The protection of privacy related information of the individual is receiving in-creasing attention. Particular focus is on the protection of user interaction with other users or service providers. Protection of this interaction centres on anonymis-ing the user’s actions, or protecting “what we do”. An equally important aspect is protecting the information related to a user that is stored in some electronic way (or protecting “who we are”). This may be profile information on a social networking site, or personal information in a bank’s database. A typical approach to protecting the user (data owner) in this case is to tag their data with the “purpose ” the collecting entity (data controller) has for the data. These purposes are in most cases...