What Is Data Minimisation?
Data Minimisation is the data-protection principle that personal data collected and processed should be adequate, relevant, and limited to what is necessary for the stated purpose.
Data Minimisation — the data-protection principle that personal data collected and processed should be adequate, relevant, and limited to what is necessary for the stated purpose.
Data minimisation (GDPR Article 5(1)(c)) is in productive tension with the data-hungry nature of machine learning, which tends to favour collecting as much data as possible. For AI governance it means organisations must justify the training and input data they use, avoid retaining personal data indefinitely, and prefer techniques — aggregation, synthetic data, differential privacy — that reduce reliance on identifiable personal information. Regulators increasingly scrutinise AI training datasets against this principle.
Source: GDPR, Article 5(1)(c)
Plain-language explanation
Data minimisation (GDPR Article 5(1)(c)) is in productive tension with the data-hungry nature of machine learning, which tends to favour collecting as much data as possible. For AI governance it means organisations must justify the training and input data they use, avoid retaining personal data indefinitely, and prefer techniques — aggregation, synthetic data, differential privacy — that reduce reliance on identifiable personal information. Regulators increasingly scrutinise AI training datasets against this principle.
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →