</a> and can
 design their products in ways that make it a lot easier for <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-110">people</a> to disclose information than not, whereas
 <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-111">people</a> typically have to manually wade through options, repeated prompts, and <a data-link-type="dfn|abstract-op" href="#dfn-dark-pattern" class="internalDFN" id="ref-for-dfn-dark-pattern-4">deceptive patterns</a>. In many
 cases, the absence of data — when a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-112">person</a> refuses to provide some information — can also be identifying
@@ -2233,24 +2253,24 @@ <h1 id="title" class="title">Privacy Principles</h1>
 are people in some situations of intellectual or psychological impairment, are
 refugees, etc.</p>
 </section><section id="contexts"><div class="header-wrapper"><h3 id="context"><bdi class="secno">A.2 </bdi>Contexts</h3><a class="self-link" href="#context" aria-label="Permalink for Appendix A.2"></a></div><p>A <dfn data-plurals="contexts" id="dfn-context" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">context</dfn> is a physical or digital environment in which <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-129">people</a> interact with other
-<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-44">actors</a>, and which the <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-130">people</a> understand as distinct from other <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-15">contexts</a>.</p>
+<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-46">actors</a>, and which the <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-130">people</a> understand as distinct from other <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-15">contexts</a>.</p>
 <p>A <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-16">context</a> is not defined in terms of who owns or controls it. Sharing
 <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-46">data</a> between different <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-17">contexts</a> of a single company is
-a <a data-link-type="dfn|abstract-op" href="#dfn-privacy-violation" class="internalDFN" id="ref-for-dfn-privacy-violation-2">privacy violation</a>, just as if the same data were shared between unrelated <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-45">actors</a>.</p>
+a <a data-link-type="dfn|abstract-op" href="#dfn-privacy-violation" class="internalDFN" id="ref-for-dfn-privacy-violation-2">privacy violation</a>, just as if the same data were shared between unrelated <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-47">actors</a>.</p>
 </section><section id="server-side-actors"><div class="header-wrapper"><h3 id="parties"><bdi class="secno">A.3 </bdi>Server-Side Actors</h3><a class="self-link" href="#parties" aria-label="Permalink for Appendix A.3"></a></div><p>An <dfn data-plurals="actors" id="dfn-actor" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">actor</dfn> is an entity that a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-131">person</a> can reasonably understand as a single "thing"
-they're interacting with. <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-46">Actors</a> can be <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-132">people</a> or collective entities like companies,
+they're interacting with. <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-48">Actors</a> can be <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-132">people</a> or collective entities like companies,
 associations, or governmental bodies. Uses of this document in a particular domain are expected to
-describe how the core concepts of that domain combine into a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-133">user</a>-comprehensible <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-47">actor</a>, and
+describe how the core concepts of that domain combine into a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-133">user</a>-comprehensible <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-49">actor</a>, and
 those refined definitions are likely to differ between domains.</p>
 <p><a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">User agents</a> tend to explain to <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-134">people</a> which <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-origin">origin</a> or <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">site</a> provided the
-web page they're looking at. The <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-48">actor</a> that controls this <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-origin">origin</a> or <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">site</a> is
+web page they're looking at. The <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-50">actor</a> that controls this <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#concept-origin">origin</a> or <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">site</a> is
 known as the web page's <dfn data-dfn-for="page" data-plurals="first parties" id="dfn-first-party" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">first party</dfn>. When a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-135">person</a>
 interacts with a UI element on a web page, the <dfn data-plurals="first parties" id="dfn-first-party-0" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">first party</dfn> of that interaction
-is usually the web page's <a data-link-type="dfn|abstract-op" href="#dfn-first-party" class="internalDFN" id="ref-for-dfn-first-party-1">first party</a>. However, if a different <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-49">actor</a> controls
+is usually the web page's <a data-link-type="dfn|abstract-op" href="#dfn-first-party" class="internalDFN" id="ref-for-dfn-first-party-1">first party</a>. However, if a different <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-51">actor</a> controls
 how data collected with
 the UI element is used, and a reasonable person with a realistic cognitive budget would realize
-that this other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-50">actor</a> has this control, this other
-<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-51">actor</a> is the <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-5">first party</a> for the interaction instead.</p>
+that this other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-52">actor</a> has this control, this other
+<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-53">actor</a> is the <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-5">first party</a> for the interaction instead.</p>
 <div class="issue" id="issue-container-number-4"><div role="heading" class="issue-title marker" id="h-issue-2" aria-level="3"><span>Issue 4</span></div><aside class="">
 
 
@@ -2261,7 +2281,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 
 <p>The <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-7">first party</a> to an interaction is accountable for the processing of data produced
 by that interaction, even if another actor does the processing.</p>
