How are different business sectors worldwide adapting to the changing landscape of data privacy policies? Which sectors are paving the way to a safer and more secure digital environment, and which ones are straggling behind?
To answer these questions, we made use of Thomson Reuters (now Refinitiv’s) environmental, social and governance (ESG) research data. The ESG data contains information on nearly 7,000 global companies, reaching back to 2002. This analysis was conducted by Thomson Reuters Labs in collaboration with the World Economic Forum to create visualizations for an insight report on building an inclusive, trustworthy and sustainable digital society.
The ESG data, which builds the basis of our analysis, was manually collected from publicly available information sources to ensure that the data is standardized, comparable and reliable. Moreover, the gathered data is quality controlled and verified in a rigorous process by experienced analysts and robust automated checks within Thomson Reuters.
This positive trend is hard to explain without taking the EU general data protection regulation (GDPR) into consideration. GDPR is considered one of the most important changes in data privacy regulation in 20 years, affecting all companies operating in the EU, wherever they are based. It was adopted in April 2016 and became enforceable in May 2018. Even though we have not established a formal causal relationship, the data strongly suggests that GDPR was an important factor in most of the companies adopting such policies in recent years.
It is not surprising to see insurance companies, banks and the healthcare sector among the high performers, given that they have many individual clients and are exposed to huge risks in terms of keeping sensitive information secure. Finding investment holding companies among the stragglers is thought-provoking given the increasing demand for transparency in financial markets and the risk associated with a lack in transparency in terms of money laundering.
This generally positive story of more and more companies introducing data privacy policies, with some business sectors even reaching beyond 90% adoption rates, should not be told without acknowledging the issues around data provenance. No ESG data has been gathered (or in some cases reported) for private companies, which largely outnumber public ones. This large proportion of the “known unknown” makes is hard to draw a generic conclusion (see graphic below). The adoption rate would drop down to less than 20% across all business sectors if we make the assumption that the (public and private) companies without reported ESG data do not have data privacy policies in place. This would of course be alarmingly low and paint a completely different picture in terms of customer’s control over their personal data.
An important note on the methodology of this analysis: Only 6k of 60k companies have data on this topic. Each box below represents 100 companies. Orange boxes are companies we have any data on (whether they have data privacy policies or not) and grey boxes are companies we have no information about data privacy policies on.
Digital transformation is affecting all aspects of our increasingly connected society, and companies are slowly getting ready for our shared digital future. Given that topics such as data privacy and security are now discussed by politicians, business leaders and regulators on a daily basis, we are hopeful that adoption rates across all sectors will increase further and at a faster rate.
Access the full report, Our Shared Digital Futures, which addresses the need for shared goals and coordinated action to shape an inclusive, sustainable, digital future.
View the other articles in this series: