Corporate Social Responsibility, Data Protection and the Right to Privacy

Abstract

Technology and the internet have added a new stakeholder concern to the Corporate Social Responsibility (CSR) agenda: online privacy and data protection. This article traces the emergence of CSR on the agenda of businesses, considering developments in the United Kingdom, the United States and European Union and the business case that supports a move towards taking CSR seriously. Additionally, the article draws on views of leading theorists such as Friedman and highlights the power of consumer boycotts to pressure corporations to adopt ethical and socially responsible practices. Building on existing literature that establishes data protection as a CSR, the research outlines the legislative efforts to protect personal data and online privacy in the UK, focusing on the General Data Protection Regulation. It also considers the challenges created by Brexit and ongoing legislative efforts that attempt to limit data protection in the UK. Linking CSR and data protection to human rights, the article establishes breaches of data protections as violations of the right to privacy for which businesses should be held accountable. The paper argues that businesses are starting to pay more attention to their CSR in general and data protection as a CSR in particular. However, online privacy is still a rather new concept on the CSR agenda and businesses have to improve their efforts to ensure they have the correct framework in place to use and store data securely.