Getting Started in Corporate Digital
Responsibility

With the pace of technological development and the quick adoption of various digital technologies at scale, the discourse on responsibilities has been slow to catch up. However, the shortcomings of such ways of working are becoming more and more apparent as increasing awareness among customers and regulators fuelled by various scandals are increasingly losing trust in digital services. Digitalisation requires to be reflected on with established frameworks on sustainability and responsibility as technologies interact with those existing areas. However, there are also new questions that need to be raised due to certain characteristics of digital technologies, e.g. the tendency towards autonomy of systems. While CDR has been gaining attention in recent years, only few companies have solid CDR guidelines in place. The ones that do are mostly exposed to or handling sensitive personal information in the pharmaceutical or insurance sector.

When a company is faced with competitive or financial pressures, it is easier to communicate an urgent need for change. But when business is operating smoothly, you need to paint a compelling picture of the opportunity that digital responsibility offers to the organisation. The reality is that the external landscape is changing due to legislation and changing customer needs. Helping to anticipate these rapid changes is one way to get stakeholders onboard.

Voluntary and regulatory compliance to codes, principles and legislation is often perceived as a burden that slows business down. Rather than handing CDR to the compliance department, organisations can position digital responsibility within themselves as a value-enabler.

Contrary to other fields like bioethics or environmental protection, the digital world and responsible behaviour in it is still at an early stage. Organisations often feel that they need to start at zero and are overwhelmed by the lack of guidance. Not only the width of the field but also cultural differences can be a challenge, especially for multinational organisations. Is responsible behaviour in Western Europe the same as in China? Is the US the same as in the Middle East? A CDR framework needs to be flexible and adaptable to different contexts.

Many companies have responded to increased calls to be more digitally responsible by developing ethical frameworks to guide their digital activities. Take the example of AI – to date, more than 160 ethical frameworks for the responsible use of AI have been released by organisations such as Google, BMW, various government and industry associations, according to the German non-profit organisation AlgorithmWatch. But the adoption of ethics principles and frameworks does not necessarily lead to its implementation. Almost all the aforementioned ethical frameworks are voluntary commitments, with only a few examples having an oversight or enforcement mechanism.

You can position CDR so that it can act as a resource for all teams that want to discuss ethical concerns or questions of digital responsibility. CDR units can provide tools but other teams are responsible for using them. In order to be easy to follow, the relevant information e.g. checklists derived from principles and values need to be easily accessible and spread widely within the organisation. For example, an interdisciplinary team composed of representatives from compliance, business security, data science and IT architecture can work to align initiatives on data strategy and ethics by sharing knowledge, providing guidance and keeping an overall view. The team can be governed by a board represented by wider stakeholders who carry information back to their respective business lines across the company, and who also alert the team to relevant issues. This two-level structure works to both guide and foster a collaborative working structure on topics related to digital responsibility.

To help line managers and developers implement digital responsibility into their initiatives, Deutsche Telekom uses a central quality gate, the privacy and security assessment (PSA) that developers of new products and services  have to undertake to safeguard data privacy and security.  The PSA process covers identification of relevant privacy and security requirements; as well as the covering of the ethical guidelines, before the initiative is approved for launch.

A similar process encourages initiative owners to evaluate their risks before projects are initiated, including data and AI ethics. For example, when it comes to working with data, there are a set of questions about how the data can be ensured to be used in a responsible and ethically meaningful way. These self-evaluation questions are answered by both the product developer and business line manager.

Lastly, engaging with CDR as an employee should be made as easy as possible. For example, several organisations have set up dedicated e-mail accounts where employees can send in their questions about topics related to digital responsibility.

Rather than creating a separate team, many organisations are choosing to distribute and embed the handing of digital responsibility topics into existing business lines. The benefits of this approach includes distributing accountability and raising awareness of digital ethics throughout the organization. A complementary approach is to develop processes to help drive digital responsibility into existing routines and practices.

