This dissertation describes an investigation into the feasibility of expressing and enforcing use-based privacy, which posits that privacy can be provided by preventing harmful uses of sensitive information. Use-based privacy is shown to benefit from a reactive policy language---one that specifies not only a current set of restrictions but also describes how those restrictions change. An instantiation of such a reactive language, the Avenance language, is defined; its expressiveness is demonstrated with real-world policies. The dissertation also explores the feasibility of a technical means for enforcing compliance. Systems are described for facilitating policy compliance by benign principals and architectures for enforcing policy compliance in the presence of adversarial principals. A policy provider that associates use-based privacy policies with sensitive values as policy tags also is described. The described work collectively constitutes strong evidence for the feasibility of use-based privacy.