Data Minimization VS. AI Training - How Is Your Data Used?
5 min. read
Updated on
Share this article
Improve this guide
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
What is data minimization? And how does it impact AI training?
More and more individuals are interested in the topic, as organizations’ appetites for user data grow.
Let’s unravel it all!
What is data minimization?
Data minimization is a principle in data privacy that requires organizations to only collect information that serves a specific purpose. Collecting and retaining as little info as possible minimizes potential harm from breaches, unauthorized access, and data misuse.
This practice aligns with important privacy regulations which require organizations to have a legitimate reason for processing user data.
Laws regarding data minimization
General Data Protection Regulation (GDPR) is the EU’s comprehensive regulation that focuses heavily on data minimization.
It lists three factors organizations should consider when processing personal information:
- Adequacy — Does the data fulfill a specific purpose?
- Relevance — Is the information linked to that purpose?
- Necessity — Is every piece of info relevant to it?
The GDPR hasn’t set a specific set of rules for each factor. That’s because every instance of data collection depends heavily on the specific circumstances for processing and retaining information.
However, it states that organizations should be as specific as possible when describing what they need the info for.
In the past, hacker attacks caused even more damage because organizations collected more information than necessary. So, processing less data minimizes the risk to user privacy in such situations.
Brazil also modeled its General Data Protection Law (LGPD) on the EU’s GDPR. It’s constructed of the same principles, including data minimization.
It requires organizations to only collect data that serves specific, explicit, and legitimate purposes.
California Consumer Privacy Act (CCPA) is the state’s privacy law that lists consumers’ rights over their sensitive information.
While it doesn’t mention data minimization specifically, it obliges organizations to state what information they collect and identify the purposes.
India’s Personal Data Protection Bill (PDPB) also requires organizations to collect only necessary data. In addition, it calls for storage limitations and deletion of data unless retention is required.
The impact of data minimization on AI
Data minimization is a step forward for user privacy. However, there are situations in which lack of information impacts companies’ operations.
This is the case with AI training.
To train and then test these AI models, researchers need access to data they don’t generally need.
When testing AI for bias, they must have sensitive information such as age, gender, race, and similar demographic categories.
Organizations that comply with data minimization often choose not to collect and retain this type of data. But without it, some flaws in AI models may go undiscovered.
For example, the US Federal Trade Commissioner Rebecca Kelly Slaughter said that a recent study identified racial bias in a popular machine learning algorithm. Its purpose was to improve access to high-risk patients with chronic conditions.
The researchers were able to discover the problem only because they had enough data to work with.
So, this is where data minimization may turn out to be a problem. For example, organizations in California will have a hard time gathering and retaining all the info due to CPPA.
Still, researchers argue that it’s important to achieve some kind of balance. They believe that although data minimization is important, it’s not the most important privacy principle.
Fairness, transparency, and accountability also need to be taken into account.
How to keep more of your data private
With user data collection becoming a widely-discussed topic, more individuals are looking for ways to keep their information safe.
Here are some of the most effective among them:
Read privacy policies
Let’s start with the easiest one. When interacting with a product or service online, you should always read its privacy policy.
There, you’ll be able to learn more about the type of information it collects and for what purposes.
If you’re uncomfortable with the amount of data it’ll take, you can always look for alternative options.
Opt out of data collection
Services often ask users for permission to collect their info. With many of them, you can still use the product or service without agreeing.
Simply clicking “No” or “Don’t Agree” in such situations will keep your data safe.
For example, Meta recently agreed to ask users for permission to show them targeted ads. Users who don’t agree to this will still be able to use the apps, they just won’t see the ads.
Use a VPN
With a VPN, you can start your online sessions anonymously from another virtual location.
This means the websites you visit won’t be able to see your IP address or identify you in any other way. You won’t leave any tracks, regardless of what you do online.
Not only this, but your ISP also won’t have insight into your browsing sessions.
We’ve arranged the best VPN deals so you can save a ton.
Review app permissions
Many mobile apps require permission to do their job properly.
By reviewing them, you maintain more control over their access to your data.
However, some may ask for more than they need for their intended purpose, thus compromising your privacy and security.
In such situations, it’s best to look for an alternative option.
Conclusion
Like many, you were wondering — what is data minimization and how does it impact AI training?
Due to recent comments from researchers, it’s more understandable why companies may need more information.
After all, with the growing role of AI technologies, it’s more important than ever for companies to develop them right.
