news
The Global
11 November 2020

Will Privacy be the Next ESG Frontier for Institutional Investors?

Sustainable investing cannot be treated as a static checklist or a corporate merit badge. The ever-evolving way of doing business and the adoption of data-driven technologies call for a shift of focus on human rights and specifically on the fundamental right to privacy. Given the magnitude of the task and the stakes involved, shouldn’t institutional investors be held liable for their internal operations and investment decisions?

By Christina Heliotis
Visiting Fellow, Global Governance Center
Graduate Institute of International and Development Studies

 

 

Introduction

 

Last month, the Principles on Responsible Investing (PRI) published a milestone framework, which brings focus the duty of institutional investors to act upon human rights: “Why and how investors should act on human rights”. PRI, an United Nations (UN) backed organization with a mandate to promote environmental, social and corporate governance (ESG) standards for businesses and investors, has more than 3,000 signatories committed to sustainable investment.

The ESG investing framework is interlinked with the achievement of the Sustainable Development Goals (SDGs). Reaching the SDGs cannot solely depend on governments. As the principal wealth stakeholder, the private sector is equally responsible for determining how financial resources convert into business activities and holds an added responsibility for promoting sectors, businesses, and practices that advance the 2030 sustainability agenda.

 

The “S” in ESG investing

 

In the wake of the coronavirus pandemic, companies and investors have started paying more attention to the social “S” factors of their ESG operation and investment decisions. Yet, due to the limited corporate reporting and the non-quantitative reporting methods, defining and framing social factors is often challenging. In 2019, BNP Paribas published a Global ESG Survey, which showed that 46% of investors surveyed (including 347 institutions) said that “S” is the most difficult factor to analyze and include in investment strategies.

Among social issues, privacy has been lately under the spotlight. Similar to the Facebook-Cambridge Analytica or Target data breaches, companies with inadequate privacy safeguards have suffered significant financial and reputational damage.  Naturally, as tech and retail companies become more reliant on data collection and processing, they are faced with increased scrutiny by consumers and with an escalation of their regulatory and litigation risks. Under the ESG framework, privacy is considered an indicator of a business’ ethical and social behavior. It is also a fundamental human right, based on international norms established by the United Nations, European Union (UN) charters, and national constitutions.

The latest PRI report reintroduces human rights in the ESG discussion by placing the focus on institutional investors. Multilateral Development Banks (MDBs) and International Financial Institutions (IFIs) are key institutional investors whose authority and mandates are defined in an international treaty, to which all their member states are parties. As international law subjects, MDBs and IFIs are bound by customary international law and general principles of law which address fundamental human rights issues.

 

Privacy and data protection: a crucial concern for MDBs and IFIs

Especially now, MDBs and IFIs collect and process an enormous volume of data and personal information, such as personal and corporate account details, research results, and staff information, compiled and transferred through various sources. This information is crucial for driving business decisions and forming accurate financial projections. Large datasets, directly or indirectly collected, bring institutions before the responsibility to ensure that their processing respects personal data.

The risk for privacy also lies in the genre of the data collected: As many MDBs expand their traditional financing role to consulting and research activities, they often collect and analyze sensitive personal information relating to health, education, gender and culture. The processing of this information needs to be based on the informed consent of the “data subject” and stored only for as long as it is necessary to fulfill a specific purpose. Thus, it is essential that institutions balance the protection of the right to privacy with their interest to preserve “institutional memory” and facilitate future activities.

 

This is an excerpt. To read the full article, visit The Global.
Interested in contributing to our blog? Here is how.

 

Image by Darwin Laganzon from Pixabay