The system must specify the purpose of personal data collection
and it must do so before requesting the user’s consent for the collection.
Applications usually request or collect personal data from their users.
Such collection must be properly justified according to the legal requirements
of each nation.
These reasons must be accessible for the user in a clear manner, in an easy
to understand language and before requesting their consent for the collection
and processing of data.
GDPR. Recital 39: Principles of data processing.
It should be transparent to natural persons that personal data concerning them
are collected, used, consulted or otherwise processed and to what extent
the personal data are or will be processed.