cris ong - role of corporations in csr & data privacy
TRANSCRIPT
King’s College London School of Management & Business Coversheet for submission of coursework (Undergraduate)
Word count, which should be calculated electronically, must be stated accurately below. For details of what is included in the word count, and penalties incurred by exceeding the word count limit, please consult the coursework submission policy in the relevant programme handbook.
DECLARATION BY STUDENT This assignment is entirely my own work. Quotations from secondary literature are indicated by the use of inverted commas around ALL such quotations AND by reference in the text or notes to the author concerned. ALL primary and secondary literature used in this piece of work is indicated in the bibliography placed at the end, and dependence upon ANY source used is indicated at the appropriate point in the text. I confirm that no sources have been used other than those stated.
I understand what is meant by plagiarism and have signed at enrolment the declaration concerning the avoidance of plagiarism. I understand that plagiarism is a serious examinations offence that may result in disciplinary action being taken. I understand that I must submit work BEFORE the deadline, and that failure to do so will result in capped marks.
Candidate no. W 0 7 6 8 3 (This is a letter followed by five digits, and can be found on Student Records)
For group work only: Candidate no. of ALL group members
Module Title: Corporate Social Responsibility
Module Code: (e.g. 4SSMN134) 6SSMN336
Assignment
Question 1
Essay Title (where applicable):
Corporations increasingly face contradicting pressures. On one hand, they are expected to demonstrate higher levels of corporate social responsibility and on the other hand, shareholders apply relentless pressure to maximise short profits. Debate as to whether corporations are the sole responsible players in CSR by drawing on academic theories, research evidence and practice-based examples.
Module Leader: Gabriela Gutierrez Huerter O
Deadline: 6 April 2016
Word Count: 3500 words
Introduction
The information age that is fuelled by the growth of digital technology, Internet giants and the
likes of Facebook, Apple and Uber, underpins interesting yet critical issues of social and ethical
concerns of privacy intrusion that are worth exploring. As Facebook’s founder Zuckerberg
states, privacy is no longer a “social norm” (Johnson, 2010). Consumers often trade individual
privacy to enjoy the vast benefits of real-time communication and information-sharing, giving
corporations access to personal data, empowering them to enhance customer service and
ultimately organizational profits. However, recent corporate data breaches such as Premera
Blue Cross and Anthem highlights pressuring accountability issues at hand (Kelly and
Rowland, 2000). Who then should be held responsible in protecting privacy rights?
Corporations, government, civil society or consumers themselves?
Friedman’s (1970s) traditional idea of business’s sole responsibility to ‘concentrate resources
on activities that helps increase profits’ has now shifted towards corporate social responsibility
(CSR) that advocates for corporations to skillfully manage between multiple bottom lines and
stakeholder interests (Jamali, 2006). Two vital sources of the CSR critique have since emerged;
Friedman’s shareholder theory of managers to maximize shareholder interests, and Freeman’s
(1984) stakeholder theory to broaden short-term financial focus to include wider stakeholder
obligations and long-term social and environmental evaluation. The evolution of CSR therefore
questions, to what extent are corporations responsible in CSR?
The discussion will focus on three aspects. First, the report disputes the various postulations of
corporate and stakeholder responsibilities in CSR by drawing upon relevant academic theories
and practice-based examples. It argues that while corporations play a dominant role in CSR,
CSR adoption and sustainability is highly reliant on stakeholder support, signifying growing
stakeholder responsibility in CSR management. Second, adopting a stakeholder perspective,
this report emphasizes the importance of co-regulation among multiple stakeholders in the
context of commercial data protection and privacy. While there are different stakeholders
involved in the case of privacy ethics, this report focuses on two broad stakeholders,
governments and civil society organizations, for which are particularly relevant. Third, the
report addresses the practical implications of corporation-stakeholder responsibility in the
interface of business and society. It cautions against the use of power to influence CSR
outcomes and suggests a three-way strategic partnership to govern and protect data privacy.
1) Corporate and Stakeholder responsibilities CSR
While the CSR domain presents a landscape of definitions and approaches, this essay adopts
Van Marrewijk’s (2003) definition of CSR as “voluntary company activities demonstrating the
inclusion of social and environmental concerns in business operations and in interactions with
stakeholders”. This definition is selected for its emphasis on voluntary, social and stakeholder
responsibilities that are relevant to the case of privacy ethics. To properly understand corporate
and stakeholder responsibilities, this section explores three dimensions of CSR and derives
three drivers of corporate role in CSR that are notably prevalent in the data privacy domain.
They include:
1. Institutional CSR (Growth of MNC power and influence)
2. Political CSR (Declining role of Government)
3. Instrumental CSR (Pressures of competition)
It then addresses the opposing arguments behind the aforementioned factors using opposing
stakeholder theories and suggest increasing stakeholder responsibility in CSR.
Growth of MNC Power
With the advent of globalization and international trade, multinationals have seen a growth in
size and power, extending its influence across economies as documented by the concepts of
‘Fordism’ (Mellahi and Wood, 2003), ‘McDonaldization’ and ‘Starbuckization’ (Ritzer, 2010).
From this institutional perspective, Wood’s (1991) Corporate Social Performance theory
postulates that corporations are expected to go beyond their profit-driven economic role in
society. Corporations instead should reconcile the triple bottom line of economic,
environmental and social value and stakeholder interests (Jamali, 2006) since their social
impacts bears far-reaching effects beyond the confines of the corporate sphere (Hamann &
Acutt, 2003). Friedman’s Shareholder Theory has therefore been considered deficient as its
narrow view disregards the wider social responsibilities of the corporation. Instead, Carroll’s
CSR pyramid (1979) suggests corporations to expand its CSR duties to include ethical and
philanthropic responsibilities, instead of focusing on economic and legal obligations. This is
reflected in Accenture’s vision for Data Ethics:
“mere compliance with existing regulations – which for the most part, focused
on privacy – is insufficient. Actors in the big data community, where security
and privacy are at the core of relationships with stakeholders, must adhere to a
high ethical standard to gain community trust. This requires them to go beyond
privacy law and existing data control measures”.
Although CSR adoption is not codified into law, its ‘voluntary’ nature can be argued to be
limited as CSR adoption is very much seen to be ‘pressured’ in this institutional context.
Drawing upon the literature of ‘national business systems’ (Whitley, 1992) and ‘varieties of
capitalism’ (Hall & Soskice, 2001), corporations are seen as actors constrained by wider
institutional settings in which they operate. Corporations are embedded in their respective
national governance systems and the progressive institutionalization of CSR within
corporations will determine different types of corporate governance and the role corporations
play in CSR (Gond et al, 2011). Free market economies such as Anglo-Saxon countries, rely
on market mechanisms and pressures to drive corporate accountability. Conditions of
institutional supports such as stakeholder influence is therefore argued to be a crucial factor for
the institutional theory to materialize (Brammer et al, 2012), suggesting an element of
stakeholder importance toward CSR.
Diminishing Role of Governments
From a political CSR perspective, the dominance of corporations is amplified when forces of
globalization result in governments paling in comparison with regard to resource availability
and reach when administering citizenship rights. Corporations, hence, assume this political
role, emanating its widening spectrum of CSR obligations, as reflected in Matten & Crane’s
(2005) extended view of Corporate Citizenship. The lack of public regulations supervising
corporate best practices for privacy ethics in most countries, especially Anglo-Saxon countries
(Hirsch, 2010), has incited multinationals to ‘voluntarily’ act as agents of social change,
making their role more pronounced (Scherer and Palazzo, 2011).
The sensitivity of privacy issues has thus place corporations responsible for protecting citizen’s
social rights. Apple’s recent dispute with the FBI, where the FBI compelled Apple to bypass
an iPhone security encryption for criminal investigations (Yadron et al, 2016) has shown how
Apple aggressively holds itself accountable to meeting society’s privacy needs that should
traditionally be within the government’s domain. Conflicting interests of personal data security
and national safety thus placed scrutiny onto Apple, expanding their responsibilities beyond
sustainable economic development and highlighting its social role in enabling and protecting
consumers’ interests. Echoing Davis’s (1973) ‘iron law of responsibility’ that “in the long run,
those who do not use power in a manner which society considers responsible will tend to lose
it”, this grants corporation legitimacy in managing CSR, giving corporations a superior role.