-<p>A <dfn data-lt="third parties|third party" id="dfn-third-parties" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">third party</dfn> is any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-52">actor</a> other than the
+<p>A <dfn data-lt="third parties|third party" id="dfn-third-parties" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">third party</dfn> is any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-54">actor</a> other than the
 <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-136">person</a> visiting the website or the <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-8">first parties</a> they expect to be interacting
 with.</p>
 <p>The <dfn id="dfn-vegas-rule" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Vegas Rule</dfn> is a simple implementation of privacy in which "<i>what happens with the
@@ -2299,16 +2319,16 @@ <h1 id="title" class="title">Privacy Principles</h1>
 <dfn id="dfn-privacy-violation" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">privacy violation</dfn>. Similarly, we say that a particular interaction is
 <dfn data-lt="appropriately|appropriate" id="dfn-appropriately" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">appropriate</dfn> when the principles are adhered
 to) or <dfn data-lt="inappropriately|inappropriate" id="dfn-inappropriately" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">inappropriate</dfn> otherwise.</p>
-<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-53">actor</a> <dfn data-lt="process|processing|processed|data processing|processes" id="dfn-process" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">processes</dfn> data if it
+<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-55">actor</a> <dfn data-lt="process|processing|processed|data processing|processes" id="dfn-process" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">processes</dfn> data if it
 carries out operations on <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-52">personal data</a>, whether or not by automated means, such as
 collection, recording, organisation, structuring, storage, adaptation or alteration,
 retrieval, consultation, use, disclosure by transmission, <a data-link-type="dfn|abstract-op" href="#dfn-share" class="internalDFN" id="ref-for-dfn-share-1">sharing</a>, dissemination or
 otherwise making available, <a data-link-type="dfn|abstract-op" href="#dfn-sell" class="internalDFN" id="ref-for-dfn-sell-1">selling</a>, alignment or combination, restriction, erasure or
 destruction.</p>
-<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-54">actor</a> <dfn data-lt="share|sharing|shares" id="dfn-share" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">shares</dfn> data if it provides it to any other
-<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-55">actor</a>. Note that, under this definition, an <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-56">actor</a> that provides data to its own
+<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-56">actor</a> <dfn data-lt="share|sharing|shares" id="dfn-share" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">shares</dfn> data if it provides it to any other
+<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-57">actor</a>. Note that, under this definition, an <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-58">actor</a> that provides data to its own
 <a data-link-type="dfn|abstract-op" href="#dfn-data-processor" class="internalDFN" id="ref-for-dfn-data-processor-1">service providers</a> is not <a data-link-type="dfn|abstract-op" href="#dfn-share" class="internalDFN" id="ref-for-dfn-share-2">sharing</a> it.</p>
-<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-57">actor</a> <dfn data-lt="sell|selling|sells" id="dfn-sell" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">sells</dfn> data when it <a data-link-type="dfn|abstract-op" href="#dfn-share" class="internalDFN" id="ref-for-dfn-share-3">shares</a> it in exchange
+<p>An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-59">actor</a> <dfn data-lt="sell|selling|sells" id="dfn-sell" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">sells</dfn> data when it <a data-link-type="dfn|abstract-op" href="#dfn-share" class="internalDFN" id="ref-for-dfn-share-3">shares</a> it in exchange
 for consideration, monetary or otherwise.</p>
 <p>The <dfn data-plurals="purposes" id="dfn-purpose" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">purpose</dfn> of a given <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-36">processing</a> of data is an anticipated, intended, or
 planned outcome of this <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-37">processing</a> which is achieved or aimed for within a given
@@ -2320,22 +2340,22 @@ <h1 id="title" class="title">Privacy Principles</h1>
 level and not necessarily all the way down to implementation details. Example:
 <em>a person will have their preferences restored (purpose) by looking up their identifier
 in a preferences store (means)</em>.</p>
-<p>A <dfn id="dfn-data-controller" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">data controller</dfn> is an <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-58">actor</a> that determines the <a data-link-type="dfn|abstract-op" href="#dfn-means" class="internalDFN" id="ref-for-dfn-means-2">means</a> and <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-11">purposes</a>
-of data processing. Any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-59">actor</a> that is not a <a data-link-type="dfn|abstract-op" href="#dfn-data-processor" class="internalDFN" id="ref-for-dfn-data-processor-2">service provider</a> is a <a data-link-type="dfn|abstract-op" href="#dfn-data-controller" class="internalDFN" id="ref-for-dfn-data-controller-2">data controller</a>.</p>
+<p>A <dfn id="dfn-data-controller" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">data controller</dfn> is an <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-60">actor</a> that determines the <a data-link-type="dfn|abstract-op" href="#dfn-means" class="internalDFN" id="ref-for-dfn-means-2">means</a> and <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-11">purposes</a>
+of data processing. Any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-61">actor</a> that is not a <a data-link-type="dfn|abstract-op" href="#dfn-data-processor" class="internalDFN" id="ref-for-dfn-data-processor-2">service provider</a> is a <a data-link-type="dfn|abstract-op" href="#dfn-data-controller" class="internalDFN" id="ref-for-dfn-data-controller-2">data controller</a>.</p>
 <p>A <dfn data-lt="data processor|service provider" data-plurals="service providers" id="dfn-data-processor" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">service provider</dfn> or <a data-link-type="dfn|abstract-op" href="#dfn-data-processor" class="internalDFN" id="ref-for-dfn-data-processor-3">data processor</a> is considered to be in
-the same category of <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-13">first party</a> or <a data-link-type="dfn|abstract-op" href="#dfn-third-parties" class="internalDFN" id="ref-for-dfn-third-parties-7">third party</a> as the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-60">actor</a> contracting it to
