Collecting and storing vast amounts of consumer data comes with financial, reputational and regulatory risks. Even a minor data breach can be incredibly costly.
In the United States, consumer credit reporting agency Equifax agreed to pay $425 million to consumers affected by a 2017 data breach. Amazon is facing a class action lawsuit for harvesting personal user data without consent. Meanwhile, in the EU, regulators are issuing multi-million dollar fines for violations under the GDPR’s data minimisation principles.
This article explores why data minimisation is vital for businesses, strategies and techniques for minimising data collection, and how Matomo can help.
What is data minimisation?
Data minimisation is the practice of collecting only the data that is truly necessary and ensuring it is securely deleted once it’s no longer needed. It’s a core data privacy and data protection principle that also governs how companies collect and use data.
This doesn’t mean organisations stop collecting data altogether. Companies still gather essential data, including, for example, first-party cookies that improve the customer experience. However, they are highly selective about the data they collect, avoid unnecessary data collection and delete data once it no longer serves a purpose.
To fully appreciate this cultural shift toward the principle of minimisation, it helps to contrast it with its predecessor: the data maximisation mindset.
Aspect | Data minimisation | Data maximisation |
Philosophy | Collect only what’s needed for a clear purpose | Collect everything “just in case” |
Risk | Low exposure and breach risk | High risk of misuse and non-compliance |
Privacy | Respects user privacy | Overlooks privacy concerns |
Storage | Deletes data when no longer needed | Retains data indefinitely |
Legal | Aligns with modern privacy laws | Often conflicts with regulations |
Data minimisation principles are a core part of the EU’s General Data Protection Regulation (GDPR), which states that any personal data collection must be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”.
The concept also appears in other privacy laws and influential guidance or privacy frameworks, such as the Fair Information Practice Principles (FIPPs), applied by the US Department of Homeland Security and other federal agencies, including the Federal Trade Commission (FTC), when evaluating whether a company’s privacy practices are “unfair or deceptive.”
Implementing data minimisation principles helps companies protect their users’ privacy, prevent data misuse, and reduce the risks of data breaches and non-compliance.
What data should businesses collect?
Data minimisation doesn’t mean businesses should avoid collecting data entirely. Companies should still collect customer data when implementing data minimisation practices. However, they should do so thoughtfully using the four principles of adequacy, relevance, limitedness and timeliness.
Let’s explore each principle in more detail:
- Adequate: Not all data collection is bad. Businesses should collect enough data to meet their stated objectives and deliver services to customers.
- Relevant: Only collect data pertinent to business objectives. If you later want to use the data for another purpose, make sure the new use is compatible with the original one or that you have a valid legal basis.
- Limited: Businesses should strip data of identifiable information they don’t need. If companies only need a zip code, for example, they should delete the rest of a user’s address.
- Timely: Review held data regularly and delete it when it no longer serves a purpose. Businesses should even delete backup data at the end of the retention period.
Under Article 6.1 of the GDPR, businesses must establish a lawful basis for processing personal data. The six recognised bases are:
- Consent
- Contractual obligations
- Legal obligations
- Vital interests
- Public interests
- Legitimate interest
The legal bases for processing special categories of personal data are different, and they are set out in Article 9 of the GDPR.
The business case for data minimisation
Data minimisation offers significant benefits to businesses. It can lower the risk of leaks, reduce the costs if leaks occur, build trust with consumers and make data management easier.
Here’s more information on each of these benefits.
Mitigate risk
Data minimisation reduces the risk of a cybersecurity incident by limiting the data available for bad actors to exploit. The less data a company holds, the smaller its attack surface. It also makes companies less tempting targets in the first place.
If the worst occurs, data minimisation makes the fallout less severe. In the event of a breach, strong data minimisation practices mean thieves can only steal a limited amount of data, preferably only anonymised and masked data.
Regulatory fines should also be smaller because they correlate with the size and impact of a breach. Further, companies may only suffer minor reputational damage if they can prove thieves stole only a small amount of data. This is particularly important because almost half of U.S. businesses have suffered significant revenue loss due to a security breach.
Build trust
Consumers care deeply about data privacy, with 70% of them taking steps to protect their identity. Data minimisation shows that you care, too. It’s an excellent way to deliver a more ethical and privacy-focused service and prove that you put customer privacy first.
This increases customer trust, reassures cautious users and helps retain existing customers who are becoming increasingly concerned with privacy.
Reduce costs
Data storage is expensive. A recent survey found that UK companies spend £213,000 to store and manage data. Many respondents said they had to choose data management spending over employee welfare and training.
