Data minimization: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:51, 22 April 2024 edit Thomasss (talk \| contribs) 157 edits →The data minimization principle in regulatory texts worldwide (selection): + PIPEDA (Canada) ← Previous edit		Latest revision as of 10:27, 7 August 2025 edit undo MrPersonHumanGuy (talk \| contribs) Extended confirmed users 10,247 edits →The data minimization principle in regulatory texts worldwide (selection): converting list into prose
(5 intermediate revisions by 4 users not shown)
Line 4: The principle of data minimization is a global, universal principle of data protection, and can thus be found in almost every legal or regulatory text on data protection/privacy. == ~~The data minimization principle~~Principle in regulatory texts ~~worldwide (selection)~~ == The [[OECD]] Privacy Guidelines<ref>{{cite web\|title=OECD Privacy Guidelines\|url=https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188}}</ref> refer to the data minimization principle as the ''Collection Limitation Principle'' (part two, article 7). The [[APEC]] Privacy Framework includes the data minimization principle, referred to as the ''Collection Limitation'' principle, as principle III.<ref>{{cite web\|title=APEC Privacy Framework (2015)\|url=https://www.apec.org/Publications/2017/08/APEC-Privacy-Framework-(2015)}}</ref> The data minimization principle is the second of the six fundamental privacy principles set forth in the [[General Data Protection Regulation]]<ref>{{CELEX\|32016R0679\|text=Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)}}</ref> and the [[General Data Protection Regulation#United Kingdom implementation\|UK GDPR]].<ref>{{cite web\|title=Principle (c): Data Minimisation\|url=https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/the-principles/data-minimisation/\|website=ico.org.uk\|date=19 May 2023 }}</ref> The Canadian [[Personal Information Protection and Electronic Documents Act]] (PIPEDA) includes the principle as ''Principle 4 - Limiting Collection''.<ref>{{cite web\|title=Personal Information Protection and Electronic Documents Act\|url=https://www.canlii.org/en/ca/laws/stat/sc-2000-c-5/159208/sc-2000-c-5.html}}</ref><ref>{{cite web\|title=PIPEDA fair information principles\|url=https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/}}</ref> === United States === * The data minimization principle is the second of the six fundamental privacy principles set forth in the [[General Data Protection Regulation]]<ref name="eur-lex.europa.eu">{{cite web\|title=EUR-Lex – 32016R0679 – EN – EUR-Lex\|url=http://eur-lex.europa.eu/eli/reg/2016/679/oj/eng\|website=eur-lex.europa.eu}}</ref> and the [[General Data Protection Regulation#United Kingdom implementation\|UK GDPR]].<ref>{{cite web\|title=Principle (c): Data Minimisation\|url=https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/the-principles/data-minimisation/\|website=ico.org.uk}}</ref> * The [[American Data Privacy and Protection Act]] (ADPPA), a United States proposed federal online privacy bill that was not enacted, included data minimisation as a main principle.<ref name="JDSupra breakdown">{{Cite web \|last1=Dumiak \|first1=Matt \|title=Federal Privacy Bill: Breaking Down the ADPPA \|work=JD Supra \|date=2022-06-24 \|url=https://www.jdsupra.com/legalnews/federal-privacy-bill-breaking-down-the-9181745/ \|language=en \|access-date=2022-07-30 \|df=mdy-all \|archive-date=June 25, 2022 \|archive-url=https://web.archive.org/web/20220625161839/https://www.jdsupra.com/legalnews/federal-privacy-bill-breaking-down-the-9181745/}}</ref> Since the ADPPA, data minimization has become a highly contested issue in U.S. state privacy legislation, culminating in the [[Maryland Online Data Privacy Act]] (MODPA) including ADPPA-inspired data minimization requirements in 2024.<ref>{{cite web\|last1=Francis\|first1=Jordan\|title=Data Minimization’s Substantive Turn: Key Questions & Operational Challenges Posed by New State Privacy Legislation\|url=https://papers.ssrn.com/abstract_id=5309096\|work=Future of Privacy Forum\|date=2025-06-05\|language=en\|access-date=2025-07-11\|df=mdy-all}}</ref>▼ * The [[OECD]] Privacy Guidelines<ref>{{cite web\|title=OECD Privacy Guidelines\|url=https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188}}</ref> refer to the data minimization principle as the ''Collection Limitation Principle'' (part two, article 7). ▲* The [[American Data Privacy and Protection Act]] (ADPPA), a United States proposed federal online privacy bill that was not enacted included data minimisation as a main principle.<ref name="JDSupra breakdown">{{Cite web \|last1=Dumiak \|first1=Matt \|title=Federal Privacy Bill: Breaking Down the ADPPA \|work=JD Supra \|date=2022-06-24 \|url=https://www.jdsupra.com/legalnews/federal-privacy-bill-breaking-down-the-9181745/ \|language=en \|access-date=2022-07-30 \|df=mdy-all \|archive-date=June 25, 2022 \|archive-url=https://web.archive.org/web/20220625161839/https://www.jdsupra.com/legalnews/federal-privacy-bill-breaking-down-the-9181745/}}</ref> * The [[~~APEC]]~~American Privacy ~~Framework~~Rights ~~includes~~Act]] ~~the~~(APRA), a comprehensive data ~~minimization~~privacy ~~principle,~~law ~~referred~~proposed toin asApril ~~the~~2024 ~~''Collection~~in ~~Limitation''~~the ~~principle~~United States, asincludes ~~principle~~a section on data ~~III~~minimisation.<ref>{{cite web\|title=~~APEC~~American Privacy ~~Framework~~Rights Act Section-by-Section Summary by the United States Senate Committee on Commerce, Science, & Transportation ~~(2015)~~\|url=https://www.~~apec~~commerce.~~org~~senate.gov/~~Publications~~services/~~2017~~files/~~08/APEC~~E7D2864C-~~Privacy~~64C3-~~Framework~~49D3-~~(2015)~~BC1E-6AB41DE863F5}}</ref> * The [[American Privacy Rights Act]] (APRA), a comprehensive data privacy law proposed in April 2024 in the United States, includes a section on data minimisation.<ref>{{cite web\|title=American Privacy Rights Act Section-by-Section Summary by the United States Senate Committee on Commerce, Science, & Transportation \|url=https://www.commerce.senate.gov/services/files/E7D2864C-64C3-49D3-BC1E-6AB41DE863F5}}</ref> * The Canadian [[Personal Information Protection and Electronic Documents Act]] (PIPEDA) includes the principle as ''Principle 4 - Limiting Collection'' <ref>{{cite web\|title=Personal Information Protection and Electronic Documents Act\|url=https://www.canlii.org/en/ca/laws/stat/sc-2000-c-5/159208/sc-2000-c-5.html}}</ref><ref>{{cite web\|title=PIPEDA fair information principles\|url=https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/}}</ref>. ==References==