Data minimisation is a privacy-enhancing principle considered as one of the pillars of personal data regulations. This principle dictates that personal data collected should be no more than necessary for the specific purpose consented by the user. In this talk I will consider data minimisation from a programming language perspective. We view a data minimiser as a pre-processor for the input which reduces the amount of information available to the program without compromising its functionality. We will discuss the foundations of this idea and how one might synthesise a correct data minimiser for a given program.
Prof. David Sands (Chalmers University, Gothenburg) is one of the founders of the research area of language-based security that uses methods from programming language research in IT security.