Over the past two weeks, Access Now has sent representatives to the annual general meetings (AGMs) of Vodafone, the world’s largest international telecom company, and BT, formerly British Telecommunications. We took advantage of these public moments to challenge top executives to protect internet users from the growing surveillance capabilities of the U.K. government.
The Investigatory Powers Bill, currently under consideration in the British parliament, would undermine encryption and mandate blanket data retention. Access Now has repeatedly called for the bill to be scrapped entirely, while also providing specific recommendations to limit its threats to fundamental rights in the U.K. and beyond.
In the face of the bill’s imminent threat to these rights, we decided to question the U.K.’s biggest telecom companies about the steps they will take to protect internet users’ privacy. Two representatives took the microphone at the telecom companies’ annual shareholder events, where the full Board of Directors and CEO present updates and take investor questions.
With the help of our U.K. partner ShareAction, our representative Peter Sturgess participated in the BT meeting in Wales on July 13th, asking how BT would meet its stated commitments to protecting users’ privacy in light of the IP Bill (find his full question below). After the event, Sturgess spoke directly with the CEOs of BT and BT Security. The company agreed to follow up with in-person meetings to discuss its approach to the IP Bill in depth.
Today, Kirsty Styles, the editor of New Statesman’s tech website NS Tech, represented Access Now and ShareAction at Vodafone’s AGM. Styles similarly asked how Vodafone — a leader among telcos in its proactive approach to transparency and accountability regarding digital rights — would defend customer and user privacy in the U.K. Vodafone’s chair, Gerard Kleisterlee, responded by affirming that data privacy is of central importance to the company, and that the board just yesterday met to discuss its privacy policies. Our paraphrase of the chairman’s full response (which we caught on the livestream) is below.
Question to BT:
Good afternoon. My name is Peter Sturgess and I am a proxy for Charles Ward.
I am here today to learn more about the actions BT is planning to take to protect customer and user privacy in light of the U.K.’s Investigatory Powers Bill, which will authorize increased access to customer data by government authorities.
I welcome BT’s recognition on page 40 of the annual report that the right to privacy of customers is a human right particularly at risk in your operations due to the investigatory powers of governments.
I also welcomed reading the BT report on privacy and free expression in U.K. communications in which it is noted that the U.K.’s Investigatory Powers Bill should maintain protection of the rights established in the European Convention on Human Rights (page 12), which includes the right to privacy.
Your recognition of the importance of customer and user privacy rights — as set by the European Convention on Human Rights — is apparent and welcome. In light of this, my question is: What practical steps are you taking to protect customer and user privacy as investigatory powers increase in the U.K.?
Question to Vodafone:
My name is Kirsty Styles and I am a corporate representative for ShareAction, a shareholder.
I am here today to learn more about the actions Vodafone is planning to take to protect customer and user privacy in light of the U.K.’s Investigatory Powers Bill, which will authorize increased access to customer data by government authorities.
I welcome the note on page 20 of the Vodafone annual report that the corporate transparency program will include a focus on digital rights and freedoms, as an area of great debate and concern, aimed at building on the company’s commitment privacy and data protection matters.
I also note the statement made by Vodafone to the British Government in January 2016, asserting that the Investigatory Powers Bill risked “significantly undermining trust” in British telecoms groups.
With both the stated commitment by Vodafone to privacy and data protection matters as well as the recognition of a reputational risk from the Investigatory Powers Bill, my question for the Board is this: What practical steps is the company taking to protect customer and user privacy as investigatory powers increase in the U.K.?
Response from Vodafone Chairman Kleisterlee (paraphrased):
As a board we care very much about your data privacy. Customers rights are one of the highest priorities, especially in this increasingly digitized world where big data is a huge topic. We gave extensive privacy policies, and only yesterday reviewed some in our board conversations.
It’s the government’s job to [set the rules protecting privacy]. Laws governing the government’s ability to access personal data must remain unambigious, and allow operators to control infrastructure. We’ve released data on government requests for a few years in our transparency report.
In the U.K., we are in dialogue on the IP Bill and we continue to engage in parliament. In general, our attitude is to find solutions that balance law enforcement with states’ obligation to protect our privacy.