IP Report: Data, Footprint and Freedoms

Download the report (pdf, 2.4mo)

The General Data Protection Regulation (RGPD) and the Data Protection Act (Loi Informatique et Libertés) lay down the principle of minimising personal data and using it sparingly. So could these texts help to protect the environment? A more complex subject than this initial comparison.

Data in the balance, ongoing debates

This booklet begins with a review of the figures, measurements and debates surrounding the digital footprint, with a particular focus on data centres and the associated issues for regional planning. The calculation of these figures, but above all the debates they generate, is not unrelated to data protection.

The temptation is great, in the general discourse, to shift responsibility onto individuals alone, and to focus on individual injunctions, sometimes moralising: "remember to clean up your cookies and sort your waste". But when it comes to data protection, it is at the level of organisations that the measures have been most effective. The legislator has given substance to an abstract risk and its infrastructure (where your data is and who has access to it). In so doing, it has created the conditions for dialogue within companies, in public institutions (which have become the first places for data protection education), and with their customers and users, on a subject that was previously unknown to many. These are just parallels and avenues to explore, but there is much to be gained from drawing comparisons between such apparently different fields.

Does protecting data protect the planet?

Far from the "megadata" approach to the infinite "abundance" of data, data protection imposes a form of digital hygiene that can, in some respects, contribute to the objectives of digital and energy moderation (limiting storage time, limiting purposes, minimisation, proportionality, etc.). Conversely, other obligations of the GDPR or recommendations of the CNIL are generally perceived as increasing the environmental footprint of data processing, in particular the use of cryptography. In this respect, data protection is not neutral, and building bridges with the eco-design of digital services, as well as with cybersecurity, are points of convergence that need to be explored to ensure that the virtuous effects of all the objectives pursued can be cumulative.

Are freedoms in transition?

Our relationship with liberties is evolving in a context where we will have to change our behaviour to curb climate change. We have already agreed to drive with a seatbelt, or to stop smoking in enclosed public spaces. For the environment, the question of measurement and control will arise.

These changes are taking place within a framework in which we have collectively deployed, used and fed systems for monitoring and measuring our own actions, by measuring our health data and our movements, on a voluntary basis. These are devices that were not designed to be used for population control as part of the environmental transition, but which could be used for this purpose. Equally, we need to challenge technical democracy and ensure that digital technology and the tools used by governments and local authorities do not undermine the foundations of society. Civil society itself is tending to resort to peer control and forms of digital vigilantism, such as flight tracking, to denounce the behaviour of certain individuals or segments of society.

Sharing data to protect the environment

Environmental data is already being used for climate change and biodiversity. Most of this environmental data, like that produced for city management, will very often be cross-referenced with personal data. This data is collected in a variety of ways, such as by citizens, or through the re-use of data produced by private services (data sharing), using a variety of governance methods, sometimes organised by law.

Working towards virtuous sharing remains a possible objective, as long as we apply the principles of data protection by design, or build models and methods of sharing and circulation that generate public support and confidence. One of the objectives being explored is how to make the most of this data for purposes of general interest, without fundamentally calling into question the rights of individuals.

Recommendations: pathways for combining data protection with environmental protection

In a last part, we propose five areas of action aimed at the various stakeholders (private sector, legislators and ourselves), to bring data protection and the environment closer together:

• Promote digital sobriety and frugality
• Strengthen and document sector-leval best practices and ensure interoperability
• Develop public discussions about freedoms and transparency
• Provide the means for virtuously sharing environmental data
• Continue the CNIL’s engagement with its environmental transition

Download the report (pdf, 2.4mo)