The carbon cost of data: why data minimisation matters now

Embracing data minimisation is not simply about ticking a compliance box, it represents a fundamental shift in mindset towards a responsible and sustainable approach to data, ensuring that we not only protect individual rights and freedoms but also safeguard the future of our planet.

AI, DATA PROTECTION AND ESGESGDATA PROTECTION LEADERSHIPGOVERNANCE

Tim Clements

4/4/20254 min read

The power and relevance of data minimisation in ESG programmes
The power and relevance of data minimisation in ESG programmes

With digital transformation pretty much BaU these days, the convergence of emerging technologies and environmental accountability demands a re-evaluation of traditional business practices for many companies. Environmental, Social, and Governance (ESG) considerations are no longer confined to the realms of resource management and ethical labour practices. They must now take in the very foundation of our digital infrastructure. At the heart of this lies data minimisation, a principle enshrined in most data protection laws and regulations around the world. This principle mandates the collection, processing, and storage of only the data that is strictly necessary for specified, legitimate purposes. To disregard or trivialise data minimisation is not merely a legal oversight, it constitutes a reckless disregard for the environmental well-being of our planet and a betrayal of commitments to a sustainable future made by institutions and bodies like the UN and EU.

The environmental footprint of the data behemoth

The relentless pursuit of data, often driven by the demands of enhanced insights and competitive advantage, has created a digital behemoth with a huge appetite for resources and a massive environmental footprint. The "data hoarding" mentality, where companies indiscriminately collect and retain vast quantities of personal data, has created a hidden environmental crisis that demands urgent attention.

Think about the energy consumption of data centres. These ever-increasing-in-size facilities require tremendous amounts of electricity to power servers, storage devices, and cooling systems. As the volume of data continues to explode, the energy demands of data centres are escalating at an alarming rate, contributing significantly to greenhouse gas emissions and exacerbating the climate crisis. The European Green Deal's ambitious climate neutrality goals cannot be realised without addressing the unsustainable energy consumption of our digital infrastructure.

The environmental cost extends beyond energy consumption. The production of servers, storage devices, and networking equipment necessitates the extraction of increasingly scarce rare earth minerals and other valuable resources. Shorter hardware lifecycles, driven by the continual demand for greater storage capacities and faster processing speeds, intensify the pressure on these resources and contribute to environmental degradation. The environmental burden of manufacturing IT equipment is often overlooked, but it represents a significant challenge to achieving a circular economy and reducing our reliance on finite resources.

Furthermore, the rapid pace of technological innovation leads to a growing volume of obsolete servers, storage devices, and other IT equipment, contributing to the global e-waste crisis. Improperly managed e-waste poses a significant threat to human health and the environment, contaminating soil, water, and air with hazardous substances. The long-term consequences of digital waste are only beginning to be understood, but it is clear that we must adopt more sustainable practices for managing electronic waste and reducing its environmental impact.

Data minimisation: data protection practices meets environmental responsibility

Data minimisation, as articulated in Article 5(1)(c) of the GDPR, offers a framework for mitigating the environmental impact of the data-driven economy and aligning our processing practices with the principles of sustainability. By embracing data minimisation, companies can unlock a range of environmental benefits and contribute to a more sustainable future.

Firstly, data minimisation can reduce the energy consumption of data centres. Storing only essential personal data minimises the overall energy demand of these facilities, directly lowering carbon emissions. By optimising data storage and processing practices, companies can reduce their carbon footprint and contribute to a cleaner, more sustainable energy future.

Secondly, data minimisation can extend the lifespan of IT infrastructure. By reducing the need for constant hardware upgrades and expansions, organisations can prolong the useful life of their existing IT equipment, reducing the demand for new resources and mitigating the environmental impact of manufacturing. Extending hardware lifecycles not only reduces resource consumption but also minimises the generation of e-waste.

Thirdly, data minimisation can help to mitigate the e-waste crisis. Implementing data retention and deletion policies in a proper, thought out manner, as required by most data protection laws, helps to minimise the volume of obsolete hardware that ends up as e-waste. And at the same time, by ensuring that personal data is securely deleted when it is no longer needed, companies can reduce risks to the rights and freedoms of individuals

Also, embracing data minimisation enhances data security and resilience. A smaller data footprint reduces the attack surface for cybercriminals, making companies less vulnerable to data breaches. By minimising the amount of personal data stored, companies can reduce the potential impact of a data breach on both individuals and the environment.

Your call to action

To fully realise the environmental benefits of data minimisation, companies must embrace a comprehensive and strategic approach that encompasses the following key elements:

  • Conduct a thorough data audit to identify all personal data collected, processed, and stored, mapping data flows to understand how data is used and shared.

  • Define clear, specific, and legitimate purposes for each processing activity, ensuring that data collection is strictly limited to those purposes.

  • Implement data retention policies, specifying how long personal data will be stored and when it will be securely deleted, in accordance with applicable laws and regulations.

  • Prioritise data security by implementing data security measures to protect personal data from unauthorised access, use, or disclosure.

  • Provide relevant role-based employee education and training to ensure that all employees understand data protection principles and requirements, especially in this context, data minimisation practices.

  • Embed data protection by design and by default, integrating data protection principles into the design of all new products, services, and business processes.

  • Make use of privacy-enhancing technologies (PETs) such as anonymisation, pseudonymisation, and differential privacy to minimise the amount of personal data processed while still enabling valuable insights. Be aware you need to also have the right competences in your companies to work with these technologies. The UK's ICO highlights this in it's very useful guidance.

  • Finally, promote algorithmic efficiency by using techniques such as feature selection, dimensionality reduction, and model compression to create leaner and more efficient algorithms and models, reducing energy consumption.

Data minimisation is far more than a mere legal compliance exercise, it is a fundamental ethical and environmental imperative. In my unwavering conviction, companies that fail to embrace data minimisation are not only exposing themselves to significant legal and reputational risks but are also actively undermining global efforts to build a sustainable digital future.

The time for complacency is over. Companies and public sector bodies must recognise the environmental consequences of unchecked data growth and take decisive action to minimise their data footprint. By embracing data minimisation, they can create a more sustainable, resilient, and equitable digital ecosystem that protects both the rights and freedoms of individuals and the health of our planet.

Purpose and Means works with global companies aligning their AI and data protection activities with corporate ESG goals using a structured approach supported by workshops, education and training. Interested in hearing more? Feel free to get in touch to arrange a no obligation call to discuss how we can help assess impacts and build a roadmap for the work that needs to be undertaken.