The long march towards corporate digital responsibility
Carbon footprint, ethics, data and human protection… More and more, digital players—and especially those in cybersecurity—are questioning their digital responsibility. During the FIC 2022, the closing plenary was even dedicated to this theme full of future promises…and pitfalls. inCyber takes stock.
“Integrating ethical considerations” into their purchasing, manufacturing, and distribution processes for their digital products and services:
“This is not the role of companies, but it is in their interest,” said Ms Élise Dufour at the closing plenary of the FIC 2022 on corporate digital responsibility (CDR).
From customers worried about their personal data to investment funds concerned about ethical investments and to public authorities committed to combating climate change, there is real pressure to move towards a more responsible digital world. Thus, “sustainability is now a more important criterion than price in our invitations to tender for cloud providers“, explained the general manager of DNS Belgium, Philip Du Bois, in front of the cameras of inCyber.
A CDR programme must rest on four pillars, developed Élise Dufour, a specialist in new technology law and partner in the Bignon Lebray law firm: data processing and security; control of the consequences of the increasing use of AI; social and human aspects; and finally the environmental aspect.
But the responsibility goes far beyond the tech industry, as digital technology has spread everywhere, stressed Isedua Oribhabor, Business and Human Rights Lead at the NGO Access Now, which defends the rights and freedoms of Internet users.
“CDR is not only for Google and Facebook. […] All companies can be considered as technology companies from the moment they collect data, or use AI or facial recognition, like these clothing brands that use these technologies,” the activist stressed during the plenary.
Does this mean that all the companies concerned have embarked on CDR programmes? That would be very optimistic, as the subject is so vast and complex. We might as well say it straight away: in the absence of a global framework recognised by all, the questions linked to AI and the human-system relationship are still largely in the making. Companies are moving forward, but in a scattered manner.
Human rights, the ambiguities of the tech sector
“When it comes to defending the rights of Internet users, who can we trust?” asked Isedua Oribhabor. “Can we trust the platforms to regulate their content? I am rather sceptical. We need cooperation between private and public players,” to be defined on a case-by-case basis. Indeed, while in some countries, governments put in place laws to defend minorities, in others, they target these same minorities on social networks. She cited the case of Ghana, which uses local languages to bypass the safeguards put in place by English-language platforms. Conversely, these networks must be “supervised so that they no longer act with impunity,” insisted the NGO’s leader, who also wants to believe in a virtuous circle:
“The sector itself must compete in protecting rights; everyone must try to become a rights champion,” argued Isedua Oribhabor.
Other aspects of the CDR are more mature, because they are more tangible and measurable. This is the case of its “green” component. The carbon impact of digital technology is no longer in question and—as is often the case—the largest companies are leading the way. “The digital sector already accounts for 4% of carbon emissions worldwide, and they are increasing by 6% per year,” explained Richard Bury, director of the responsible digital programme at EDF. A somewhat abstract figure, but one that he gave substance to:
“Behind our clicks are hundreds of billions of computer devices, connected objects, terminals, networks, data centres, etc. They have to be manufactured, which represents [in terms of CO2, editor’s note] as much as the world’s fleet of trucks. If we do nothing, by the end of the decade, it will be as much as the world’s fleet of internal combustion vehicles.”
Two years ago, EDF therefore embarked on a vast programme to decarbonise its digital activity. The challenge is to reduce the carbon footprint and to move towards digital sobriety without sacrificing uses, explained the manager. And while digital technology is a source of a great deal of pollution “mainly in the manufacturing phase, and also a little in purchasing“, it is also part of the solution: “it allows us to reduce our customers’ electricity consumption by 5 to 10%,” he was pleased to say. And the company intends to set an example. Since CDR covers complex and sometimes contradictory objectives—related to ecology, economy, sovereignty, and cybersecurity—explained Richard Bury, to achieve this goal, the company needs a framework, as well as solid and recognised reference points.
CDR runs on carbon
This prerequisite already exists or is relatively easy to implement for IT products: indeed, specifying technical and environmental data and complying with ecodesign standards for a device is a measurable objective. The situation is quite different when it comes to software or services—whose ecological quality must also be monitored over time— since standards do not yet exist. However, EDF is also making progress in this area: “When we did our public cloud contract, we held workshops with the major hyperscalers to see how we could work together—yes, that’s the key word, together—with our partners to reduce the carbon footprint of these services,” explained Richard Bury.
To go further, “EDF has chosen to use the reference system of the Responsible Digital Institute. This also allows us to compete for the label, thus demonstrating that a responsible digital approach is not just talk, but also facts that are audited,” he stressed.
This is a true roadmap for companies and local authorities that want to embark on a global CDR programme. EDF’s example could well inspire others: beyond the ecological aspect, all market players feel the need to have relevant and recognised points of reference to be able to move forward with their global CDR approach.
Because these issues—particularly in digital purchasing, insisted Ms Dufour—”are already very complex for a company like EDF, thus for an SME or a VSE, it is even more so. She pleads for the implementation of European standards, “of labels or scoring schemes, so that we can find our way around.”
“In this very complex ‘digital jungle’ […], it is illusory to think that companies will be able to integrate these considerations into its purchasing processes on their own, even if they all want to achieve this virtuous objective. This is part of an ethos and a posture, which allows them to position themselves on the market,” developed the specialist in digital law.
A posture? Is corporate digital responsibility just a new fad for communicators looking for “virtue signalling“? This is certainly not the case for TEHTRIS.
Need for labels or scoring schemes to find our way around
The company presents itself as the world leader in the automatic neutralisation of cyberattacks. Since the beginning of April, it has also been a member of the very closed club of companies with a mission. Interviewed by Mélanie Benard-Crozat, editor-in-chief of S&D Magazine, Ingrid Söllner, chief marketing officer of this SME, explains its CDR/CSR approach:
“This reflects commitments that date back to the creation of TEHTRIS. […] Our mission: “to make cyberspace a trustworthy environment for the future.” This broad approach can be translated into four pillars: ethical actions, environmental actions, social actions, and a responsible purchasing approach.”
Ethos has literally been coded into the heart of the company since its creation: the founders of TEHTRIS have chosen to protect their clients’ data without ever having access to it. Confidentiality is guaranteed. The company is also very much involved in diversity, particularly gender diversity. “Even though we already have 30% women in our workforce, it’s not a question of quotas: we have noticed that mixed, heterogeneous teams give better results than others,” says Ingrid Söllner. A virtuous circle, especially since—in the face of competition—a dynamic CDR/CSR approach changes everything:
“We can see that CSR actions are beginning to be requested in invitations to tender. We are being asked for our commitments, and we are in a good position to respond,” says Ingrid Söllner with pride.
According to her, between the technical choices and the decision to code only in Europe, protected from the American Cloud Act, TEHTRIS does everything to protect the confidentiality of customer data. In this way, it reinforces confidence in the digital sector—one of the key elements of CDR—and reinforces its success.
A well-understood CDR programme clearly contributes to social and environmental progress as well as to business success.
- Digital Sovereignty
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital transition