+the same category of <a data-link-type="dfn|abstract-op" href="#dfn-first-party-0" class="internalDFN" id="ref-for-dfn-first-party-0-13">first party</a> or <a data-link-type="dfn|abstract-op" href="#dfn-third-parties" class="internalDFN" id="ref-for-dfn-third-parties-7">third party</a> as the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-62">actor</a> contracting it to
 perform the relevant <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-39">processing</a> if it:</p>
 <ul>
-<li>is processing the data on behalf of that <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-61">actor</a>;</li>
+<li>is processing the data on behalf of that <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-63">actor</a>;</li>
 <li>ensures that the data is only retained, accessed, and used as directed by that
-<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-62">actor</a> and solely for the list of explicitly-specified <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-12">purposes</a>
-detailed by the directing <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-63">actor</a> or <a data-link-type="dfn|abstract-op" href="#dfn-data-controller" class="internalDFN" id="ref-for-dfn-data-controller-3">data controller</a>;</li>
+<a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-64">actor</a> and solely for the list of explicitly-specified <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-12">purposes</a>
+detailed by the directing <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-65">actor</a> or <a data-link-type="dfn|abstract-op" href="#dfn-data-controller" class="internalDFN" id="ref-for-dfn-data-controller-3">data controller</a>;</li>
 <li>may determine implementation details of the data processing in question but
 does not determine the <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-13">purpose</a> for which the data is being <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-40">processed</a>
 nor the overarching <a data-link-type="dfn|abstract-op" href="#dfn-means" class="internalDFN" id="ref-for-dfn-means-3">means</a> through which the <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-14">purpose</a> is carried out;</li>
 <li>has no independent right to use the data other than in a <a data-link-type="dfn|abstract-op" href="#dfn-de-identified" class="internalDFN" id="ref-for-dfn-de-identified-4">de-identified</a> form (e.g., for
 monitoring service integrity, load balancing, capacity planning, or billing); and,</li>
-<li>has a contract in place with the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-64">actor</a> which is consistent with the above limitations.</li>
+<li>has a contract in place with the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-66">actor</a> which is consistent with the above limitations.</li>
 </ul>
 </section><section id="recognition-0"><div class="header-wrapper"><h3 id="recognition"><bdi class="secno">A.5 </bdi>Recognition</h3><a class="self-link" href="#recognition" aria-label="Permalink for Appendix A.5"></a></div><p><dfn data-lt="recognize|recognized|Recognition" data-plurals="recognizes" id="dfn-recognize" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Recognition</dfn> is the act of realising that a given <a data-link-type="dfn|abstract-op" href="#dfn-identity" class="internalDFN" id="ref-for-dfn-identity-6">identity</a>
 corresponds to the same <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-143">person</a> as another <a data-link-type="dfn|abstract-op" href="#dfn-identity" class="internalDFN" id="ref-for-dfn-identity-7">identity</a> which may have been
@@ -2463,7 +2483,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 <dd>The inference, evaluation, or prediction of an individual's attributes, interests, or
 behaviours.</dd>
 
-<dt>Secondary Use
+<dt><dfn data-plurals="secondary uses" id="dfn-secondary-use" tabindex="0" aria-haspopup="dialog" data-dfn-type="dfn">Secondary Use</dfn>
 
 </dt><dd> Secondary use is the use of collected information about an individual without
     the individual’s consent for a purpose different from that for which the
@@ -2486,7 +2506,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
 for other purposes, like to grow the service.</span></li><li><a class="marker self-link" href="#principle-identity-per-context"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">A <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agent</a>
 should help its user present the <a data-link-type="dfn|abstract-op" href="#dfn-identity" class="internalDFN" id="ref-for-dfn-identity-10">identity</a> they want in each <a data-link-type="dfn|abstract-op" href="#dfn-context" class="internalDFN" id="ref-for-dfn-context-36">context</a>
 they are in, and should prevent or support <a data-link-type="dfn|abstract-op" href="#dfn-recognize" class="internalDFN" id="ref-for-dfn-recognize-21">recognition</a> as appropriate.
-</span></li><li><a class="marker self-link" href="#bp-sites-user-agents-and-other-actors-should-minimize-the-amount-of-personal-data-they-transfer"><bdi lang="en">Principle</bdi></a>: <span class="practicelab"><a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">Sites</a>, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>, and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-65">actors</a>
+</span></li><li><a class="marker self-link" href="#bp-sites-user-agents-and-other-actors-should-minimize-the-amount-of-personal-data-they-transfer"><bdi lang="en">Principle</bdi></a>: <span class="practicelab"><a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">Sites</a>, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>, and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-67">actors</a>
 should minimize the amount of <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-53">personal data</a> they transfer.</span></li><li><a class="marker self-link" href="#bp-web-apis-should-be-designed-to-minimize-the-amount-of-data-that-sites-need-to-request-to-carry-out-their-users-goals-and-provide-granularity-and-user-controls-over-personal-data-that-is-communicated-to-sites"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">Web APIs should be designed to minimize the amount of data that sites need
 to request to carry out their users' goals and provide granularity and user controls over <a href="#dfn-data" class="internalDFN" data-link-type="dfn" id="ref-for-dfn-data-54">personal
 data</a> that is communicated to sites.</span></li><li><a class="marker self-link" href="#bp-in-maintaining-duties-of-protection-discretion-and-loyalty-user-agents-should-share-data-only-when-it-either-is-needed-to-satisfy-a-user-s-immediate-goals-or-aligns-with-the-user-s-wishes-and-interests"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">In maintaining duties of <a data-link-type="dfn|abstract-op" data-lt="duty of protection" href="#dfn-duty-of-protection" class="internalDFN" id="ref-for-dfn-duty-of-protection-2">protection</a>, <a data-link-type="dfn|abstract-op" data-lt="duty of discretion" href="#dfn-duty-of-discretion" class="internalDFN" id="ref-for-dfn-duty-of-discretion-2">discretion</a> and <a data-link-type="dfn|abstract-op" data-lt="duty of loyalty" href="#dfn-duty-of-loyalty" class="internalDFN" id="ref-for-dfn-duty-of-loyalty-2">loyalty</a>, user agents should share data only when it either is needed
@@ -2500,7 +2520,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     change over time.