The notion of the Iron Law however dismisses the view of total responsibility of corporations
as power and legitimacy is channeled by the pressures of different constituency groups. It is
also noteworthy that while the Corporate Citizenship’s extended view is useful in capturing the
rightful place of the corporation in society, it is still a managerial-centered concept that rests
upon the managerial discretion to whom and what level of accountability it discharges. This
brings to question the normative argument of the Stakeholder Theory positing that managers,
given their moral requirements and legitimacy, should recognize and react to the diverse
stakeholder interests (Donaldson and Preston, 1995).
The Apple vs FBI study is useful in highlighting this theory’s weaknesses. Firstly, the
stakeholder theory is socialism and not applicable in regulating activities of the country as
witnessed by the prioritization of internal stakeholder needs over external/societal interests.
Secondly, the conflict of interests that surfaced, postulates the inability of corporation to bear
fiduciary duties to all stakeholders. Therefore, Mitchell et al’s Stakeholder Typology (1997)
states that firms should assign salience to those with higher power, legitimacy and urgency.
This is also supported by Freeman’s (1984, p.45) view of ‘ethical stakeholding’ where firms
should deal with groups that can affect it, vice versa. However, the decision to rank stakeholder
importance can be argued to result in the marginalization of ‘less important’ stakeholder
groups, nullifying the initial purpose of a corporate’s wider social responsibility. Therefore, to
reinforce the normative argument of the stakeholder theory, we must decenter it from its
managerial character and instead consider it from multiple perspectives without privileging any
viewpoints (Calton and Kurland, 1996). More specifically, I argue that a stakeholder lens of
CSR is important, and the role of government should receive greater attention, especially in
Anglo-Saxon countries.
Pressures from Competition
Heightened corporate responsibility is also attributed to competitive pressures that is best
explained from an instrumental CSR perspective. This concept postulates that corporations
engage in strategic CSR to advance their competitive position to become CSR leaders
themselves (Bondy et al, 2012). This argument is built on the belief that a strategically
integrated CSR portfolio together with a management that anticipates and addresses nonmarket
issues, will aid a company in building reputational capital. Thus, by doing good, managers
generate reputational benefits that enhance a corporation’s ability to attain a competitive
position (Fombrun et al, 2000). It is therefore not unusual to see corporations engaging in best-
practice-sharing groups such as TRUSTe to remain competitive. Regular scanning of perceived
developments in other corporation’s CSR practices is also common practice. IBM, for instance,
publicly championed privacy protection using its size and influence to drive online privacy
policies – a move quickly adopted by other companies (IBM.com, 2016). In this sense, CSR
becomes a strategy designed to sustain competitive advantage, explaining corporations’
growing interest in CSR. The business case of CSR is hence no different to the traditional CSR
practice, since CSR is seen as tool for value creation (Kurucz et al, 2008).
Drawing upon previous arguments of differing types of corporate governance, Apostolakou
and Jackson (2009) found that the voluntary CSR practices in Anglo-Saxon countries
substitutes for institutionalized forms of stakeholder participation, driving higher levels of
corporate social responsiveness (Clarkson, 1995; Wartick & Cochran, 1985). However, critics
proved such voluntary practices to be unsustainable as self-regulatory mechanisms inevitably
prove too lenient with corporations satisfying own interests ahead of public interests (Weber,
2010). Such is the case of Network Advertising Initiative (NAI), a self-regulated organization
of Internet firms, that failed to regulate the privacy policies of websites that collected personal
information. The Federal Trade Commission (FTC) found these sites largely favouring
corporations than individuals through the use of contradictory language and its lack of
transparency (Sarathy and Robertson, 2003). Self-regulation was further deemed ineffective
due to industry representatives’ lack of power and incentive to enforce industry standards
against peers (Hirsch, 2010), as exemplified in Online Privacy Alliance’s (OPA) failure to
enforce personal data guidelines and to recruit and retain a critical mass of key industry players
in its movement. Inadequate participation and weak enforcement issues from self-regulation
hence signals the inevitability of governmental involvement (Weber, 2010).
To summarize, while corporations are largely responsible for CSR, these responsibilities
largely stem from internal and external pressures. CSR’s voluntary nature and specific
strategies and stakeholders’ limitations reveal challenges that remains widely debated in the
CSR literature. The crux to managing CSR is to acknowledge that CSR responsibility does not
fall solely upon corporations, but is shared by all stakeholders, such as governments and civil
society (Calton and Kurland, 1995).
