This article questions the role of the principle of purpose limitation in a situation where personal data are collected under the General Data Protection Regulation (GDPR) and further processed under the regime of the ‘police and criminal justice’ Directive. It reviews the rules set out in both instruments, concerning the principle of purpose limitation and the further processing of personal data for a different purpose. The analysis of the rules under Directive 2016/680 reveals some ambiguity: are the rules applicable to the subsequent use of any personal data (including those collected under the GDPR)? Or are the rules limited to the subsequent use of ‘police or criminal justice’ data? Building on the ambiguous wording of Article 4(2) of the Directive, the article addresses the two hypotheses and analyses their consequences. It concludes with the uncertainty of the applicable rules and the likelihood of diverging interpretations at the national level.