Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
dcc:pdpsol:dataminimization [2026/02/19 13:19] marlondcc:pdpsol:dataminimization [2026/03/03 14:18] (current) – text editing marlon
Line 3: Line 3:
  
 ===== Introduction ===== ===== Introduction =====
-Data minimization is one of the data protection principles that form the basis of the GDPR. It states that the processing of personal data should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” ([[https://gdpr.eu/article-5-how-to-process-personal-data/|GDPR art. 5 (1c)]]). Data minimization does not mean that you cannot collect personal data at all. If you can explain why you need these data for the current or specific future purposes you are allowed to collect these data.+Data minimization is one of the data protection principles that form the basis of the GDPR. It states that the processing of personal data should be //“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”// ([[https://gdpr.eu/article-5-how-to-process-personal-data/|GDPR art. 5 (1c)]]). Data minimization does not mean that you cannot collect personal data at all. If you can explain why you need these data for the current or specific future purposes you are allowed to collect these data.
  
 When designing your research, it is important to consider the personal data required to answer your research questions, as well as the level of detail needed and any data that may be collected automatically due to your chosen method. The data minimization practices introduced below will help you to implement data minimization in your own research. When designing your research, it is important to consider the personal data required to answer your research questions, as well as the level of detail needed and any data that may be collected automatically due to your chosen method. The data minimization practices introduced below will help you to implement data minimization in your own research.
Line 18: Line 18:
 ==== Take into account the effort of research participation ==== ==== Take into account the effort of research participation ====
 Although it is important to consider what personal data you need for your research, it is also important to be mindful of the effort and strain participation may place on data subjects. This means you should limit the collection of personal data to what you need for your research. However, you should also respect participants’ time and effort, and avoid designing studies that require participants to take part multiple times due to narrowly defined research questions. This is particularly important when working with vulnerable or hard-to-reach groups. In such cases, it is advisable to design studies that can address several relevant questions at once, thereby maximizing the value of participants’ contributions while minimizing their strain.  Although it is important to consider what personal data you need for your research, it is also important to be mindful of the effort and strain participation may place on data subjects. This means you should limit the collection of personal data to what you need for your research. However, you should also respect participants’ time and effort, and avoid designing studies that require participants to take part multiple times due to narrowly defined research questions. This is particularly important when working with vulnerable or hard-to-reach groups. In such cases, it is advisable to design studies that can address several relevant questions at once, thereby maximizing the value of participants’ contributions while minimizing their strain. 
 +
 +==== Use consistent file naming and version control ==== 
 +Organize your data consistently by using a file naming strategy and good folder structure. The [[https://dmeg.cessda.eu/Data-Management-Expert-Guide/2.-Organise-Document/File-naming-and-folder-structure|practical guidelines of CESSDA]] can guide you in designing your file naming and folder structure strategy, but at least keep in mind the following points:
 +  * Do not include contact information or other personal data in the naming of your files. 
 +  * Incorporate version numbers in file names. By adding version numbers to your file names, it allows you to easily access and delete different versions of files, over time. 
 +  * It is good practice to create a version control table to keep track of different versions. The version control table can include information on different version numbers, authors, notes, and when the file was last updated. The table can also include a summary of the differences between the current version and previous versions. The version control table can be an independent text file, or it can be included at the top of your document, scripts, or other files. See Table 2 for an example of a version control table. ([[https://zenodo.org/records/15576176|Research Data Management Guidebook for Students, p23, 2025]]) 
 +  * Refer to the DCC website for more information on [[https://www.rug.nl/digital-competence-centre/it-solutions/it-security/backup-versioning|version control]].
 +
 +**Table 2: Example of a version control table **
 +
 +----
 +{{:dcc:pdpsol:dataminimization:version_control.png?direct&600|}}
 +
 +
  
  
Line 32: Line 46:
  
 === Informed consent === === Informed consent ===
-Informed consent can reveal personal information. Minimize the amount of personal data on your consent form and plan to handle consent registration with care. Follow the practical guidelines on the DCC website about [[https://www.rug.nl/digital-competence-centre/privacy-and-data-protection/gdpr-research/informed-consent|informed consent]] to guide you in the process.+Informed consent can reveal personal information about your participants. Minimize the amount of personal data on your consent form and plan to handle consent registration with care. Follow the practical guidelines on the DCC website about [[https://www.rug.nl/digital-competence-centre/privacy-and-data-protection/gdpr-research/informed-consent|informed consent]] to guide you in the process and keep in mind the data minimization tips below:
    
