Usage control is concerned with what happens to data after access has been granted and is, among other things, thus particulary relevant for ensuring privacy. In the literature, usage control models have been dened on the grounds of \emph{events} that, somehow, are related to \emph{data}. In order to better cater to the dimension of data, we extend a usage control model by the explicit distinction between \emph{data} and \emph{representation} of data. A data flow model is used to track the flow of data in-between different representations. The usage control model is then extended so that usage control policies can address not just one single representation (e.g., delete file1.txt after thirty days) but rather all representations of the data (e.g., if file1.txt is a copy of file2.txt, also delete file2.txt). We present three proof-of-concept implementations of the model, at the operating system level, at the browser level, and at the X11 level, and also provide an ad-hoc implementation for multi-layer enforcement.