The term “data minimization” generally refers to two requirements within the GDPR: (1) a company should only collect and process personal data that is “necessary” in relation to its purpose, and (2) a company should keep data for “no longer than is necessary for [that] purpose[].”[1] Put differently, a company should only collect what
data minimization
Under the GDPR, do organizations that use personal information to train an AI need to minimize the amount of time training data is retained?
The term “data minimization” generally refers to two requirements within the GDPR: (1) a company should only collect personal data that is “necessary” in relation to its purpose, and (2) a company should keep data for “no longer than is necessary for [that] purpose[].”[1] Put differently, a company should only collect what it needs…
Does the CPRA require data minimization with regard to the storage of information?
By David A. Zetoony on
Yes.
Data minimization is not addressed by most privacy laws in the United States and was not mandated by the CCPA. Privacy laws in the United States that do touch upon data minimization generally do not require it; instead, they recommend it as a best practice or as a condition for achieving a safe harbor…