Happy Birthday, GDPR! Reflections on the potential for sustainable data processing to combat climate change

Each year I celebrate May 25th, the anniversary of the applicability of the General Data Protection Regulation (GDPR), by reflecting on the spirit of the Regulation and taking stock of its relevance in supporting democracy, fundamental rights, and the freedoms we hold so dear. This year, however, my thoughts have concentrated on another incredibly relevant topic – that of human-induced climate change. While the two topics may not at first sight seem to be intertwined, closer examination of the GDPR’s principle of data minimization, together with data quality, accuracy, and storage limitation,  can help us to shed light on, and potentially help to mitigate, the imminent danger for people and our planet posed by climate change. Compliance in this way represents not only a legal requirement, but an essential element to protect biodiversity, infrastructure, and to avoid the loss of life in a scenario where digital technologies currently make up anywhere between 5 and 9% of global electricity consumption.

If you have been following me over the past two years, you’ll know that I am passionate about sustainability and that my research at the European Centre on Privacy and Cybersecurity aims precisely to frame the topic of data protection compliance in terms of sustainability and corporate social responsibility. Indeed, within the Maastricht University Data Protection as a Corporate Social Responsibility Framework,  Rule 4 of Principle 3 requiresadhering organizations to consider their environmental impact when taking decisions on data processing activities, e.g., to minimize data processing activities with the aim of reducing energy consumption.[1]  The advent of inexpensive computational capacity has permitted the collection of vast and often excessive amounts of personal data – sometimes collected without a real business need; data is stored for unnecessarily long periods of time, etc. Not only do such practices conflict with good data protection compliance and cybersecurity hygiene – they also damage our world in environmental terms. 

Along these lines, the European Commission is stressing the potential for technology to provide green solutions for the digital sector. This is becoming pertinent due to the proliferation of AI, IoT, blockchain, and cloud computing which are significantly contributing to energy consumption. Additionally, the European Commission is pushing companies to be more sustainable by way of the Corporate Sustainability Reporting Directive (CSRD) and the proposal for a Directive on corporate sustainability due diligence. More specifically, the CSRD would introduce a European audit (assurance) requirement for sustainability information, where the Directive on corporate sustainability due diligencewould require certain kinds of organizations to identify the environmental and human rights impacts of their business, minimize impacts, integrate due diligence into their policies, and monitor the effectiveness of the established due diligence policy and related measures, among others. In this sense, organizations must not only adopt a strict interpretation of the above-mentioned GDPR-enshrined requirements of data minimization, storage limitation, etc., but also commit to make use of energy efficient data centers (also in line with the Commission’s objective of carbon neutrality in data centers by 2030 of both existing and new legislation and initiatives), and make such efforts known via reporting.  

Such an approach – one that takes the above into consideration – will both improve compliance with the GDPR’s data protection principles, potentially contribute to reducing cybersecurity risks, and fundamentally, actively contribute to the reduction of energy consumption and carbon emissions along the value chain for the benefit of society. And with this, on the birthday of the GDPR, I invite you to challenge the conception of data protection as a purely legal matter and see it for what it can be – a tool to build a more sustainable world. 

Happy Birthday to you, GDPR!!!

[1] Balboni, P. (2021). How data minimisation, data quality, and storage limitation can help in the fight against climate change [Blog]. Retrieved from https://www.paolobalboni.eu/index.php/2021/08/13/how-data-minimization-data-quality-and-storage-limitation-can-help-in-the-fight-against-climate-change/

Comments are closed.