   </span></li><li><a class="marker self-link" href="#respect-data-rights"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
     <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-149">People</a> have certain rights over <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-55">data</a> that is about themselves, and these rights should
-    be facilitated by their <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agent</a> and the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-66">actors</a> that are <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-41">processing</a> their
+    be facilitated by their <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agent</a> and the <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-68">actors</a> that are <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-41">processing</a> their
     <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-56">data</a>.
   </span></li><li><a class="marker self-link" href="#de-identify-data"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
     Whenever possible, processors should work with <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-57">data</a> that has been <a data-link-type="dfn|abstract-op" href="#dfn-de-identified" class="internalDFN" id="ref-for-dfn-de-identified-5">de-identified</a>.
@@ -2526,8 +2546,14 @@ <h1 id="title" class="title">Privacy Principles</h1>
 Specifications, implementations, and sites should allow for graceful
 degradation of features which may be incompatible with stronger
 privacy protections.
+  </span></li><li><a class="marker self-link" href="#purpose-specification"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
+    When accessing personal data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-69">actors</a> should specify the <a data-link-type="dfn|abstract-op" href="#dfn-purpose" class="internalDFN" id="ref-for-dfn-purpose-15">purpose</a>
+    for which the data will be used.
+  </span></li><li><a class="marker self-link" href="#no-secondary-use"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
+    <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-70">Actors</a> should not use personal data for purposes other than those specified. (Other uses are often called
+    <a data-link-type="dfn|abstract-op" href="#dfn-secondary-use" class="internalDFN" id="ref-for-dfn-secondary-use-2">secondary uses</a>.)
   </span></li><li><a class="marker self-link" href="#transparency-when-requested"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
-    When accessing data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> (and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-67">actors</a>) should provide
+    When accessing data or requesting permission, <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> (and other <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-71">actors</a>) should provide
     <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-150">people</a> with relevant explanatory information about the use of data, and <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>
     should help present and consume that information.
   </span></li><li><a class="marker self-link" href="#transparency-plain-language-machine-readable"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
@@ -2537,26 +2563,26 @@ <h1 id="title" class="title">Privacy Principles</h1>
     Mechanisms that can be used for <a data-link-type="dfn|abstract-op" data-lt="recognize" href="#dfn-recognize" class="internalDFN" id="ref-for-dfn-recognize-22">recognizing</a> <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-151">people</a> should be designed so that
     their operation is visible and distinguishable, to <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agents</a>, researchers and regulators.
   </span></li><li><a class="marker self-link" href="#principle-consent-user-preference"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
-    When any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-68">actor</a> obtains <a data-link-type="dfn|abstract-op" href="#dfn-opt-in" class="internalDFN" id="ref-for-dfn-opt-in-13">consent</a> for processing from a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-152">person</a>, the
+    When any <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-72">actor</a> obtains <a data-link-type="dfn|abstract-op" href="#dfn-opt-in" class="internalDFN" id="ref-for-dfn-opt-in-13">consent</a> for processing from a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-152">person</a>, the
     actor should design the consent request so as to learn the person's true
     intent to consent or not, and not to maximize the processing consented to.
   </span></li><li><a class="marker self-link" href="#principle-minimize-consent-requests"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
-    An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-69">actor</a> should avoid interrupting a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-153">person</a>'s use of a site for
+    An <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-73">actor</a> should avoid interrupting a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-153">person</a>'s use of a site for
     consent requests when an alternative is available.
   </span></li><li><a class="marker self-link" href="#principle-consent-withdraw"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
   It should be as easy for a <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-154">person</a> to check what consent they have given, to withdraw consent,
   or to opt out or object, as to give consent.
   </span></li><li><a class="marker self-link" href="#principle-consent-otherpeople"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
-      <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-70">Actors</a> should provide functionality to access, correct, and remove data about
+      <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-74">Actors</a> should provide functionality to access, correct, and remove data about
       <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-155">people</a> to those <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-156">people</a> when that data has been provided by someone else.
     </span></li><li><a class="marker self-link" href="#principle-notifications-control"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">A <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">user agent</a> should help
     users control notifications and other interruptive UI that can be used to manipulate behavior.</span></li><li><a class="marker self-link" href="#principle-notifications-context"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">Web <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#site">sites</a> should use notifications
     only for information that their users have specifically requested.
