Today is International Data Protection Day, in celebration of the 41^st anniversary of the first binding international treaty concerning the topic of data protection being opened for signature: the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.^[1] Since the early 1980s, both the quantity and economic importance of data has increased drastically, frequently being hailed as “the new oil”. Whether or not one agrees with such a metaphor, it is undoubtably true that data is the lifeblood of the global economy. 

As users, global citizens of the world wide web, we generate personal data nearly every waking moment. Organizations process this seemingly infinite amount of data and are subject to applicable rules (whether it be the GDPR, CCPA, LGPD, PIPA, POPIA, etc.). Beyond the law, however, there is a growing consumer-driven need to approach data protection from a perspective of sustainability. In order to do so, organizations should go beyond what is strictly required by the law, adhering to the assumption that doing good for individuals and society will also have a positive impact on the bottom line. To this end, I invite you to see my work on the concept of Data Protection as a Corporate Social Responsibility (UM-DPCSR). 

One simple, but effective way in which organizations can be more sustainable, accountable, and importantly, transparent, is by improving the comprehensibility of user-facing privacy notices. This can be accomplished, for example, by implementing data protection icons within privacy policies. On 15 December 2021, the research group I directed at the European Centre for Privacy and Cybersecurity (ECPC) with the substantial contribution of Kate Francis (PhD candidate on transparency aspects of data protection), won the “Easy privacy information via icons? Yes, you can!” contest organized by the Italian Data Protection Authority.   

This year, in light of International Data Protection Day, I would like to invite organizations of all shapes and sizes to make small, but meaningful changes when it comes to data processing. Improving the readability and understandability of privacy notices by implementing the UM-DPCSR Icons which are downloadable here, testing the comprehensibility of privacy information, and actively engaging with users to understand their needs and concerns with respect to transparency and more generally, data protection, will help contribute to building a more sustainable, transparent, trustworthy, and fair data-driven future for all of us. 

If your organization is committed to sustainability and wants to join the Maastricht Data Protection as a Corporate Social Responsibility Framework, contact me at paolo.balboni[@]maastrichtuniversity.nl.

Happy International Data Protection Day!

Prof. Dr. Paolo Balboni

^[1] On 28 January 1981, the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) was opened for signature in Strasbourg, France. Also recall that in 2018, Convention 108 was modernized (Convention 108+). For more information, see the Council of Europe’s website here: https://www.coe.int/en/web/portal/28-january-data-protection-day