2) Significance of Stakeholders in Privacy Ethics
Despite the various CSR motivations, it is evident that CSR accountability and sustainability
requires an enabling environment mutually supported by multiple relevant stakeholders
(Idemudia, 2008). This report acknowledges the importance of a variety of stakeholder roles
including customers and shareholders. However, it also recognizes the limitations its delivers.
Shareholders, for example, may engage in ‘responsible ownership’ (O’Rourke, 2003) and
shareholder activism to call for public reporting on policies affecting privacy concerns.
However, it is limited to voluntarism and incremental modest results (Haigh and Hazelton,
2004), requiring the collaboration of large institutional investors and lobbying of governments
to successfully effect change (Sjöström, 2008). Alternatively, customers may engage in boycott
campaigns, exercising ‘customer sovereignty’ (Gay and Salaman, 1992). However, factors of
high participation costs, resource limitations to mass media coverage and complexity of
underlying privacy issues, may result in deterrence or failure of redressing concerns (Mills,
1996). Therefore, this study focuses on two key stakeholders, the government and civil society
organization, as these parties are well-equipped in size and resources to effect change.
Government
In earlier discussions, self-regulation has proven futile, suggesting the need for co-regulation
of state and corporation. While CSR has developed into a global management concept, its
implementation however differs on a national level reflecting variations in national governance
systems (see Gond et al, 2011). CSR in Continental-European countries, for example, tend to
be more closely aligned with government policies though facilitation, endorsement and
partnerships (Habisch et al, 2005). Co-regulation in the form of partnerships have particularly
seen greater success in managing privacy ethics as observed in the European Union’s 1995
Data Protection Directive. Member nations’ representatives are invited to draft an “industrial
code of conduct” (Hirsch, 2010); the regulatory authority reviews, approves and enforces it if
it complies with statutory requirements. This shared responsibility offers a mix of
complementary resources where the government provides legal yardsticks and pillars of
regulatory capacity (Weber, 2010) while corporations bring their networks and knowledge to
meet the growing information economy’s needs (Fox et al, 2002). It allows power balance and
provides governments with greater opportunities to frame CSR policies and its deployment,
rather than simply mandate or facilitate (Gond et al, 2011). Lesson drawings from EU’s privacy
regulations have therefore been reflected in greater government-business partnerships in
Anglo-Saxon countries/companies, exemplified by the FTC (see FTC, 2016) and the UK
government’s (see Gov.uk, 2016) commitment in publishing reports to educate and support US
businesses in understanding future data protection obligations.
Civil Society Organizations (CSOs)
CSOs are increasingly seen as essential players in the CSR domain due to persistent concerns
of state failure and corporation’s inability to serve public interests (Sarathy and Robertson,
2003). Hence, citizens have looked to this third institutional sector to counterbalance power
abuse and to represent a collective voice for weak individual stakeholders. CSOs involves a
diversity of groups including charities, religious groups and non-governmental organizations
(NGOs) and operates at different levels of involvement (see Crane and Matten, 2010; p440).
However, our focus here is on the roles CSOs play in data privacy. I identify three roles of
CSOs:
Firstly, CSOs contribute by representing the unheard voices of vulnerable, marginalized and
silent stakeholders through building capacity to engage with decision-makers to redress
decisions affecting them. For instance, in the midst of conflict between the British NHS and
doctors over the introduction of the NHSnet to enhance electronic communication for
healthcare professionals (Executive, 1994), patients who are the main victims of the
confidential breach were excluded from the debate (Introna and Pouloudi, 1999). Some argued
for patient representation by the Data Protection Registrar (DPR), however, their role was
restrained by the limited provisions of the 1984 Data Protection Act and the lack of resources
and institutional power in relation to NHS England. Patient claims went unacknowledged and
underrepresented under some doctors due to diverging values and interests. Therefore, the
British Medical Association (BMA) contributed by lending its legitimacy in safeguarding
patient privacy.
