Towards a Formal Approach for Data Minimization in Programs (Short Paper)

As more and more processes are digitized, the protection of personal data becomes increasingly important for individuals, agencies, companies, and society in general. One principle of data protection is data minimization, which limits the processing and storage of personal data to the minimum necessary for the defined purpose. To adhere to this principle, an analysis of what data are needed by a piece of software is required. In this paper, we present an idea for a program analysis which connects data minimization with secure information flow to assess which personal data are required by a program: A program is decomposed into two programs. The first projects the original input, keeping only the minimal amount of required data. The second computes the original output from the projected input. Thus, we achieve a program variant which is compliant with data minimization. We define the approach, show how it can be used for different scenarios, and give examples for how to compute such a decomposition.