   </span></li><li><a class="marker self-link" href="#principle-do-not-retaliate"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
-    <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-71">Actors</a> must not retaliate against <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-157">people</a> who protect their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-58">data</a> against
+    <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-75">Actors</a> must not retaliate against <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-157">people</a> who protect their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-58">data</a> against
     non-essential <a data-link-type="dfn|abstract-op" href="#dfn-process" class="internalDFN" id="ref-for-dfn-process-42">processing</a> or exercise rights over their <a data-link-type="dfn|abstract-op" href="#dfn-data" class="internalDFN" id="ref-for-dfn-data-59">data</a>.
   </span></li><li><a class="marker self-link" href="#principle-support-choosing-info"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
-    <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">User agents</a> should support <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-158">people</a> in choosing which information they provide to <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-72">actors</a> that
+    <a data-link-type="dfn|abstract-op" data-type="dfn" href="https://infra.spec.whatwg.org/#user-agent">User agents</a> should support <a data-link-type="dfn|abstract-op" href="#dfn-individual" class="internalDFN" id="ref-for-dfn-individual-158">people</a> in choosing which information they provide to <a data-link-type="dfn|abstract-op" href="#dfn-actor" class="internalDFN" id="ref-for-dfn-actor-76">actors</a> that
     request it, up to and including allowing users to provide arbitrary information.
   </span></li><li><a class="marker self-link" href="#principle-no-facts-or-promises"><bdi lang="en">Principle</bdi></a>: <span class="practicelab">
     APIs should be designed such that data returned through an API does not assert a fact or make a
@@ -2760,7 +2786,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-autonomous-11" title="§ 2.7 Collective Privacy">§ 2.7 Collective Privacy</a> <a href="#ref-for-dfn-autonomous-12" title="Reference 2">(2)</a> <a href="#ref-for-dfn-autonomous-13" title="Reference 3">(3)</a> 
     </li><li>
-      <a href="#ref-for-dfn-autonomous-14" title="§ 2.13 Notifications and Interruptions">§ 2.13 Notifications and Interruptions</a> <a href="#ref-for-dfn-autonomous-15" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-autonomous-14" title="§ 2.14 Notifications and Interruptions">§ 2.14 Notifications and Interruptions</a> <a href="#ref-for-dfn-autonomous-15" title="Reference 2">(2)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-dark-pattern" aria-label="Links in this document to definition: deceptive patterns">
@@ -2776,7 +2802,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-dark-pattern-3" title="§ 2.10 Vulnerability">§ 2.10 Vulnerability</a> 
     </li><li>
-      <a href="#ref-for-dfn-dark-pattern-4" title="§ 2.15 Support Choosing Which Information to Present">§ 2.15 Support Choosing Which Information to Present</a> 
+      <a href="#ref-for-dfn-dark-pattern-4" title="§ 2.16 Support Choosing Which Information to Present">§ 2.16 Support Choosing Which Information to Present</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-opt-in" aria-label="Links in this document to definition: consent">
@@ -2796,9 +2822,9 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-opt-in-9" title="§ 1.3 User Agents">§ 1.3 User Agents</a> 
     </li><li>
-      <a href="#ref-for-dfn-opt-in-10" title="§ 2.11 Transparency">§ 2.11 Transparency</a> 
+      <a href="#ref-for-dfn-opt-in-10" title="§ 2.12 Transparency">§ 2.12 Transparency</a> 
     </li><li>
-      <a href="#ref-for-dfn-opt-in-11" title="§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
+      <a href="#ref-for-dfn-opt-in-11" title="§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
     </li><li>
       <a href="#ref-for-dfn-opt-in-12" title="§ A.1 People">§ A.1 People</a> 
     </li><li>
@@ -2830,7 +2856,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-global-opt-out-5" title="§ 2.2.1 Ancillary uses">§ 2.2.1 Ancillary uses</a> 
     </li><li>
-      <a href="#ref-for-dfn-global-opt-out-6" title="§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
+      <a href="#ref-for-dfn-global-opt-out-6" title="§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-automation-asymmetry" aria-label="Links in this document to definition: automation asymmetry">
@@ -2866,7 +2892,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-privacy-labor-6" title="§ 2.7 Collective Privacy">§ 2.7 Collective Privacy</a> 
     </li><li>
-      <a href="#ref-for-dfn-privacy-labor-7" title="§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
+      <a href="#ref-for-dfn-privacy-labor-7" title="§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-fips" aria-label="Links in this document to definition: Fair Information Practices">
@@ -3117,6 +3143,8 @@ <h1 id="title" class="title">Privacy Principles</h1>
       <ul>
     <li>
       <a href="#ref-for-dfn-controlled-de-identified-data-1" title="§ 2.6 De-identified Data">§ 2.6 De-identified Data</a> <a href="#ref-for-dfn-controlled-de-identified-data-2" title="Reference 2">(2)</a> <a href="#ref-for-dfn-controlled-de-identified-data-3" title="Reference 3">(3)</a> <a href="#ref-for-dfn-controlled-de-identified-data-4" title="Reference 4">(4)</a> <a href="#ref-for-dfn-controlled-de-identified-data-5" title="Reference 5">(5)</a> 
+    </li><li>
