What is “data minimization” under EU Data Protection Law?
There are seven basic data protection principles under EU data protection law. The principles lie at the heart of the law and, although they don’t give hard and fast rules, they embody the spirit of the regulatory framework. Therefore, compliance with the principles is a fundamental building block to any good data protection practice. The seven principles are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
The third principle is the principle of “data minimization” (GDPR Article 5 (1) (c)).
GDPR Article 5
“1. Personal data shall be:
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”
The principle of ‘data minimization’
The data minimization principle requires entities to process only ‘adequate, relevant and limited’…