I think this relational rather than transactional view is what we really need to take, because GDPR basically says if a data operator controls some data you provide to them for one particular purpose, then if they want to use it for some other purpose and so on, they have to initiate a conversation with you about the new purpose because you did not provide it under that context.