To engage with CDR, a high digital maturity is no precondition – and a lack thereof no excuse not to engage with CDR. Many organisations engaging in CDR did not have significant digital or AI related developments in place when they embarked on their CDR journey. What is more important, is an awareness of the potential risks and opportunities around digital responsibility. With digital technologies becoming ever more enmeshed in various aspects of our lives, committing to use digital technologies responsibly can feel overwhelming. Several organisations identified certain technologies or digital use-cases that are of paramount importance to them and placed the main focus on them, e.g. data analytics for a pharmaceutical company or AI for a telecommunication provider. Focus technologies vary depending on the business model at hand and helps to build principles and processes for CDR from the ground up instead of from top-down with vague principles that are then hard to implement. So if you feel overwhelmed, why not start small and on a specific use case that matters?

To address the challenge of missing frameworks, several organisations collaborated with research institutions and their ethicists to create CDR principles and processes that make sense for the organisation and also reflect the current understanding of the issue. Take a look at the additional resources linked further below on this website.

To ensure that CDR is being put into practice, align incentives and mechanisms within the organisation. Some create new councils within the organisation that have decision power when it comes to concerns of ethics and responsibility. However, their experience also shows that such decisions are taken rarely (2-3 times a year) as their CDR frameworks already provide sufficient guidance for the organisation and their everyday questions. In cases of uncertainties or norm conflicts a council like that acts as arbiter.

An example of how to ensure committees and their recommendations are taken into serious consideration despite a lack of decision power, is to clearly and transparently document the input of CDR committees. This internal record shows that ethical concerns and questions of digital responsibility were evaluated and are accessible for all employees. The existence of this document alone increases the likelihood of decision makers to follow the recommendation given to them by the CDR committees.

Another such mechanism is public communication about the own commitments, allowing the outside to follow and evaluate the principles and actions of organisations.

We recommend identifying a topic that is relevant to your organisation, whether it is due to a pressing concern or of general interest. Some good entry points are:

• Corporate Values: Appealing to established corporate principles can serve as a jumping point, a reference and a guiding light to kickstart digital responsibility discussions and initiatives
• Data Privacy and Protection: organisations whose business models rely on the use of data can start their CDR journey building on data privacy efforts.
• Business Risk: There are many types of risks associated with digital technologies. The key is to identify in which areas of your organization may be most exposed, and focus your digital responsibility efforts there.
• Industry and national Considerations: certain industry associations and national initiatives have pooled resources to create CDR guidelines, providing a good entry point (see below for additional resources)

Given that many organisations rely on software as a service (SaaS) or digital infrastructure as a service run by third parties, the question of how you can be responsible for something you have little control over arises. Get clear on which services you can control directly and which are managed by third parties. This will impact the scope of your Corporate Digital Responsibility practice.

As CDR is ideally an integral part of the organisational culture, buy-in from top management is important. Various organisations have instituted location visits or training for upper management to raise awareness for digital ethics and responsibility. This can take the form of visits to specific digital hubs and innovation ecosystems or the direct participation with specific stakeholder groups e.g. workshops with researchers. It is vital that awareness for CDR is not only present e.g. on the technical level of product development teams and data scientists but all employees. 

Digital responsibility can only be achieved as a shared outcome. Rarely is it a topic that remains solely in the purview of a single function or within company boundaries. It is about integrating business objectives and digital ethics. Within an organisation, digital responsibility does not rest solely within the IT function. With increased data sharing between companies and suppliers, issues related to digital responsibility do not stop at company boundaries.

Getting digital governance right is as crucial as it is challenging. The choice of governance model depends on the ambitions of your organisation. Digital responsibility ambitions come in many flavours – from enhancing existing operations, revamping experiences and operations in new ways, or to reinvent business models. Each ambition will dictate a different model of governance to translate the vision into a results-oriented reality. As one form of governance structure, some have established councils. These councils take different roles, such as advisory or decision-making. But there is no one-size-fits-all approach.

Keeping the workforce well-informed and up-to-date on digital skills is important in this rapid era of digitalisation. Upskilling in digital knowledge encompasses having an understanding of new digital tools and technology, and the ability to understand and work with different types of data. A good understanding of technology helps to raise the right questions and builds a crucial base for discussions.

You are not alone in tackling CDR so why not join forces and exchange experiences and best practices? More and more initiatives and associations are being created around Europe in particular to foster Corporate Digital Responsibility. We list further resources at the bottom of this website.