+      <a href="#ref-for-dfn-controlled-de-identified-data-6" title="§ 2.11 Purpose limitation">§ 2.11 Purpose limitation</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-device-owner" aria-label="Links in this document to definition: owners">
@@ -3240,13 +3268,13 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-individual-90" title="§ 2.10 Vulnerability">§ 2.10 Vulnerability</a> 
     </li><li>
-      <a href="#ref-for-dfn-individual-91" title="§ 2.11 Transparency">§ 2.11 Transparency</a> <a href="#ref-for-dfn-individual-92" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-93" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-94" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-95" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-96" title="Reference 6">(6)</a> 
+      <a href="#ref-for-dfn-individual-91" title="§ 2.12 Transparency">§ 2.12 Transparency</a> <a href="#ref-for-dfn-individual-92" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-93" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-94" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-95" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-96" title="Reference 6">(6)</a> 
     </li><li>
-      <a href="#ref-for-dfn-individual-97" title="§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> <a href="#ref-for-dfn-individual-98" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-99" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-100" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-101" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-102" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-103" title="Reference 7">(7)</a> <a href="#ref-for-dfn-individual-104" title="Reference 8">(8)</a> <a href="#ref-for-dfn-individual-105" title="Reference 9">(9)</a> 
+      <a href="#ref-for-dfn-individual-97" title="§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> <a href="#ref-for-dfn-individual-98" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-99" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-100" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-101" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-102" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-103" title="Reference 7">(7)</a> <a href="#ref-for-dfn-individual-104" title="Reference 8">(8)</a> <a href="#ref-for-dfn-individual-105" title="Reference 9">(9)</a> 
     </li><li>
-      <a href="#ref-for-dfn-individual-106" title="§ 2.14 Non-Retaliation">§ 2.14 Non-Retaliation</a> <a href="#ref-for-dfn-individual-107" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-individual-106" title="§ 2.15 Non-Retaliation">§ 2.15 Non-Retaliation</a> <a href="#ref-for-dfn-individual-107" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-individual-108" title="§ 2.15 Support Choosing Which Information to Present">§ 2.15 Support Choosing Which Information to Present</a> <a href="#ref-for-dfn-individual-109" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-110" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-111" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-112" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-113" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-114" title="Reference 7">(7)</a> <a href="#ref-for-dfn-individual-115" title="Reference 8">(8)</a> <a href="#ref-for-dfn-individual-116" title="Reference 9">(9)</a> <a href="#ref-for-dfn-individual-117" title="Reference 10">(10)</a> <a href="#ref-for-dfn-individual-118" title="Reference 11">(11)</a> <a href="#ref-for-dfn-individual-119" title="Reference 12">(12)</a> <a href="#ref-for-dfn-individual-120" title="Reference 13">(13)</a> <a href="#ref-for-dfn-individual-121" title="Reference 14">(14)</a> 
+      <a href="#ref-for-dfn-individual-108" title="§ 2.16 Support Choosing Which Information to Present">§ 2.16 Support Choosing Which Information to Present</a> <a href="#ref-for-dfn-individual-109" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-110" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-111" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-112" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-113" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-114" title="Reference 7">(7)</a> <a href="#ref-for-dfn-individual-115" title="Reference 8">(8)</a> <a href="#ref-for-dfn-individual-116" title="Reference 9">(9)</a> <a href="#ref-for-dfn-individual-117" title="Reference 10">(10)</a> <a href="#ref-for-dfn-individual-118" title="Reference 11">(11)</a> <a href="#ref-for-dfn-individual-119" title="Reference 12">(12)</a> <a href="#ref-for-dfn-individual-120" title="Reference 13">(13)</a> <a href="#ref-for-dfn-individual-121" title="Reference 14">(14)</a> 
     </li><li>
       <a href="#ref-for-dfn-individual-122" title="§ A.1 People">§ A.1 People</a> <a href="#ref-for-dfn-individual-123" title="Reference 2">(2)</a> <a href="#ref-for-dfn-individual-124" title="Reference 3">(3)</a> <a href="#ref-for-dfn-individual-125" title="Reference 4">(4)</a> <a href="#ref-for-dfn-individual-126" title="Reference 5">(5)</a> <a href="#ref-for-dfn-individual-127" title="Reference 6">(6)</a> <a href="#ref-for-dfn-individual-128" title="Reference 7">(7)</a> 
     </li><li>
@@ -3298,7 +3326,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-context-12" title="§ 2.4 Sensitive Information">§ 2.4 Sensitive Information</a> 
     </li><li>
-      <a href="#ref-for-dfn-context-13" title="§ 2.11 Transparency">§ 2.11 Transparency</a> 
+      <a href="#ref-for-dfn-context-13" title="§ 2.12 Transparency">§ 2.12 Transparency</a> 
     </li><li>
       <a href="#ref-for-dfn-context-14" title="§ A.1 People">§ A.1 People</a> 
     </li><li>
