This article is free to access.
Decreasing the environmental impacts of Information and Communication Technologies (ICT) devices, whilst at the same time contributing to ensure the data protection and cybersecurity of devices and infrastructure, could seem, at first sight, a difficult challenge. By means of a bottom-up approach, we show with scientific evidences that policy actions at product level have the potential to solve the apparent conundrum. The research is based on a case study related to the implementation of the European Union Ecodesign Directive to enterprise servers and data storage devices. The article proposes a novel approach to combine resource efficiency and data protection and cybersecurity issues, taking a preventative “by design” focus. This is built on the identification and subsequent proposal of solutions of the relevant market failures, i.e. situations in which the allocation of goods and services on a market is not efficient. Potential solutions are then translated into potential Ecodesign requirements for enterprise servers concerning: provision of information on the operation at high temperatures; availability of secure data deletion functionalities; availability of firmware updates to third parties; and design for disassembly of the product. We qualitatively and quantitatively assessed these requirements, in terms of energy and greenhouse gases emission savings, improved reusability, waste reduction, improved protection of personal data and security of the devices. The article concludes that a synergy between the environmental impact and the data protection and cybersecurity of these products – and the systems where they are installed (i.e. the data centres) – can be successfully achieved. Although the research work focused on a specific case study, the paper discusses finally how a similar approach could be applied to several other product groups characterised by similar market failures.
Polverini, D., Ardente, F., Sanchez, I., Mathieux, F., Tecchio, P., & Beslay, L. (2018). Resource efficiency, privacy and security by design: A first experience on enterprise servers and data storage products triggered by a policy process. Computers and Security, 76, 295–310. https://doi.org/10.1016/j.cose.2017.12.001