Collection Limitation

A core privacy principle requiring that personal data collection be limited to what is necessary, relevant, and proportionate for specified purposes. This principle means you should collect only the minimum data needed to accomplish your stated purposes—no more. Collection limitation prevents the common practice of gathering all possible data 'just in case' it might be useful later. The principle requires identifying specific purposes before collection, determining what data is genuinely necessary for those purposes, and refraining from collecting additional data. For example, if you need to ship products, you need shipping addresses but probably not dates of birth. Collection limitation works hand-in-hand with data minimization and purpose limitation. It applies both at initial collection and when considering adding new data fields. Organizations should regularly review data collection practices, eliminate unnecessary fields, and justify each piece of information collected.