Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC) · the access. They include for example: the re-authentication of the user before access- ing sensitive data, or the readjustment of the data accuracy, Post-obligation: they include for example a data retention policy that would schedule data deletion. Cited works share our objective to model pri- vacy within the access control policy since both policies manage access to the same resource. These models are based only on purposes. We argue that purpose is not sufficient for users to define their privacy preferences. We present limited changes in the OrBAC model that first include: a new context type: Consent context. We then showed that purposes and provisional obligations are expressed thanks to existing context types: user- declared and provisional contexts respectively. The accuracy is finally introduced by defining Furthermore, we were interested in the collec- tion and use limitations of the private data. So, we specified the accuracy levels of private data and how data owner can define different levels according to his preferences. Existing models do not bother with this parameter, which enforces the use limitation requirements, and consider it as a low-level mechanism. We differentiated between the high-level accuracy that should be speci- fied within the privacy policy and the low-level mechanism, such as the obfuscation algorithm, to enforce that parameter. We specified a privacy-aware access control model that integrates the major privacy require- ments. By contrast, related works focused on a subset of them and they suggest fundamental changes on the access control model. 7. CONCLUSION