Data minimization for GDPR compliance in machine learning models

The EU General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) mandate principle of data minimization, which requires that only necessary to fulfill a certain purpose be collected. However, it can often difficult determine minimal amount required, especially in complex machine learning models such as deep neural networks. We present first-of-a-kind method reduce personal needed perform predictions with model, by removing or generalizing some input features runtime data. Our makes use knowledge encoded within model produce generalization has little no impact on its accuracy, based distillation approaches. show that, cases, less may collected while preserving exact same level accuracy before, if small deviation is allowed, even more generalizations performed. also demonstrate when collecting dynamically, further improved. This enables organizations truly minimize collected, thus fulfilling minimization requirement set out regulations.