Twelve years ago governments and other stakeholders converged at the World Summit for the Information Society in Tunis to discuss how the internet should be governed. During a panel of activists and bloggers, a Tunisian journalist argued that freedom of speech is a luxury that only prosperous societies can afford. Zimbabwean journalist Taurai Maduna disagreed bluntly: “If we have no freedom of speech, we can’t talk about who is stealing our food.”
As citizens continue the uphill struggle to hold governments and companies accountable for how they manage natural and economic resources, their work increasingly depends on networked devices and online platforms. Unfortunately, it has become increasingly difficult for people in many parts of the world to access and impart information critical of powerful governments and corporations without encountering some form of censorship, or to organise for policy and regulatory change without reprisal.
The truth is that human rights are not sustainable, or in some places even possible, in today’s networked society unless public and private actors take responsibility. Governments and corporations alike must commit to design, manage, and govern technologies in a manner that is consistent with international human rights standards.
Many multinational corporations headquartered in OECD countries have embraced broader responsibility for the environment and public health. As supported by the OECD’s updated Guidelines for Multinational Enterprises, a growing number of companies are signing on to, and starting to implement, the UN Guiding Principles on Business and Human Rights. While the OECD Guidelines emphasise the importance of consumer privacy protections, the reality is that privacy is not merely a consumer issue but also a human rights issue. It is enshrined in the Universal Declaration of Human Rights and related human rights instruments alongside freedom of expression. CEOs, corporate boards and shareholders need to consider corporate accountability for these digital rights in the same way as they think about environmental and social sustainability, or human rights in the context of supply chains and communities.
The Ranking Digital Rights project seeks to address this gap by offering practical tools for companies and other stakeholders to evaluate and improve corporate commitments and policies affecting freedom of expression and privacy. We fully agree with the OECD that transparency is a core pillar to corporate transparency and accountability, and thus focus on corporate commitment and disclosure as a fundamental element of corporate respect for human rights.
Working with a global network of researchers, technologists and human rights advocates, we have developed a clear set of metrics by which the disclosed commitments and policies of ICT companies affecting users’ digital rights can be evaluated and benchmarked. In March 2017 we published our second Corporate Accountability Index ranking 22 internet, mobile and telecommunications companies on their disclosed commitments and policies affecting users’ freedom of expression and privacy.
The Index examines company disclosures across 35 indicators divided into three categories. The first category examines corporate governance related to freedom of expression and privacy risks, drawing heavily from the UN Guiding Principles and more industry-specific principles developed by the Global Network Initiative. The Governance section thus includes questions such as: is there board or executive oversight? Does the company carry out human rights impact assessments including freedom of expression and privacy? Does it provide adequate access to grievance and remedy mechanisms?
The Freedom of Expression category includes questions like: does the company clearly disclose the conditions under which it may curtail or block users’ access to information, or their ability to publish or transmit information? Does the company have clearly disclosed policies for how it considers government and other third-party requests to delete or restrict content, or deny service?
The Privacy category of indicators examines company disclosures around three subsets of issues: how information that may be used to identify or track users is collected, used and shared; transparency about how the company handles government requests for user information; and whether the company discloses credible evidence that it is taking sufficient measures to secure users’ data from breach or theft.
The results are disappointing: across the board, companies do not disclose enough information about policies and practices affecting users’ freedom of expression and privacy. As a result, most of the world’s internet users lack the information they need to make informed decisions about what services to use and how to use them. This is especially the case for what we call “mobile ecosystems:” smartphones are chokepoints for freedom of expression and gatekeepers for digital security. Users are not given enough information to understand who is controlling the information they can access or share, or who can track their activities or build profiles of them through their mobile devices and the applications that run on them.
At the same time, one can find encouraging examples and trends when examining specific indicators or groups of indicators representing distinct sets of issues. For example: the highest-scoring companies in the Governance category were all members of the Global Network Initiative (GNI), a multi-stakeholder organisation through which companies commit to core principles of freedom of expression and privacy, and work with NGOs, academics and investors to implement them, or the Telecommunications Industry Dialogue, an industry organisation dedicated to similar principles most of whose members joined the GNI in March 2017.
On other indicators, a non-GNI company from another OECD country led the pack. Kakao, a South Korean internet services and mobile messaging company, earned high scores on 10 of the 35 indicators, including on questions of whether the company clearly discloses what information it collects about its users and how, and what information about the user it shares with whom. On both of those indicators, US-based companies Google and Apple were found to disclose much less information and with less clarity.
The Index indicators and results are already being used by some companies to improve their policies and practices. They are also useful for governments: each company report card contains an analysis of how a company’s home regulatory environment affects its score. This information can help policymakers examine what types of regulatory and legal frameworks enable and incentivise ICT companies’ respect for users’ rights. Unfortunately, we found that many country laws and regulations discourage or even prevent corporate transparency and accountability about policies and practices affecting users’ digital rights.
The reality is that a growing number of systems for the management of physical resources now depend on the digitally networked equipment, platforms and services of private companies. Weak accountability and lack of respect for human rights in these digital systems upon which we depend will inevitably affect accountability and respect for human rights in all other realms.
Corporate Accountability Index: https://rankingdigitalrights.org/index2017/
Freedom House, https://freedomhouse.org/report/freedom-net/freedom-net-2016
Global Network Initiative: https://www.globalnetworkinitiative.org
OECD (2014), Annual Report on the OECD Guidelines for Multinational Enterprises 2014: Responsible Business Conduct by Sector, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/mne-2014-en
Ranking Digital Rights: https://rankingdigitalrights.org/about
Rebecca MacKinnon (2012), Consent of the Networked: The Worldwide Struggle for Internet Freedom, Basic Books.
Telecommunications Industry Dialogue: http://www.telecomindustrydialogue.org
UN Guiding Principles on Business and Human Rights: https://business-humanrights.org/en/un-guiding-principles
The views in this article are the author's only, and do not necessarily represent the views of the OECD or its member countries.
The graph originally published in this article on 26 May 2017 had errors and was corrected on 31 July 2017.
©OECD Yearbook 2017. See www.oecd.org/forum/oecdyearbook
© OECD Yearbook