Data Minimization

A fundamental privacy principle requiring that personal data collection be limited to what is adequate, relevant, and necessary for specified purposes. Data minimization means collecting only what you actually need, not everything you could collect or might someday want. This principle applies at collection (don't gather unnecessary fields) and throughout processing (don't keep data longer than needed, don't use it for unrelated purposes). For example, if you're selling t-shirts, you need shipping addresses but probably not dates of birth. Data minimization reduces privacy risks—less data means less breach exposure, fewer compliance obligations, and reduced storage costs. It requires thinking critically about data needs, questioning default practices of collecting everything, implementing technical measures to prevent excessive collection, and regularly reviewing data holdings to delete unnecessary information. Data minimization is not just good practice—it's a legal requirement under GDPR and many other privacy laws.