Secondly, CSOs are instrumental of amplifying the visibility and impact of privacy issues
through targeting key actors and engaging in symbolic actions to emphasize its impacts on
wider constituencies (Brown and Timmer, 2006). Spectacular hacks of activist group, Chaos
Computer Club, highlighted security dangers in the handling of private data by businesses and
public administrations (Löblich and Wendelin, 2011). Additionally, Privacy International (PI)
drew attention to the unethical privacy practice of the Society of Worldwide Interbank
Financial Telecommunication’s (SWIFT) by lodging contemporaneous complaints to data
protection authorities in 33 countries, publishing articles in Los Angeles Times and the New
York Times and declaring an open letter to SWIFT’s CEO (Bennett, 2011). Leveraging on its
“outsider” position of greater freedom in expressing radical privacy argument and its
unburdened need to reconcile corporate, political and social interests has led to immediate joint
investigations by the data protection authorities while placing corporations on their toes. This
reconciles with the notion of Mitchell et al’s (1997) Stakeholder Typology for corporations to
place greater salience on CSOs concerns, in turn solving external stakeholder concerns for data
privacy.
Thirdly, CSOs frequently play the “watchdog” role (Mock, 2003) for policy monitoring and
review and highlighting issues in new technologies and trends. Monitoring by the civil society
leaders in the consumer privacy organizations, for example, resulted in the issuance of
“Fundamental Rights are Fundamental” declaration in Amsterdam that called attention to the
failure of self-regulation (The Public Voice, 2015). NGO leaders also alerted the negligence of
the state to engage in the new privacy challenges brought by “Big Data” and drone surveillance
(Scholte, 2004). Additionally, CSOs like Center for Democracy and Technology and EPIC
highlighted the invasive prospects of cookies and spyware. Similarly, NO2ID and PI provided
the early study of the ramifications of the UK government’s identity card scheme (LSE, 2005).
To summarize, CSOs act as a conduit for individual citizens to address concerns and are
influential actors in curbing unethical corporate practices and rectifying flawed policies. As
such, CSOs have enjoyed greater reputation, credibility and public trust than businesses or
governments globally (Edelman, 2009). CSOs are hence increasingly accepted as part of the
‘global governance’ regime, participating in round-table discussions in political meetings and
engaging in business-CSO collaborations.
3) Practical Implications
The motivations for undertaking the revised CSR-agenda are important as
‘forced/accommodated CSR’ by societal pressures may act as a double-edged sword, driving
adverse consequences for both the corporation and its relevant stakeholders (Miles et al, 2002).
These include extensive pressures from an activist minority of stakeholders to overly-engage
in CSR than legally required, as in the case of Exxon being pressured by NGOs to take a more
proactive CSR approach that were designed to appease NGOs rather than benefit the local
residents (Munilla and Miles, 2005). Considering government regulation and CSO pressures
to hold the highest influence in driving CSR, there are also growing concerns of partnership or
co-regulatory approaches to dilute these drivers (Utting, 2000) or CSR being used as a means
of legitimizing the capitalist system and the ‘schemes’ of large-scale corporations. Critics
further argue that the notion of fair partnership is a myth, given that CSR is largely driven by
the business sector accompanied by their ultimate resolute for profit maximization and high
power domination. This enables them to exert tremendous influence on governments and
CSOs, deeming roundtable consensus ineffective in achieving fair partnership arrangements
(Hamann & Acutt, 2003).
A solution requires CSOs and government to be knowledgeable in their rights, power and
interest strategies to dispute negotiations that goes beyond confrontational politics and
complement while not diminishing civil society rights (Lytle et al, 1999). Alternatively, CSOs
are encouraged to increase their own bargaining power by leveraging on their relationships
with corporations through ‘name and shame’ and ‘name and praise’ mechanisms (Hamann &
Acutt, 2003). By discerning and augmenting the Best Alternative to a Negotiated Agreement
(BATNA), civil society can strengthen its negotiating position and act as a power balance
between governments and corporations (Fisher and Ury, 1981). CSOs must however ensure
not to abuse its own power and rights.
