Abstract
Despite being the most comprehensive data protection law in the world, Europe's General Data Protection Regulation (GDPR) has failed to ensure that data is processed in an ethical and sustainable manner. This is because the law does not regulate what is good and even lawful activities may lead to harms. At the same time, data ethics requires clear guidelines that can be adopted by organizations. To address this, the authors propose situating data protection within the Corporate Social Responsibility (CSR) and Environmental, Social, and Governance (ESG) paradigm. This incentivizes the adoption of ethical practices thanks to the potential for organizations to improve their ESG rantings. To this end, the Maastricht University Data Protection as a Corporate Social Responsibility Framework is provided as a solution. The Framework provides actionable and auditable controls with the ultimate aim of promoting responsible data practices that benefit not only businesses, but also individuals and society.Novelty and contribution to knowledge: This paper builds upon the work illustrated in Data Protection as a Corporate Social Responsibility (Edward Elgar, 2023) to provide an overview of the need for taking an ethical approach to data protection and cybersecurity compliance. It provides new insights into the relationship between ethics and data protection law and makes new connections between ESG and data protection. Essentially, it delves deeper into the potential for framing data protection under ESG to act as an incentive for virtuous data protection compliance to be achieved by companies.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call