Data Protection Day: Privacy As A Fundamental Aspect Of ESG

• Published date: 13 March 2023
• Subject Matter: Corporate/Commercial Law, Environment, Privacy, Corporate and Company Law, Corporate Governance, Environmental Law, Data Protection, Privacy Protection
• Law Firm: Lydian
• Author: Mr Bastiaan Bruyndonckx, Olivia Santantonio and Thibault Boscart

Environmental, Social and Governance (ESG) requirements are increasingly higher on the agenda for many companies as they are today an important criterion for investors, customers, suppliers and employees to decide whether or not to engage with a company.

Traditionally, the term "ESG" is associated with "classic" negative human and environmental impacts such as forced labor, child labor or greenhouse gas emissions. This e-zine demonstrates that privacy and data protection are equally fundamental aspects of corporate social responsibility and sustainability, and that a responsible ESG policy goes beyond mere compliance with applicable privacy laws.

An appropriate privacy policy entails that a company respects the three ESG criteria in the manner it handles data.

Under the Governance aspect, companies must ensure the fundamental rights to privacy and data protection of natural persons when processing personal data. In this regard, the General Data Protection Regulation (GDPR) gives natural persons more control over their personal data, forces companies to process this data lawfully and transparently, and ensures effective enforcement through serious sanctions.

Companies are already held largely responsible under the GDPR for the processing of personal data by (internal or external) parties. For example, a company must enter into a data processing agreement with each processor and a transfer of personal data to processors outside the European Union must provide appropriate safeguards for the protection of the rights of natural persons. This can be done for example through the adoption of binding corporate rules at the group level.

The importance of sound privacy policies towards business partners is further emphasized in the recent ESG-specific legislation. Based on the observation that existing EU legislation does not always apply to the value chains of companies outside the European Union, the proposed Corporate Sustainability Due Diligence Directive (CSDD Directive) encourages companies to assess and manage human rights violations regarding privacy and data protection across the entire, global value chain through appropriate due diligence measures, following the OECD Due Diligence Guidance for Responsible Business Conduct. Data supply chains are no...