Data minimisation is a methodological principle limiting the collection and processing of data to that which is adequate, relevant, and necessary to achieve the purpose of the collection effort. This purpose should be clearly stated in the Collection Plan (see BP 6).
The Collector should ensure it is familiar with the applicable domestic legal framework as it pertains to data minimisation. If the collection effort falls under the purview of the GDPR, then the effort must implement data minimisation.1 Adhering to data minimisation as a best practice, regardless of whether or not it is required by law, increases the chances that any infringement on privacy in the data collection effort will be considered proportionate and therefore justified. For example, certain forms of audio collection, such as data scraping or collecting radio signals, are more likely to be used to collect a broad and voluminous array of data. As a result, they have the potential to include a high volume of data that is not relevant for the purpose of the collection effort (see BP 13 for guidance on conducting a relevance assessment). These sources of audio pose a greater risk of collecting and/or processing data that is not limited to the purpose of the collection effort. This risk can be managed by prioritising data minimisation (see BP 5 on privacy; see BP 26 on data minimisation when data scraping).
Data minimisation should occur throughout the collection effort. It may involve, for example, targeting only relevant sources, locations, or timeframes for collection (discussed in BP 6); using either manual or algorithmic filtering to flag for deletion any data collected unnecessarily (see BP 16); and, reviewing the remaining collected data to ensure its relevance (see BP 13).
Additional benefits of data minimisation include, first, that it may help when structuring a collection effort dealing with voluminous data, as a data minimisation approach will require the data to be filtered, assessed, and organised; and, second, that it may help to cut down the required storage volume and therefore the cost of the collection effort, as storage costs can be significant when working with a large quantity of data.
The Collector should ensure that all steps taken towards data minimisation do not undermine the equal treatment of both potentially inculpatory and exculpatory data (see BP 10).
Tech Specs & Resources
For a discussion of the ethical considerations when relying on algorithmic filtering, see e.g., Data Science and Ethics Group, A Framework for the Ethical Use of Advanced Data Science Methods in the Humanitarian Sector (2020), pages 29-32.
Legal Framework
See section 4.2.2.C. on the role that the principle of data minimisation plays in protecting the right to privacy. Observing data minimisation increases the chances that a data collection effort’s infringement on privacy will be considered proportionate and therefore justified.
See section 4.2.4.B. on ‘Scope of the GDPR’ and ‘Data Protection Measures’ under the GDPR.
See section 4.3. on the fair trial right of ensuring that the accused is given exculpatory material.