In view of the increasing number of privacy infringement cases, self-regulation by private
sectors is insufficient in ensuring effective privacy and security across border business
activities. An international framework of substantive key principles established through
legislation, complemented by the private sector’s detailed regulation and CSOs monitoring
seems to be the best solution (Weber, 2010). Acceptance toward the three-way partnership is
best illustrated by the leadership of Google in formalizing an advisory council to conduct a
privacy ethics stakeholder dialogue tour of Europe, consulting public opinion on the recent
“right to be forgotten ruling” by the European Court of Justice in May 2014 (Floridi, 2014). In
view of shareholders and customers’ limitations in effecting consequential change,
governments in partnerships with businesses and CSOs should also facilitate consumer
sovereignty by devoting resources to consumer education promoting the ability of consumers
to protect their own privacy rights (Rothchild, 1999).
Conclusion
This study provides a critical view of the evolving CSR agenda, establishing potential
motivations from a corporate perspective that stems from internal and external pressures. Such
a view suggests that albeit corporation’s increasing responsibility in CSR, government and
CSOs play an active role in formulating the CSR debate. Participatory approaches to CSR are
seeing greater prevalence with rising use of stakeholder dialogues, partnerships and business
collaborations. Governments should ensure voluntary initiatives are pertinent and
complementary to legislative objectives and CSOs should proactively monitor and improve its
bargaining position to protect unaddressed and marginalized stakeholder groups. Proactivity of
these stakeholders will underpin corporate accountability and significantly improve CSR and
privacy concerns. A strategic partnership would recognize the need for all three sectors to
identify solutions based on mutual interests, however it poses a great challenge. As such, CSR
remains a key issue in society today.
(3,500 words)
References
Bennett, C.J. (2011). Privacy advocacy from the inside and the outside: Implications for the politics of personal data protection in networked societies. Journal of Comparative Policy Analysis, 13(2), pp.125-141.
Bondy, K., Moon, J. and Matten, D. (2012). An institution of corporate social responsibility (CSR) in multi-national corporations (MNCs): Form and implications. Journal of Business Ethics, 111(2), pp.281-299.
Brammer, S., Jackson, G. and Matten, D. (2012). Corporate social responsibility and institutional theory: New perspectives on private governance. Socio-Economic Review, 10(1), pp.3-28.
Brown, L.D. and Timmer, V. (2006). Civil society actors as catalysts for transnational social learning. Voluntas: International journal of voluntary and nonprofit organizations, 17(1), pp.1-16.
Calton, J.M. and Kurland, N.B. (1996). A theory of stakeholder enabling: Giving voice to an emerging postmodern praxis of organizational discourse. Postmodern management and organization theory. Thousand Oaks, CA: Sage, pp.154-180.
Cammaerts, Bart. (2005) Through the looking glass: civil society participation in the WSIS and the dynamics between online/offline interaction. Communications & Strategies 58 (2 - Special Issue WSIS, Tunis 2005). pp. 151-174.
Carroll, A.B. (1979). A three-dimensional conceptual model of corporate performance. Academy of management review, 4(4), pp.497-505.
Clarkson, M.E., (1995). A stakeholder framework for analyzing and evaluating corporate social performance. Academy of management review, 20(1), pp.92-117.
Crane, A. and Matten, D. (2010). Business ethics: Managing corporate citizenship and sustainability in the age of globalization. Oxford: Oxford University Press.
Davis, K. (1973). The case for and against business assumption of social responsibilities. Academy of Management journal, 16(2), pp.312-322.
Donaldson, T. and Preston, L.E. (1995). The stakeholder theory of the corporation: Concepts, evidence, and implications. Academy of management Review, 20(1), pp.65-91.
Edelman. (2016). 2016 Edelman TRUST BAROMETER - Global Results. [online] Available at: http://www.edelman.com/insights/intellectual-property/2016-edelman-trust-barometer/global-results/ [Accessed 3 Apr. 2016].
Elkington, J. (2004). Enter the triple bottom line. The triple bottom line: Does it all add up, 11(12), pp.1-16.
Ethicalperformance.com. (2016). Ethical Performance | News article: Investors hit internet providers over privacy concerns. [online] Available at: https://www.ethicalperformance.com/news/article/5530 [Accessed 3 Apr. 2016].
Executive, N.H.S. (1994). A Strategy for NHS-wide Networking. Provision: The Contribution of Soft Systems Methodology.
Federal Trade Commission, (2016). Reclaim Your Name: 23rd Computers Freedom and Privacy Conference. Washington, DC: Federal Trade Commission, pp.3-10.
