Data avoidance and data minimization is a concept in the field of data protection. The basic idea is that only as much personal data is collected during data processing as is absolutely necessary for the respective application. The concept of data avoidance and data minimization is closely related to the traditional data protection principle that only those personal data may be processed that are necessary for the performance of the respective task (necessity). However, it is also an aspect of system data protection, i.e. the integration of data protection requirements into IT systems, today often referred to as privacy by design. Data protection should not only be standardised by legal regulations, but also implemented through the design of the IT.
Data protection is a term that emerged in the second half of the 20th century, which is sometimes defined and interpreted differently. Depending on how you look at it, data protection is understood as protection against abusive data processing, protection of the right to informational self-determination, protection of personal rights in data processing and also protection of privacy. Data protection is usually understood – as the right that every person is allowed to decide for themselves who should have access to which of “their” personal data and when. The essence of such data protection law is that the inequality of power between organizations and individuals can be subject to conditions. Data protection is intended to counteract the trend towards so-called transparent people, the escalation of state surveillance measures (surveillance state) and data monopolies of private companies in the multifaceted digital and networked information society.
At the same time, data minimization also refers to a reluctance on the part of the consumer, as demanded by data protection advocates, to disclose personal data outside of the information necessary for a business relationship, especially on the Internet and in competitions.
A concrete implementation of the principle of data minimization and data avoidance is, for example, the right to informational self-determination.
Many data protection advocates and data protection officers categorically require an opt-in for personal data and for data that can be linked to personal data. However, many applications do not even allow an opt-out or do not even tell users what data is being processed or transmitted to computer networks. The privacy policies of the providers also often do not explain what data is processed and where it is transferred, to which bodies the data is passed on, whether and for how long it is stored or whether there is a right to be forgotten.