Evergreen notes and applied theory

Small Data Ethics

For the professional who has to explain a wrong outcome to a real person

By Laini Byfield

GDPR data minimisation

A practical standard for small data: do not collect, retain, or expose more than is necessary for the purpose.

AdequateRelevantLimited

What minimisation means in small data

Data minimisation is a principle: personal data should be adequate, relevant, and limited to what is necessary for the stated purpose.

Operational implications

Fields

Resist "just in case" columns. Every extra field increases identifiability and misuse potential.

Retention

Keep data only as long as needed for payouts, audits, and appeals — then reduce or delete.

Access

Small data requires tighter role-based access. Fewer people should see raw records.

Reference: UK ICO guidance on data minimisation (UK GDPR).

How it fits Small Data Ethics

Minimisation is necessary but not sufficient. Small Data Ethics adds:

  • Contestability: a path to challenge decisions
  • Traceability: what file, load date, and rule created the outcome
  • Repair: correction and reprocessing when errors occur

Read: Small Data Ethics is not Small Data Privacy →