Fisher, R. and Ury, W. (1981). Getting to yes. Roger Fisher, William L. Ury, Getting to Yes. International Journal, 37(4), p.649.
Floridi, L. (2014). Google's privacy ethics tour of Europe: a complex balancing act. [online] the Guardian. Available at: http://www.theguardian.com/technology/2014/sep/16/googles-european-privacy-ethics-tour [Accessed 4 Apr. 2016].
Fombrun, C.J., Gardberg, N.A. and Barnett, M.L. (2000). Opportunity platforms and safety nets: Corporate citizenship and reputational risk. Business and society review, 105(1), pp.85-106.
Fox, T., Ward, H. & Howard, B. (2002). Public sector roles in strengthening corporate social responsibility. Washington, DC: The World Bank Group.
Freeman, R. E. (1984). Strategic Management: A Stakeholder Approach. Cambridge, Mass.: Ballinger Publishing Co.
Friedman, M. (1970). The Social Responsibility of Business is to Increase its Profits. New York Times Magazine, 13, pp.32-33.
Garriga, E. and Melé, D. (2004). Corporate Social Responsibility Theories: Mapping the Territory. Journal of Business Ethics, 53(1/2), pp.51-71.
Gay, P.D. and Salaman, G. (1992). The cult [ure] of the customer. Journal of management studies, 29(5), pp.615-633.
Gond, J.P., Kang, N. and Moon, J. (2011). The government of self-regulation: On the comparative dynamics of corporate social responsibility. Economy and Society, 40(4), pp.640-671.
Gov.uk. (2016). Data protection - GOV.UK. [online] Available at: https://www.gov.uk/data-protection/the-data-protection-act [Accessed 4 Apr. 2016].
Habisch, A., Jonker, J., Wegner, M. & Schmidpeter, R. (2005). Corporate social responsibility across Europe. Berlin: Springer.
Haigh, M. and Hazelton, J. (2004). Financial markets: a tool for social responsibility?. Journal of Business Ethics, 52(1), pp.59-71.
Hall, P. & Soskice, D. (2001). Varieties of capitalism: The institutional foundations of comparative advantage. Oxford: Oxford University Press.
Hamann, R. and Acutt, N. (2003). How should civil society (and the government) respond to 'corporate social responsibility'? A critique of business motivations and the potential for partnerships. Development Southern Africa, 20(2), pp.255-270.
Hemphill, T. (2000). DoubleClick and Consumer Online Privacy: An E-Commerce Lesson Learned. Business and Society Review, 105(3), pp.361-372.
Hirsch, D.D. (2010). Law and Policy of Online Privacy: Regulation, Self-Regulation, or Co-Regulation, The. Seattle UL Rev., 34, p.439.
IBM.com. (2016). Security and Privacy: IBM 2010 Corporate Responsibility Report. [online] Available at: http://www.ibm.com/ibm/responsibility/report/2010/governance/security-and-privacy.html [Accessed 4 Apr. 2016].
Idemudia, U. (2008). Conceptualising the CSR and development debate. Journal of Corporate Citizenship, 2008(29), pp.91-110.
Introna, L. and Pouloudi, A. (1999). Privacy in the information age: Stakeholders, interests and values. Journal of Business Ethics, 22(1), pp.27-38.
Jackson, G. and Apostolakou, A. (2010). Corporate social responsibility in Western Europe: an institutional mirror or substitute?. Journal of Business Ethics, 94(3), pp.371-394.
Jamali, D. (2008). A stakeholder approach to corporate social responsibility: A fresh perspective into theory and practice. Journal of business ethics, 82(1), pp.213-231.
Johnson, B. (2010). Privacy no longer a social norm, says Facebook founder. [online] the Guardian. Available at: http://www.theguardian.com/technology/2010/jan/11/facebook-privacy [Accessed 5 Apr. 2016].
Kelly, E.P. and Rowland, H.C. (2000). Ethical and online privacy issues in electronic commerce. Business Horizons, 43(3), pp.3-12.
Kurucz, E., Colbert, B. and Wheeler, D. (2008). The business case for corporate social responsibility. The Oxford handbook of corporate social responsibility, pp.83-112.