 ++++ Informed consent on paper | ++++ Informed consent on paper |
Line 58: Line 72:
 ===Metadata=== ===Metadata===
 Photo, video or audio files might contain a timestamp, date and depending on the equipment and settings also location. Check whether you can prevent the collection of these data or remove these metadata as soon as possible after collection. [[https://www.comparitech.com/blog/vpn-privacy/exif-metadata-privacy/|Comparitech]] shows an example of EXIF metadata stored with a photo, including the GPS coordinates where the photo was taken and a timestamp of when the photo was taken. These metadata, included in smartphones or digital cameras, can help catalogue photos (e.g. Google Timeline) but can also result in privacy risks in the context of research.  Photo, video or audio files might contain a timestamp, date and depending on the equipment and settings also location. Check whether you can prevent the collection of these data or remove these metadata as soon as possible after collection. [[https://www.comparitech.com/blog/vpn-privacy/exif-metadata-privacy/|Comparitech]] shows an example of EXIF metadata stored with a photo, including the GPS coordinates where the photo was taken and a timestamp of when the photo was taken. These metadata, included in smartphones or digital cameras, can help catalogue photos (e.g. Google Timeline) but can also result in privacy risks in the context of research. 
 +
 +----
  
 ==== Online survey or questionnaire research ==== ==== Online survey or questionnaire research ====
Line 67: Line 83:
  
 === Informed Consent === === Informed Consent ===
-Be aware that consent from your participant can reveal personal information. Plan to handle consent registration with care. Minimize the amount of personal data on your consent form. Follow the practical guidelines on the DCC website about [[https://www.rug.nl/digital-competence-centre/privacy-and-data-protection/gdpr-research/informed-consent|informed consent]] to guide you in the process.+Informed consent can reveal personal information about your participants. Minimize the amount of personal data on your consent form and plan to handle consent registration with care. Follow the practical guidelines on the DCC website about [[https://www.rug.nl/digital-competence-centre/privacy-and-data-protection/gdpr-research/informed-consent|informed consent]] to guide you in the process, and keep in mind the data minimization tips below:
  
 ++++ Informed consent via an online platform | ++++ Informed consent via an online platform |
Line 80: Line 96:
 ===Metadata=== ===Metadata===
 Online (survey) tools sometimes automatically register personal data, such as IP addresses. Check whether it is necessary and possible to turn off automatic data collection in your online data collection tool. Counterintuitively, when using an anonymous link, Qualtrics still automatically registers IP addresses, which can reveal someone’s location and identity. If you are not using these IP addresses for your research, make sure to enable [[https://www.qualtrics.com/support/survey-platform/survey-module/survey-options/survey-protection/#AnonymizingResponses|Anonymize Responses]] in the survey options as well.    Online (survey) tools sometimes automatically register personal data, such as IP addresses. Check whether it is necessary and possible to turn off automatic data collection in your online data collection tool. Counterintuitively, when using an anonymous link, Qualtrics still automatically registers IP addresses, which can reveal someone’s location and identity. If you are not using these IP addresses for your research, make sure to enable [[https://www.qualtrics.com/support/survey-platform/survey-module/survey-options/survey-protection/#AnonymizingResponses|Anonymize Responses]] in the survey options as well.   
 +
 +----
  
 ==== Social media data ==== ==== Social media data ====
Line 86: Line 104:
  
 ===Contact information=== ===Contact information===
-If you are [[https://www.rug.nl/digital-competence-centre/guides-faq/checklist-social-media-data.pdf|scraping or manually collecting data from social media platforms]], you might not directly collect contact information. However, posts are often accompanied by social media ID and post ID. This information is very easy to trace back to an individual. If you do not need this information for current or future research (e.g. connect to other datasets), delete these IDs from your dataset or consider pseudonymization.+If you are [[https://www.rug.nl/digital-competence-centre/guides-faq/checklist-social-media-data.pdf|scraping or manually collecting data from social media platforms]], you might not directly collect contact information. However, posts are often accompanied by social media ID and post ID. This information is easy to trace back to an individual. If you do not need this information for current or future research (e.g. connect to other datasets), delete these IDs from your dataset or consider pseudonymization.
  
 ===Metadata=== ===Metadata===