What Does Pornography and Data Minimization Have In Common?

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

What does porn and data minimization have in common?

As said in the famous SCOTUS case: “I know it when it see it.”

Data minimization is coming to CPRA, CPA, CDPA and FTC enforcement. But what does “necessary and relevant” or “adequate and relevant” or “proportionate” mean in real life?

Only collect what is necessary for the purpose. Know what the purpose is. (“Marketing said so” or “that’s our template intake form” won’t cut it.) Figure out a process to notify individuals of the purpose and of any new purposes. Make sure the data is relevant and helpful to accomplishing this purpose. (If you are worried about vandals in your warehouse entrance, you don’t need CCTV in your employee break room. (Commission Nationale de l’Informatique et des Libertés, Agencia Española de Protección de Datos and pretty much every DPA). If you are logging employee days of illness, don’t use this to ding their promotion. Make sure ALL the data is relevant and helpful and that there is no less privacy invasive way to accomplish this. (Or if there is, offer it as an alternative.) In other words: Allow a guest checkout instead of a user account (DSK, Germany) Don’t record the entire call, just the part on the contract; and redact payment data (CNIL) Pixelate and blur faces and license plates (Bavaria DPA) Don’t require ID and DOB for purchasing concert tix (Personuvernd) If you don’t need a continued smart meter reading, take one once daily (ENISA)

Read more

Explore the site

More from the blog

Latest News