Privacy by default is the GDPR principle that allows the data controller to process by default only personal information that is strictly necessary for the specific purpose, also when product or service is released to the end-user the strictest privacy settings should be applied by default.
If the end-user needs to provide personal information to enable the use of the service or the product, it should be set to only necessary information and kept strictly for the defined time period.