Data minimization

Data minimization is the principle of collecting, processing and storing only the necessary amount of personal information required for a specific purpose. The principle emanates from the realisation that processing unnecessary data is creating unnecessary risks for the data subject without creating any current benefit or value. The risks of processing personal data vary from identity theft to unreliable inferences resulting in incorrect, wrongful and potentially dangerous decisions.

The principle of data minimization is a global, universal principle of data protection, and can thus be found in almost every legal or regulatory text on data protection/privacy.

The data minimization principle in regulatory texts worldwide (selection)

• The data minimization principle is the second of the six fundamental privacy principles set forth in the General Data Protection Regulation<ref name="eur-lex.europa.eu">"EUR-Lex – 32016R0679 – EN – EUR-Lex". eur-lex.europa.eu.</ref> and the UK GDPR.<ref>"Principle (c): Data Minimisation". ico.org.uk.</ref>
• The OECD Privacy Guidelines<ref>"OECD Privacy Guidelines".</ref> refer to the data minimization principle as the Collection Limitation Principle (part two, article 7).
• The American Data Privacy and Protection Act (ADPPA), a United States proposed federal online privacy bill that was not enacted included data minimisation as a main principle.<ref name="JDSupra breakdown">Dumiak, Matt (June 24, 2022). "Federal Privacy Bill: Breaking Down the ADPPA". JD Supra. Archived from the original on June 25, 2022. Retrieved July 30, 2022.</ref>
• The APEC Privacy Framework includes the data minimization principle, referred to as the Collection Limitation principle, as principle III.<ref>"APEC Privacy Framework (2015)".</ref>

References

This Internet-related article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e

de:Datensparsamkeit