@@ -3348,21 +3376,23 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-actor-31" title="§ 2.9 Protecting web users from abusive behaviour">§ 2.9 Protecting web users from abusive behaviour</a> <a href="#ref-for-dfn-actor-32" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-33" title="§ 2.11 Transparency">§ 2.11 Transparency</a> <a href="#ref-for-dfn-actor-34" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-actor-33" title="§ 2.11 Purpose limitation">§ 2.11 Purpose limitation</a> <a href="#ref-for-dfn-actor-34" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-35" title="§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> <a href="#ref-for-dfn-actor-36" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-37" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-38" title="Reference 4">(4)</a> 
+      <a href="#ref-for-dfn-actor-35" title="§ 2.12 Transparency">§ 2.12 Transparency</a> <a href="#ref-for-dfn-actor-36" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-39" title="§ 2.14 Non-Retaliation">§ 2.14 Non-Retaliation</a> <a href="#ref-for-dfn-actor-40" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-41" title="Reference 3">(3)</a> 
+      <a href="#ref-for-dfn-actor-37" title="§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> <a href="#ref-for-dfn-actor-38" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-39" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-40" title="Reference 4">(4)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-42" title="§ 2.15 Support Choosing Which Information to Present">§ 2.15 Support Choosing Which Information to Present</a> <a href="#ref-for-dfn-actor-43" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-actor-41" title="§ 2.15 Non-Retaliation">§ 2.15 Non-Retaliation</a> <a href="#ref-for-dfn-actor-42" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-43" title="Reference 3">(3)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-44" title="§ A.2 Contexts">§ A.2 Contexts</a> <a href="#ref-for-dfn-actor-45" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-actor-44" title="§ 2.16 Support Choosing Which Information to Present">§ 2.16 Support Choosing Which Information to Present</a> <a href="#ref-for-dfn-actor-45" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-46" title="§ A.3 Server-Side Actors">§ A.3 Server-Side Actors</a> <a href="#ref-for-dfn-actor-47" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-48" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-49" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-50" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-51" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-52" title="Reference 7">(7)</a> 
+      <a href="#ref-for-dfn-actor-46" title="§ A.2 Contexts">§ A.2 Contexts</a> <a href="#ref-for-dfn-actor-47" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-53" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-actor-54" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-55" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-56" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-57" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-58" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-59" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-60" title="Reference 8">(8)</a> <a href="#ref-for-dfn-actor-61" title="Reference 9">(9)</a> <a href="#ref-for-dfn-actor-62" title="Reference 10">(10)</a> <a href="#ref-for-dfn-actor-63" title="Reference 11">(11)</a> <a href="#ref-for-dfn-actor-64" title="Reference 12">(12)</a> 
+      <a href="#ref-for-dfn-actor-48" title="§ A.3 Server-Side Actors">§ A.3 Server-Side Actors</a> <a href="#ref-for-dfn-actor-49" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-50" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-51" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-52" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-53" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-54" title="Reference 7">(7)</a> 
     </li><li>
-      <a href="#ref-for-dfn-actor-65" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-actor-66" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-67" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-68" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-69" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-70" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-71" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-72" title="Reference 8">(8)</a> 
+      <a href="#ref-for-dfn-actor-55" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-actor-56" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-57" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-58" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-59" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-60" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-61" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-62" title="Reference 8">(8)</a> <a href="#ref-for-dfn-actor-63" title="Reference 9">(9)</a> <a href="#ref-for-dfn-actor-64" title="Reference 10">(10)</a> <a href="#ref-for-dfn-actor-65" title="Reference 11">(11)</a> <a href="#ref-for-dfn-actor-66" title="Reference 12">(12)</a> 
+    </li><li>
+      <a href="#ref-for-dfn-actor-67" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> <a href="#ref-for-dfn-actor-68" title="Reference 2">(2)</a> <a href="#ref-for-dfn-actor-69" title="Reference 3">(3)</a> <a href="#ref-for-dfn-actor-70" title="Reference 4">(4)</a> <a href="#ref-for-dfn-actor-71" title="Reference 5">(5)</a> <a href="#ref-for-dfn-actor-72" title="Reference 6">(6)</a> <a href="#ref-for-dfn-actor-73" title="Reference 7">(7)</a> <a href="#ref-for-dfn-actor-74" title="Reference 8">(8)</a> <a href="#ref-for-dfn-actor-75" title="Reference 9">(9)</a> <a href="#ref-for-dfn-actor-76" title="Reference 10">(10)</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-first-party" aria-label="Links in this document to definition: first party">
