CONCEPT Cited by 1 source

Data minimization

Definition

Data minimization is the discipline of transmitting, processing, and storing only the data actually needed for the immediate task — no surrounding context, no "just in case" history, no entire dataset when a subset will do. It is a first-class privacy principle in the GDPR (Article 5(1)(c): "adequate, relevant and limited to what is necessary") and a core design posture for privacy-preserving systems.

Operationalised at the request API in private AI inference

The 2025-04-30 Meta WhatsApp Private Processing post names data minimisation as an explicit design axis:

"As part of our data minimization efforts, requests to Private Processing only include data that is useful for processing the prompt — for example, message summarization will only include the messages the user directed AI to summarize."

In practice: if the user asks to summarise a specific set of unread messages, the client encrypts and sends only those messages to the TEE — not the full thread, not the conversation history, not sibling chats. The inference workload can only ever leak what was sent in; sending less means the blast radius of any bug, side-channel, or future compromise is smaller by construction.

Why minimisation compounds with TEE + stateless processing

Private Processing's guarantees layer together:

1. TEE — the server cannot see into memory.
2. Stateless processing — no durable copy is kept.
3. Forward security — ephemeral keys protect even captured ciphertext.
4. Data minimisation — there is less content to begin with.

Layer 4 is the simplest and most robust of the four — any bug or side-channel anywhere in 1–3 still can't exfiltrate what was never sent. Data minimisation is the precondition that makes the other layers' guarantees smaller.

Distinguishing from purpose limitation

• Data minimisation — send / store / process less data.
• Purpose limitation — use data only for declared purposes, tracked + enforced (e.g. Meta's Policy Zones).

The two compose: minimisation reduces the quantity; purpose-limitation constrains how the remainder flows. Private Processing's AI-summarisation request is minimised (only the messages to summarise) AND purpose-limited (only for the user-directed summarisation request).

Seen in

• sources/2025-04-30-meta-building-private-processing-for-ai-tools-on-whatsapp — data minimisation named as an explicit design axis for AI inference requests: the summarisation call carries only the messages to summarise. Canonical wiki instance of data-minimisation at the request-API layer of a private AI inference service.

Related

• concepts/purpose-limitation — the declared-use sibling.
• concepts/stateless-processing — retention-side companion.
• concepts/end-to-end-encryption — preserves content invariants; minimisation limits content quantity.
• concepts/confidential-computing — data minimisation tightens the guarantee a confidential-computing stack provides.
• systems/whatsapp-private-processing — canonical wiki deployment.