- Collecting all available user data to improve model performance.
- Implementing data minimization and purpose limitation.
- Storing user interaction data indefinitely for future analysis.
- Sharing user data across applications without specific consent.
Implementing data minimization and purpose limitation means collecting only the data strictly necessary for a stated purpose and not using it beyond that purpose without additional consent. This approach balances utility with privacy and aligns with ethical and legal data-protection frameworks.

- Data minimization: Collect only the data required to deliver the requested functionality (for example, short-lived session context needed to fulfill a prompt). Avoid broad, unrelated telemetry or personal data collection.
- Purpose limitation: Define and document the explicit purposes for data collection up front. Do not repurpose data for analytics, training, or third-party sharing without clear, informed consent.
- Privacy-preserving controls: Use technical controls such as role-based access control, end-to-end encryption (in transit and at rest), aggregation, anonymization/pseudonymization, and techniques like differential privacy when aggregating usage data for analytics or model improvement.
- Retention and disposal: Implement and enforce retention schedules so personal or sensitive data is deleted or irreversibly anonymized once it is no longer needed.
- Transparency and user rights: Provide clear privacy notices, enable users to access, correct, or delete their data, and require explicit consent for new processing activities beyond the original scope.
Why the other options are harmful
- Collecting everything: Indiscriminate collection increases exposure to breaches and regulatory penalties while offering diminishing returns on model performance.
- Storing indefinitely: Long retention periods multiply breach impact and often violate data-protection principles like storage limitation.
- Sharing without consent: Unconsented sharing undermines user trust and usually contravenes legal frameworks such as GDPR, CCPA, and other privacy laws.
- Adopt a privacy-by-design posture: bake minimization, purpose limitation, and retention policies into system design and development workflows.
- Use technical and organizational safeguards together: encryption, access controls, logging, and regular audits.
- Document policies and obtain explicit consent for secondary uses or model training that rely on user data.
- Monitor legal and ethical guidance: stay aligned with frameworks such as GDPR, ISO 27001, and NIST privacy recommendations.