Should personal data protection be considered a CSR criterion in its own right?

Franck Di Liberto
|
August 28, 2024

In the context of CSR, companies are responsible for the quality of their relations with their stakeholders. As such, should the protection of personal data be considered a CSR criterion in its own right?

Information and communication technologies have drastically changed the way data is collected, processed, stored and transmitted, and in particular the way information systems operate within organizations. These innovations in turn lead to profound changes in work processes, understanding of the environment, and relationships of influence between players.

The RGPD and CSR (Corporate Social Responsibility) have obvious convergences. The integration by companies of environmental, social and ethical issues into their economic activities plays a growing role in the ethical perception of a company by its ecosystem (customers, suppliers, partners, candidates, employees...).

Ethics fully integrates the development of Big Data, cloud computing, social networks and connected objects, and questions the value of personal data and how companies and individuals control its storage and distribution.

Reix and Rowe (2002) frame the vision of the Information System: "an IS is a system of social actors that memorizes and transforms representations via information technologies and operating modes". This definition highlights three main characteristics of an IS: its focus on the production and dissemination of information, its use of technology, and its social and technical nature.

In 2011, the European Commission redefined CSR by laying down 2 prerequisites:

1. Compliance with current legislation and collective bargaining agreements between social partners

2. Engaging with stakeholders in a process designed to integrate social, environmental, ethical, human rights and consumer concerns into the company's business activities.

By this definition, CSR encompasses the RGPD in two ways with: both compliance with the law, but also taking into account consumer concerns about data protection.

Data protection is therefore the responsibility of all company stakeholders.

With the development of an "information society", in which information-intensive assets play a major role, ethical reflection has shifted from the tool (machine, network) to the information itself. Information ethics embraces the processing of data and information, and their life cycle. More specifically, information ethics deals with issues relating to the confidentiality of information (or data), its reliability, quality and use.

Questions relating to data collection, storage, analysis and use are all part of CIKISI's ethical mission.

Good governance of data and information management must be at the heart of all corporate projects.