[senko]

This is the way.

Or at least it should be, if companies were putting users first (a naive thought, I know).

I have a small mobile app for recording expenses (receipts). The usual strategy would be for users to create accounts and store and sync data with my service. Potentially useful data (behavior, spending), which I don't want to touch with 10ft pole.

Instead, I keep all the data local (user's device). No registration at all. Nothing to store on the server.

Slightly more inconvenient for the users (to move to a new device, you need to export and import the local db), but cheaper and zero-stress for me.

[brookst]

I work at a Fortune 10 and we routinely avoid collecting PII when there’s no reason to do so. Not out of any noble championship of privacy, just because 1) legal wants less liability, and 2) subpoenas are a PITA for everyone.

[senko]

That's nice, but "no reason" is often a high bar.

There's often a good reason to keep the data (marketing, product, etc), which when weighted against the potential liability, usually wins.

[brookst]

"often" and "usually" are doing a lot of work there.

In my experience, in my role, we often forego collection of this data because there usually isn't an obvious upside that makes it worth it. If nothing else it's a ton more privacy and security reviews.

[RajT88]

Ditto.

[IgorPartola]

What I really would love is a universal sync service that most apps would be built upon. There are apps I have used that basically say “we don’t provide storage service, but you can use your Dropbox, Google Drive, rsync service, etc.” This is really cool because while I love having my files locally I also then am entirely in charge of syncing and backing up stuff.