@@ -3450,9 +3480,9 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-data-39" title="§ 2.7 Collective Privacy">§ 2.7 Collective Privacy</a> <a href="#ref-for-dfn-data-40" title="Reference 2">(2)</a> <a href="#ref-for-dfn-data-41" title="Reference 3">(3)</a> 
     </li><li>
-      <a href="#ref-for-dfn-data-42" title="§ 2.14 Non-Retaliation">§ 2.14 Non-Retaliation</a> <a href="#ref-for-dfn-data-43" title="Reference 2">(2)</a> <a href="#ref-for-dfn-data-44" title="Reference 3">(3)</a> 
+      <a href="#ref-for-dfn-data-42" title="§ 2.15 Non-Retaliation">§ 2.15 Non-Retaliation</a> <a href="#ref-for-dfn-data-43" title="Reference 2">(2)</a> <a href="#ref-for-dfn-data-44" title="Reference 3">(3)</a> 
     </li><li>
-      <a href="#ref-for-dfn-data-45" title="§ 2.15 Support Choosing Which Information to Present">§ 2.15 Support Choosing Which Information to Present</a> 
+      <a href="#ref-for-dfn-data-45" title="§ 2.16 Support Choosing Which Information to Present">§ 2.16 Support Choosing Which Information to Present</a> 
     </li><li>
       <a href="#ref-for-dfn-data-46" title="§ A.2 Contexts">§ A.2 Contexts</a> 
     </li><li>
@@ -3592,9 +3622,9 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-process-25" title="§ 2.7 Collective Privacy">§ 2.7 Collective Privacy</a> <a href="#ref-for-dfn-process-26" title="Reference 2">(2)</a> <a href="#ref-for-dfn-process-27" title="Reference 3">(3)</a> <a href="#ref-for-dfn-process-28" title="Reference 4">(4)</a> <a href="#ref-for-dfn-process-29" title="Reference 5">(5)</a> <a href="#ref-for-dfn-process-30" title="Reference 6">(6)</a> 
     </li><li>
-      <a href="#ref-for-dfn-process-31" title="§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.12 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
+      <a href="#ref-for-dfn-process-31" title="§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections">§ 2.13 Consent, Withdrawal of Consent, Opt-Outs, and Objections</a> 
     </li><li>
-      <a href="#ref-for-dfn-process-32" title="§ 2.14 Non-Retaliation">§ 2.14 Non-Retaliation</a> <a href="#ref-for-dfn-process-33" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-process-32" title="§ 2.15 Non-Retaliation">§ 2.15 Non-Retaliation</a> <a href="#ref-for-dfn-process-33" title="Reference 2">(2)</a> 
     </li><li>
       <a href="#ref-for-dfn-process-34" title="§ A.3 Server-Side Actors">§ A.3 Server-Side Actors</a> <a href="#ref-for-dfn-process-35" title="Reference 2">(2)</a> 
     </li><li>
@@ -3640,11 +3670,13 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-purpose-4" title="§ 1.2 Collective Governance">§ 1.2 Collective Governance</a> <a href="#ref-for-dfn-purpose-5" title="Reference 2">(2)</a> 
     </li><li>
-      <a href="#ref-for-dfn-purpose-6" title="§ 1.4 Incorporating Different Privacy Principles">§ 1.4 Incorporating Different Privacy Principles</a> 
+      <a href="#ref-for-dfn-purpose-6" title="§ 2.6 De-identified Data">§ 2.6 De-identified Data</a> 
     </li><li>
-      <a href="#ref-for-dfn-purpose-7" title="§ 2.6 De-identified Data">§ 2.6 De-identified Data</a> 
+      <a href="#ref-for-dfn-purpose-7" title="§ 2.11 Purpose limitation">§ 2.11 Purpose limitation</a> 
     </li><li>
       <a href="#ref-for-dfn-purpose-8" title="§ A.4 Acting on Data">§ A.4 Acting on Data</a> <a href="#ref-for-dfn-purpose-9" title="Reference 2">(2)</a> <a href="#ref-for-dfn-purpose-10" title="Reference 3">(3)</a> <a href="#ref-for-dfn-purpose-11" title="Reference 4">(4)</a> <a href="#ref-for-dfn-purpose-12" title="Reference 5">(5)</a> <a href="#ref-for-dfn-purpose-13" title="Reference 6">(6)</a> <a href="#ref-for-dfn-purpose-14" title="Reference 7">(7)</a> 
+    </li><li>
+      <a href="#ref-for-dfn-purpose-15" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
     </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-means" aria-label="Links in this document to definition: means">
@@ -3698,7 +3730,7 @@ <h1 id="title" class="title">Privacy Principles</h1>
     </li><li>
       <a href="#ref-for-dfn-recognize-6" title="§ 2.2 Data Minimization">§ 2.2 Data Minimization</a> 
     </li><li>
-      <a href="#ref-for-dfn-recognize-7" title="§ 2.11 Transparency">§ 2.11 Transparency</a> <a href="#ref-for-dfn-recognize-8" title="Reference 2">(2)</a> 
+      <a href="#ref-for-dfn-recognize-7" title="§ 2.12 Transparency">§ 2.12 Transparency</a> <a href="#ref-for-dfn-recognize-8" title="Reference 2">(2)</a> 
     </li><li>
       <a href="#ref-for-dfn-recognize-9" title="§ A.5 Recognition">§ A.5 Recognition</a> <a href="#ref-for-dfn-recognize-10" title="Reference 2">(2)</a> 
     </li><li>
@@ -3800,6 +3832,20 @@ <h1 id="title" class="title">Privacy Principles</h1>
     <li>
       <a href="#ref-for-dfn-intrusion-1" title="§ B. High-Level Threats">§ B. High-Level Threats</a> 
     </li>
+  </ul>
+    </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-secondary-use" aria-label="Links in this document to definition: Secondary Use">
+      <span class="caret"></span>
+      <div>
+        <a class="self-link" href="#dfn-secondary-use" aria-label="Permalink for definition: Secondary Use. Activate to close this dialog.">Permalink</a>
+         
+      </div>
+      <p><b>Referenced in:</b></p>
+      <ul>
+    <li>
+      <a href="#ref-for-dfn-secondary-use-1" title="§ 2.11 Purpose limitation">§ 2.11 Purpose limitation</a> 
+    </li><li>
+      <a href="#ref-for-dfn-secondary-use-2" title="§ C. Best Practices Summary">§ C. Best Practices Summary</a> 
+    </li>
   </ul>
     </div><div class="dfn-panel" hidden="" role="dialog" aria-modal="true" id="dfn-panel-for-dfn-surveillance" aria-label="Links in this document to definition: Surveillance">
       <span class="caret"></span>