Glossary
Data Creep

Data Creep

February 24, 2026
4 min read
Explore data creep in AI, how unintended data collection impacts privacy, and why ethical data practices are crucial for responsible AI development.

Definition

The case where AI models seek to incorporate more data and/or different data sources to improve the model's predictive power.

What is data creep?

Data creep occurs when organisations continuously collect and store data about users across multiple interactions and contexts such as...

  • Websites visited
  • Online purchases and searches
  • Social media activity
  • Location data from smartphones
  • Travel bookings and transport usage

Individually, these data points may appear harmless. Combined over time, they form a detailed profile similar in depth to a medical record or credit report.

How data creep works in practice

Most users expect a degree of personalisation online, such as targeted adverts based on recent searches. Data creep goes far beyond this. Once a long term behavioural record exists, organisations can:

  • Infer demographic traits from browsing and shopping habits
  • Predict life events or intentions based on location and behaviour
  • Adjust advertising, pricing, or content delivery accordingly

For example, proximity data showing a person visiting a jewellery shop may be combined with inferred income, age, and relationship status to predict interest in an engagement ring. When related adverts appear later, the experience can feel intrusive or unsettling.

Data creep and function creep

Data creep is closely related to function creep.

Data creep describes the accumulation of data over time.

Function creep occurs when that data is later used for purposes beyond its original intent.

Information collected for navigation, analytics, or convenience may later be repurposed for advertising, profiling, or behavioural prediction without explicit user approval.

Why data creep is a problem

While data driven personalisation can offer convenience, data creep introduces significant risks.

Loss of privacy
Comprehensive profiling often occurs without meaningful consent or transparency.

Security risks
Large data stores increase exposure to breaches, leaks, and misuse of sensitive information.

Surveillance concerns
The accumulation of behavioural data enables continuous monitoring of online activity by companies, governments, or third parties.

Behavioural influence and control
Detailed profiles can be used to manipulate choices, shape opinions, or restrict access to information and services.

Data creep and surveillance risks

Data creep highlights broader concerns about digital surveillance. When organisations can track what people read, where they go, what they buy, and who they interact with, the potential for misuse grows. Commercial surveillance can blend into political or social surveillance, especially when data is shared, sold, or accessed by public authorities.

In some jurisdictions, governments already collect large volumes of citizen data, including data about individuals not suspected of wrongdoing. Without safeguards, data creep can normalise pervasive monitoring and erode personal autonomy.

Why data creep often goes unnoticed

Unlike obvious privacy violations, data creep is gradual.

  • Targeted adverts are common and easily ignored
  • Data collection happens in the background
  • Individual data points rarely feel invasive on their own

This slow accumulation makes data creep harder to detect and challenge, even as personal profiles become more comprehensive and persistent.

Addressing data creep

Reducing the risks associated with data creep requires action at multiple levels.

Stronger data protection regulation
Clear limits on data collection, retention, and reuse help prevent excessive profiling.

Transparency and consent
Organisations should clearly communicate what data is collected, how long it is stored, and how it is used.

Data minimisation
Collecting only what is necessary reduces exposure and misuse risk.

Privacy enhancing technologies
Tools such as encryption, anonymisation, and privacy preserving analytics can limit harmful accumulation.

P

ublic awareness and digital literacy
Educated users are better equipped to make informed choices and demand accountability.

Key takeaways

  • Data creep is the gradual accumulation of personal data over time
  • Individual data points combine to form detailed behavioural profiles
  • Data creep enables function creep and intrusive inference
  • Risks include privacy loss, data breaches, and surveillance
  • Gradual accumulation makes data creep difficult to notice
  • Regulation, transparency, and data minimisation help reduce harm

Related Terms

No items found.

Get AI-compliant today!

Begin your journey towards AI excellence with oxethica. Start your free trial today and experience the future of responsible AI.

Start using oxethica