Data minimisation reduces these operational costs by decreasing the amount of data companies need to store. A small data footprint means lower infrastructure investments and more efficient resource allocation. Data backups are also cheaper to run.
Ensure regulatory compliance
Data minimisation is essential for businesses complying with most privacy laws, including the GDPR. It’s one of the seven principles for personal data and privacy protection laid out in Article 5 of the GDPR, which states:
“Companies must collect only necessary and adequate data, aligned with the stated purpose. “
Companies operating beyond the EU may also need to practice data minimisation to comply with local data privacy laws, including the following:
- California Privacy Rights Act (CPRA)
- Colorado Privacy Act (CPA)
- Florida Digital Bill of Rights (FDBR)
- Utah Consumer Data Privacy Act (UCDPA)
- Connecticut Data Privacy Act (CTDPA)
- Virginia Consumer Data Protection Act (VCDPA)
Even outside of regulated regions, many companies proactively adopt these privacy principles to build trust, ensure scalability and stay ahead of their competitors.
Fines for non-compliance can be significant. Businesses that fail to comply with GDPR can face fines of up to €20 million or 4% of their total global annual turnover, whichever is higher. Meta received the largest GDPR-related fine so far, €1.2 billion, issued by the Irish Data Protection Commission in May 2023.
Minimise noise
Collecting as much data as possible isn’t helpful. In addition to raising storage costs, this increases noise and makes it harder for analysts to use the data.
As Timo Dechau explains in his recent webinar on running lean analytics in a privacy-first environment:
“Digital marketers, analysts, and business leaders now try to navigate vast amounts of information that create more confusion than insight, especially when the data is incomplete due to privacy regulations.”
Lean data means fewer variables to process. With Matomo’s Custom Reports, analysts can get the information they need more efficiently, speeding up decision-making and reducing time spent cleaning or interpreting irrelevant data.
Four data minimisation techniques
Businesses can implement several techniques to anonymise data, reduce the amount they hold and shorten data retention times.
1. Understand what data to collect and set up data collection policies
The first step is to understand what data is adequate, relevant, and limited to what is reasonably necessary for the purpose. This should be documented in a data collection policy.
The policy explains how your organisation handles personal data. It’s a framework marketers and other teams can reference when building landing pages, forms, and campaigns. It also clarifies for customers who are wary about how organisations use their data.
Your policy should include:
- Data collected
- Collection methods
- Processing activities
- Purpose of collection
- How data is used
- Who has access
- How it’s stored
- How it’s shared
Don’t just write the policy, though. Spend time training employees on your policy and the importance of handling personal data with care.
2. Pseudonymise or Anonymise data
Companies can protect personal data by removing identifiers. Anonymisation transforms data so that it can no longer be linked to an individual at all (and therefore falls outside GDPR). Pseudonymisation, on the other hand, replaces identifiers with artificial values but can still be re-identified if additional information is available — so it remains personal data under GDPR.
Common techniques include:
- Data masking: replacing sensitive data with altered or fictional values so the original information is hidden, but the dataset remains usable
- Data substitutions: replacing original characters with alternatives using pre-established rules.
- Data shuffling: rearranging data in a dataset.
- Tokenisation: replacing identifiable data with randomly generated tokens.
- Pseudonymisation: replacing identifiable data with pseudonyms or fake data.
For example, merchants rarely store full credit card numbers; they use tokenisation to mask sensitive details.
3. Limit data access
While deidentified data allows companies to share data freely across their organisations, businesses should limit data access as much as possible.
One of the best ways to do this is through role-based access control (RBAC). This security method restricts system access to authorised users based on their job role and seniority. In other words, only people who need the data for their jobs can access it.
4. Create data retention policies
A data retention policy defines how long companies keep data and how they delete it when it is no longer required. It also outlines data storage and access methods.
Data retention policies are essential for companies to comply with data protection laws like GDPR. They also offer guidance and reassurance to employees. Deleting corporate data is a big decision, and employees will feel more inclined to follow through if a policy supports their actions.
How Matomo can minimise your data
The web and app analytics data you collect is a great place to start minimising data collection. While some of this data is essential for attributing sales and improving the customer experience, many businesses tend to collect far more than they need to, especially if they use Google Analytics.
Matomo—the world’s leading privacy-friendly web analytics solution— includes a range of built-in features designed to help you minimise data collection while delivering incredible analytics.
1. Automatically Mask or Anonymise data
Matomo lets marketers implement data masking or anonymisation techniques so the data they collect cannot be linked to individual users.
