Data Minimization

Data minimization is one of the data protection principles that form the basis of the GDPR. It states that the processing of personal data should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” (GDPR art. 5 (1c)). Data minimization does not mean that you cannot collect personal data at all. If you can explain why you need these data for the current or specific future purposes you are allowed to collect these data.

When designing your research, it is important to consider the personal data required to answer your research questions, as well as the level of detail needed and any data that may be collected automatically due to your chosen method. The data minimization practices introduced below will help you to implement data minimization in your own research.

In all types of research, it is important to consider the level of detail of the variables you selected.

Collecting demographics about your research participants is important in order to investigate whether certain groups are represented in your sample or behave differently, and to correct for bias. However, to investigate this, it is not necessary to collect highly detailed data. This means that you could collect age (or age group) instead of birth date, and categorize education in groups. Make sure that you use categories that are compatible with the sources that you would like to compare them with. Statistics Netherlands published several classifications variables, such as education and occupation.

This concept is also relevant if you use certain variables as an independent variable in your research. When you want to collect location data, it is often unnecessary to know someone’s exact address or neighborhood in order to answer a research question. For example, if the goal is to compare happiness within different regions in a country, broader categories such as rural versus urban areas may be sufficient. However, in some situations, it might be necessary to collect more detailed or high granular data. For example, if the research is about neighborhood connections, detailed location data would be necessary.

Although it is important to consider what personal data you need for your research, it is also important to be mindful of the effort and strain participation may place on data subjects. This means you should limit the collection of personal data to what you need for your research. However, you should also respect participants’ time and effort, and avoid designing studies that require participants to take part multiple times due to narrowly defined research questions. This is particularly important when working with vulnerable or hard-to-reach groups. In such cases, it is advisable to design studies that can address several relevant questions at once, thereby maximizing the value of participants’ contributions while minimizing their strain.

Some data can reveal more information about an individual than others. Only use an extensive or detailed data collection method, if you also use this type of data to answer your research question.

• Video: Observational research, facial expressions, movement patterns
• Audio: Focus groups, open interviews, speech analysis
• Text: Structured interviews

Contact information Be aware that through online calendar invitations or online interviews personal data about data subjects might be visible to others. Enhance the security of your (online) interviews by setting appointments in ‘private’ mode, and share video call-links by email.

Metadata Photo, video or audio files might contain a timestamp, date and depending on the equipment and settings also location. Check whether you can prevent the collection of these data or remove these metadata as soon as possible after collection. Comparitech shows an example of EXIF metadata stored with a photo, including the GPS coordinates where the photo was taken and a timestamp of when the photo was taken. These metadata, included in smartphones or digital cameras, can help catalogue photos (e.g. Google Timeline) but can also result in privacy risks in the context of research.

Type of data Participants often share more information than necessary when asked open-ended questions. If possible, provide predefined options instead. For example, asking “Where are you from?” may result in participants revealing their home address or city when only their country of residence is required. Providing examples or limiting responses to a question reduces the amount of personal data collected.

Contact information Do not collect contact information if you do not plan to contact your participants after you collected the data (e.g. in case of recruitment via social media, posters or third parties). The UG approved survey tool Qualtrics provides the option to use an anonymous link to prevent the collection of name and e-mail address of your participants.

Metadata Online (survey) tools sometimes automatically register personal data, such as IP addresses. Check whether it is necessary and possible to turn off automatic data collection in your online data collection tool. Counterintuitively, when using an anonymous link, Qualtrics still automatically registers IP addresses, which can reveal someone’s location and identity. If you are not using these IP addresses for your research, make sure to enable Anonymize Responses in the survey options as well.

Type of data

Contact information If you are scraping or manually collecting data from social media platforms, you might not directly collect contact information. However, posts are often accompanied by social media ID and post ID. This information is very easy to trace back to an individual. If you do not need this information for current or future research (e.g. connect to other datasets), delete these IDs from your dataset or consider pseudonymization.

Metadata Photo, video or audio files might contain a timestamp, date and depending on the equipment and settings also location. Check whether you can prevent the collection of these data or remove these metadata as soon as possible after collection. Comparitech shows an example of EXIF metadata stored with a photo, including the GPS coordinates where the photo was taken and a timestamp of when the photo was taken. These metadata, included in smartphones or digital cameras, can help catalogue photos (e.g. google timeline) but can also result in privacy risks in the context of research.

→ Go back to the Privacy & Data protection home page