Yesterday, 6 February 2020, the Data Protection as a Corporate Social Responsibility project kick-off meeting was held within the European Centre on Privacy and Cybersecurity (ECPC) within the Faculty of Law at Maastricht University. 

The project aims to trigger virtuous data protection competition between companies by creating an environment that identifies and promotes data protection as an asset which can be used to help companies to responsibly further their economic targets. The research will accomplish this through the development of a new dimension of data protection that goes beyond legal compliance, transforming data protection into a new form of Corporate Social Responsibility (Data Protection as a Corporate Social Responsibility, DPCSR). 

Yesterday’s meeting brought together Business Stakeholders and Data Protection Stakeholders, both present in person and connected via video conference, to introduce the project, its structure, and  to elaborate on the preliminary research I carried out at the University and which was the topic of my inaugural lecture. The exchange that ensued where the stakeholders provided their feedback, views, and discussed practical experience with the research team, commenting on the identified potential rules for each of the 5 principles of Socially Responsible Data Protection,  proved to be very fruitful and confirmed the usefulness of the mixed methodology research methods that have been selected for the project, combining desk research and  stakeholder focus groups & interviews. 

5 Principles of Socially Responsible Data Protection

1. Embed data protection and security in the design of processes

2. Be transparent with citizens about the collection of their data

3. Balance profits with the actual benefits for citizens

4. Publish relevant findings based on statistical/anonymized data to improve society

5. Devote a portion of revenues to awareness campaigns for citizens with regards to the data-centric society