IP address: The first method is to mask or anonymise a visitor’s IP address and geo-location information in your privacy configuration settings. By default, IP masking is enabled in Matomo. You can choose to mask varying amounts of the IP address.
An optional setting allows you to select whether to use the full IP address to find the user’s location and immediately mask the IP before storing it or the hashed address for the geolocation lookup.
Anonymise referrer information: To enhance privacy and comply with data protection laws, Matomo allows users to anonymise referrer information, which can sometimes contain personal data like user IDs. You can choose from several levels of anonymisation, including removing query parameters, keeping only the domain, or fully stripping the referrer URL while still identifying its source type.
No default UserID tracking: To protect your visitors’ or users’ privacy, Matomo does not track UserID by default. While Matomo automatically tracks various data, such as IP address, page views, and browser details, UserID tracking is optional and must be explicitly configured.
Anonymise previously tracked data: Matomo also lets you anonymise data you’ve already collected. In the Anonymise data section of your Privacy settings, configure a one-off data anonymisation process to run on data you have tracked in the past. You can anonymise:
- Visitor IP
- Location
- User ID
- Visit columns
- Action columns
2. Let visitors opt out of tracking
The most effective way to minimise data is not to collect it in the first place.
In regulated jurisdictions, such as those governed by the EU ePrivacy Directive and the GDPR, prior consent is mandatory before tracking begins. Unless they are required to provide a service requested by the user, analytics cookies always require active opt-in consent.
Opt-out mechanisms are only appropriate in specific non-EU contexts or narrowly defined legitimate interest use cases where consent isn’t legally required
Matomo supports jurisdiction-specific tracking and opt-out forms (where consent is not required):
Matomo supports jurisdiction-specific tracking and opt-out forms (where consent is not required):
- Consent-first tracking
If you need to obtain user consent before tracking their data, you can integrate Matomo with your Consent Management Platform (CMP) to capture and respect user preferences in accordance with local laws. - Opt-out form (where consent is not required)
In regions without mandatory consent, you can embed Matomo’s opt-out form to allow visitors to exclude themselves from tracking.- Paste the form’s HTML directly into your website’s code; or
- Use Matomo for WordPress to automatically match your consent form’s design to your page.
This flexibility ensures that you can configure tracking to meet your legal obligations and your visitors’ privacy expectations.
Opt-out form in Matomo
Related FAQ
- Do I need consent to use web analytics on my website?
- How do I ask for user consent before tracking visitors or measuring user analytics?
- Can I track a visitor without cookies when they have not given consent for tracking cookies?
- How do I let visitors opt-out of tracking?
3. Shorten cookie lengths and delete old data
The cookies Matomo creates have a pre-specified expiry time. But Matomo lets you shorten cookie lengths to minimise data and free up database space.
Matomo allows you to configure data retention for both raw data and reports. You can program Matomo to delete historical logs automatically. You can do this in the Anonymise Data section of the Privacy settings, configuring Matomo to disable the visits log or delete logs older than a set number of days. You can also set up purging to happen automatically every day, week or month.
4. Use cookieless tracking
To minimise the analytics data you store about users, consider using cookieless tracking.
Cookieless tracking is an alternative form of tracking in which Matomo uses the visitor config_id (a randomly seeded, privacy-enabled, time-limited hash of a limited set of the visitor’s settings and attributes) to track users.
In some jurisdictions, cookieless tracking, if combined with collecting no personal data or unique identifiers, may remove tracking consent requirements. But in countries with stricter ePrivacy laws, cookieless tracking will still require prior consent.
5. Use consent-exempt configurations of Matomo
Some EU countries (France, Italy, the Netherlands, Spain, and most recently the UK) provide express consent exemptions for privacy-preserving aggregated analytics that minimise the range of data processed. Matomo is highly configurable and can be set up to comply with applicable consent-exempt conditions (see CNIL consent-exemption).
Protect your users’ privacy with Matomo
Data minimisation protects your businesses, reduces costs and helps you comply with data protection regulations. It’s non-negotiable if you care about using and storing data ethically.
Rather than just another compliance requirement, many forward-thinking companies are treating ethical analytics and data minimisation as strategic brand differentiators. By putting privacy first, brands can build trust, grow customer loyalty and gain a competitive edge.
To take the first step on your data minimisation journey, consider switching to Matomo. With Matomo, you get:
- Complete control over your data
- Built-in data minimisation methods
- A straightforward, easy-to-use analytics interface
- A built-in GDPR manager
- Compliance support for other strict privacy regulations
See why more than one million websites trust Matomo to ethically track and improve website performance. Start your 21-day free trial today — no credit card required.