Löblich, M. and Wendelin, M. (2012). ICT policy activism on a national level: Ideas, resources and strategies of German civil society in governance processes. New Media & Society, 14(6), pp.899-915.
London School of Economics (LSE), (2005), The Identity Project: An Assessment of the UK Identity Cards Bill and its Implications (London: London School of Economics).
Lytle, A.L., Brett, J.M. and Shapiro, D.L. (1999). The strategic use of interests, rights, and power to resolve disputes. Negotiation Journal, 15(1), pp.31-51.
Matten, D. and Crane, A. (2005). Corporate citizenship: Toward an extended theoretical conceptualization. Academy of Management review, 30(1), pp.166-179.
McIntosh, M. and Thomas, R. (2002), Corporate Citizenship and the Evolving Relationship between Non-Governmental Organisations and Corporations, British-North American Committee, London.
Mellahi, K. and Wood, G. (2003). The role and potential of stakeholders in “hollow participation”: Conventional stakeholder theory and institutionalist alternatives. Business and society review, 108(2), pp.183-202.
Miles, M.P., Munilla, L.S. and Covin, J.G. (2002). The Constant Gardener Revisited: The Effect of Social Blackmail on the Marketing Concept, Innovation, and Entrepreneurship. Journal of Business Ethics, 41(3), pp.287-295.
Mills, C. (1996). Should we boycott boycotts?. Journal of social philosophy,27(3), pp.136-148.
Mitchell, R.K., Agle, B.R. and Wood, D.J. (1997). Toward a theory of stakeholder identification and salience: Defining the principle of who and what really counts. Academy of management review, 22(4), pp.853-886.
Mock, G. (2003). Undue influence: Corruption and natural resources. In: World Resources 2002-2004, World Resources Institute, Washington, DC, pp. 36-37.
Munilla, L.S. and Miles, M.P. (2005). The corporate social responsibility continuum as a component of stakeholder theory. Business and society review, 110(4), pp.371-387.
O'Rourke, A. (2003). A new politics of engagement: Shareholder activism for corporate social responsibility. Business Strategy and the Environment,12(4), pp.227-239.
Ritzer, G. (2010) McDonaldization: The Reader, Thousand Oaks, CA, Pine Forge Press.
Rothchild, J. (1999). Protecting the Digital Consumer: The Limits of Cyberspace Utopianism. Indiana Law Journal, 74(3).
Sarathy, R. and Robertson, C.J. (2003). Strategic and ethical considerations in managing digital privacy. Journal of Business ethics, 46(2), pp.111-126.
Scherer, A.G. and Palazzo, G. (2011). The new political role of business in a globalized world: A review of a new perspective on CSR and its implications for the firm, governance, and democracy. Journal of management studies,48(4), pp.899-931.
Scholte, J.A. (2004). Civil society and democratically accountable global governance. Government and Opposition, 39(2), pp.211-233.
Sjöström, E. (2008). Shareholder activism for corporate social responsibility: what do we know?. Sustainable Development, 16(3), pp.141-154.
The Public Voice (2015). “Fundamental Rights are Fundamental” Statement of Leading Digital Rights and Consumer NGOs. [online] Available at: http://thepublicvoice.org/NGO-FRF-Statement-ICDPPC37.pdf [Accessed 3 Apr. 2016].
Utting, P. and Unies, N. (2000). Business responsibility for sustainable development (Vol. 2). Geneva: United Nations Research Institute for Social Development.
Van Marrewijk, M. (2003). Concepts and definitions of CSR and corporate sustainability: Between agency and communion. Journal of business ethics,44(2-3), pp.95-105.
Wartick, S.L. and Cochran, P.L. (1985). The evolution of the corporate social performance model. Academy of management review, 10(4), pp.758-769.
Weber, R.H. (2010). Internet of Things–New security and privacy challenges. Computer Law & Security Review, 26(1), pp.23-30.
Whitley, R. (1992). European Business Systems: Firms and Markets in Their National Contexts. London: Sage Publications, pp.46-57.
Wood, D.J. (1991). Corporate social performance revisited. Academy of management review, 16(4), pp.691-718.
Yadron, D., Ackerman, S. and Thielman, S. (2016). Inside the FBI's encryption battle with Apple. [online] the Guardian. Available at: http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple [Accessed 4 Apr. 2016].