SUMMARYWith the growing importance of privacy in data access, much research has been done on the privacy protecting technology in the recent years. Developing an access control model and related mechanisms to support a selective access data has become important. The extensible markup language (XML) is rapidly emerging as the new standard language for semi‐structured data representation and exchange on the Internet with more and more information being distributed in XML format. In this paper, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data element in an XML document specifies the intended use of the data elements. An important issue addressed in this paper is the granularity of data labeling for data elements in XML documents and tree databases with which purposes can be associated. We address this issue in native XML databases and propose different labeling schemes for XML documents. We also propose an approach to represent purpose information to support access control based on purpose information. Our proposed solution relies on usage access control models as well as the components that are based on the notions of the purpose information used in subjects and objects. Finally, comparisons with related works are analysed. Copyright © 2011 John Wiley & Sons, Ltd.