Launching the Data Protection as a Corporate Social Responsibility research project at ECPC

There’s no better day than today, European Data Protection Day, to announce the 6 February kickoff meeting of the Data Protection as a Corporate Social Responsibility Research Project that I am leading at the European Centre on Privacy & Cybersecurity (ECPC) at Maastricht University. 

In our data-centric global economy businesses need to consider privacy and data protection as assets rather than simply compliance obligations. It has already been demonstrated that a strategic and accurate approach to data protection can generate a significant return on investment (ROI).

Our objective at the ECPC is to trigger virtuous data protection competition between companies by creating an environment that identifies and promotes data protection as an asset which can be used to help companies to responsibly further their economic targets. This can be accomplished through the development of a new dimension of data protection that goes beyond legal compliance, transforming data protection into a new form of Corporate Social Responsibility (Data Protection as a Corporate Social Responsibility). 

The need for an  effective and fair form of compliance which goes beyond what is strictly prescribed by the General Data Protection Regulation and other relevant legislations has already been confirmed by the European Data Protection Supervisor, the European Commission and the Council of Europe, but no practical and actionable guidance has been developed with respect to this as of today. The concept of Ethics in Data Protection is currently theoretical, still largely unclear, and very related to the geographic area where it is applied. Now is the time to go one step further and translate this theoretical notion into universal principles through the creation of concrete guidelines that can be followed by companies in order to carry out responsible data processing activities.

At ECPC we are working to develop concrete, measurable and translatable guidance for organisations in order to answer the following questions:

  • What are the fundamental requirements of socially responsible data processing activities?
  • How can companies reconstruct Data Protection into an effective CSR framework?
  • What are the benefits for companies that embrace data protection as a CSR?

This Research Project is the natural continuation of what I anticipated in my inaugural lecture: “Personal Data Protection as a New Competitive Edge: Generating Socially Responsible Corporate Behaviour” which you can see here

If you are interested in participating in or knowing more about this research project, please contact me at paolo.balboni[at] 

Comments are closed.