A principle from GDPR Article 5. Data minimization means that processing of personal data shall be adequate, relevant, and limited to what is necessary in relation to the purpose of the processing.