How data minimization, data quality, and storage limitation can help in the fight against climate change

Over the last 20 years, access to cheap computational capacity has increasingly led to the harvesting of more and more personal data, without having to worry too much about costs related to data storage and processing activities.

For this very reason (and all too often), data sets are offhandedly replicated, databases are left unmanaged, and the same data is re-collected multiple times. Such practices create potential data protection compliance problems (for example, with respect to the principles of data minimization, accuracy, and storage limitation) and cybersecurity risks (by increasing the attack perimeter and decreasing security in unmanaged applications). But that’s not the end of the story! In fact, it must be understood that such practices also contribute to the climate crisis.  

Socially responsible behavior within the ESG domain entails that companies should reduce energy consumption, and therefore CO2 emissions along the value chain. 

With this in mind, companies should:
1) Pay careful attention and only collect and, more generally, process, the minimum amount of data required to pursue business goals – data minimization; 

2) Make sure that data are kept up to date and old/inaccurate data are properly deleted – data quality / accuracy; 

3) Enforce appropriate and effective data retention rules across all systems, so to regularly delete data that are not necessary anymore – storage limitation; 

4) Improve their data-driven businesses (by creating lean, performing, and high-quality datasets). 

An approach that takes the above into consideration will both help to potentially mitigate cybersecurity risks and actively contribute to reducing energy consumption and carbon emissions along the value chain, taking an active and socially responsible role in the fight against major concerns of our era: climate change and global warming.

  Find more blogs on Law Blogs Maastricht

P. Balboni

Paolo Balboni is Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. He graduated with a degree in Law from the University of Bologna (Italy) in 2001 and completed his Ph.D. in Comparative Technology Law at Tilburg University (The Netherlands) in 2008.

Also read