The principle of data minimization aims to reduce the amount of data collected, processed or retained to minimize the potential for misuse, unauthorized access, or data breaches. Rooted in privacy-by-design principles, data minimization has been endorsed by various global data protection regulations. However, its practical implementation remains a challenge due to the lack of a rigorous formulation. This paper addresses this gap and introduces an optimization framework for data minimization based on its legal definitions. It then adapts several optimization algorithms to perform data minimization and conducts a comprehensive evaluation in terms of their compliance with minimization objectives as well as their impact on user privacy. Our analysis underscores the mismatch between the privacy expectations of data minimization and the actual privacy benefits, emphasizing the need for approaches that account for multiple facets of real-world privacy risks.

翻译：数据最小化原则旨在减少收集、处理或保留的数据量，以降低数据滥用、未经授权访问或数据泄露的可能性。该原则植根于隐私设计理念，已得到全球多项数据保护法规的认可。然而，由于缺乏严谨的数学表述，其实际应用仍面临挑战。本文针对这一空白，基于数据最小化的法律定义提出了一个优化框架，并适配了多种优化算法以实现数据最小化。研究通过系统评估，检验了这些算法在满足最小化目标方面的合规性及其对用户隐私的实际影响。我们的分析揭示了数据最小化的隐私预期与实际隐私收益之间的错配，强调需要开发能够兼顾现实世界隐私风险多维度特性的方法。