Corporate Digital Responsbility and Data Privacy

Key Info

Basic Information

Lehrstuhl für Innovation, Strategie und Organisation


Corporate social responsibility (CSR) goes beyond complying with economic and legal requirements by meeting “expectations of societal mores and ethical norms” (Carroll 1999, p. 41). Social responsibility is evolving, not least as a function of technological progress and the inability of the law to match technology’s pace. The time lag creates a legal vacuum that moves organizations’ social responsibility into the foreground (Grigore, Molesworth, & Watkins, 2017). This becomes especially salient as we move into a digital age shaped by rapid technological progress.
With the rise of the Internet of Things (IoT), smart products such as fitness trackers, smart thermostats, and connected cars have become digital companions in all spheres of life (Porter & Heppelmann, 2015). They promise more customized and convenient user experiences. That said, they also impose unprecedented risks on users’ data privacy. Privacy risks are considered as the cost of data sharing. Costs include any financial, psychological, and social harm that originates from one’s inability to exercise control over one’s personal information (Moon, 2000; Westin, 1967). In the IoT context, privacy risks arise from smart products collecting, processing, and storing user data (Lowry, Dinev, & Willison, 2017).
Rapid development and diffusion across the globe make it difficult for legal authorities to set and enforce rules regulating data practices (Crescioni & Sklar, 2020). Hence, users’ data privacy needs to be effectively protected at the company level, which places data privacy within the realm of CSR. Recent studies confirm the importance of data privacy as a growing topic within CSR (Pollach 2011). Lobschat et al. (2019) propose corporate digital responsibility as a novel concept guiding data privacy.
As part of this thesis, your task is to do a literature review on corporate responsibility and data privacy. More importantly, your task is to integrate the two literature strings by systematically discussing a case where a company might have violated users’ data privacy (e.g., Cambridge Analytica,, FaceApp, etc.). Finally, your task is to derive guidelines for companies seeking to act responsibly in the digital age.