Search term

Search term

New ground-breaking framework for building a sustainable data-driven economy

Data Protection as a Corporate Social Responsibility

Today researchers at Maastricht University’s European Centre on Privacy and Cybersecurity (ECPC) have published the first-ever complete CSR framework for data protection aimed at improving privacy and security for a sustainable digital future - the Maastricht University Data Protection as a Corporate Social Responsibility Framework (UM-DPCSR Framework). Businesses and other organisations are invited to adhere to the Framework to strengthen their commitment to data protection and responsible processing activities.

The UM-DPCSR Project translates theoretical ethical principles into tangible and practical guidelines for companies and organisations processing personal data. By following the five principles and 25 rules constituting the Framework, organisations can improve transparency and accountability and engage in fair and secure data processing activities. In this way, organisations can positively contribute to the greater good of a sustainable data-driven economy and a democratic digital society.

Nearly four years after Europe’s General Data Protection Regulation entered into force, it is clear that the Regulation and mere legal compliance cannot sufficiently protect fundamental rights and freedoms and adequately mitigate the risks presented by new technologies and the current economic models that tend to degrade democratic systems in the exploitation of data. The UM-DPCSR Framework precisely aims to fill this gap.

“The UM-DPCSR Framework defines rules to help organisations go beyond compliance requirements, effectively protecting individuals while responsibly furthering their targets. The ultimate objective of the research project has been to cultivate a better data-centric future for all,” commented Prof. Dr. Paolo Balboni, who first proposed the concept on his personal blog in 2017 and presented it during his inaugural lecture at Maastricht University in 2019.

In January 2020, a two-year multistakeholder research project on Data Protection as a Corporate Social Responsibility was launched under Dr. Balboni’s direction at ECPC within the Maastricht University Faculty of Law. Since then, Mrs. Kate Francis (PhD candidate) and Dr. Balboni have worked together to concretize the concept and create the Framework.

The document published today illustrates the key findings of the research. From 1 April 2022, ECPC will start accepting submissions from organisations that would like to adhere to the Framework.

 More information is available on the ECPC website.

The project is entitled “Data Protection as a Corporate Social Responsibility is the New Competitive Edge: Developing a New Dimension of Data Protection as a Corporate Social Responsibility”.

Meetings were held on a regular basis with a group of Data Protection Stakeholders, Intergovernmental Stakeholders, and Business Stakeholders in which open discussions took place to both debate and validate the established rules. This dialogue with European authorities, bodies, and industry is considered to have increased the completeness, robustness, and feasibility of the Framework from the ethical, legislative, and business points of view. Business Stakeholders, while contributing their perspectives on the UM-DPCSR Rules, were prohibited from imposing their views on the outcome of the research.

Also read

More news