Amazon Web Services (AWS) is making headlines across the globe for kicking the spyware company NSO Group off of its infrastructure. This is a great decision. But was it a one-off move or part of a broader, intentional policy of the company to better respect human rights?
We believe companies like Amazon should undertake robust human rights due diligence and make these sorts of rights-respecting decisions by design, under clear policies, and then report on these steps in their transparency reports. Our partners at Ranking Digital Rights study how consistent and open companies are about their approach and the impacts they have on human rights.
The 26 companies ranked on the 2020 Ranking Digital Rights (RDR) Corporate Accountability Index are among the most powerful companies in the world. They provide us access to the internet and the services most of us use when we’re connected. As “gatekeepers” for the internet, which has been all the more essential during the global pandemic, it is their responsibility to provide transparency regarding how they protect our rights online.
This year, as in past years, Access Now has partnered with the Business & Human Rights Resource Centre to ask each company for at least one timely and achievable improvement on their human rights practices. Which companies are stepping up?
As of July 20, two months after our initial letters, only 11 companies have provided a public response to our recommendations: Microsoft, América Móvil, Twitter, Verizon Media, Telenor, Kakao, Orange, Telefónica, AT&T, Amazon, and Vodafone. The responses shed light on how these companies implement the human rights principles they’ve committed to uphold. For example:
- Verizon Media released a new Ad Policy Enforcement Update, providing more transparency on its advertising policies;
- Kakao reiterated its commitment to carrying out regular human rights assessments of its policies and processes; and
- Vodafone expressed openness to suggestions on how to improve its approach to human rights.
We commend the companies who responded for engaging with civil society on crucial human rights issues that are relevant to their businesses. They are signalling that they understand the importance of the process. But true commitment to upholding human rights requires more engagement than a single letter. That’s why we’re encouraging these companies to do more to fulfill their stated human rights goals. They must continue to engage regularly with civil society and listen to impacted communities to make our digital spaces rights-respecting.
The 15 companies that did not respond are falling behind their peers, and signalling they do not prioritize engagement on the human rights of their own customers. Those making headlines for their failure to respect human rights have an even bigger incentive to engage with civil society and the public, and we hope they seize the opportunity now. Below we have outlined our recommendations for these companies, with additional context to explain the rationale.
Government and third-party transparency
⮕Apple has not provided a formal response to our letter, though they have reached out to us. We are reiterating our call for Apple to publicly clarify the actions it takes to enforce its own rules, including regarding apps removed from its App store.
⮕Baidu has been under scrutiny for attempting to circumvent Apple privacy protections for advertising purposes. Given that, it is even more critical that Baidu demonstrates a commitment to human rights and privacy by providing transparency reporting on third-party requests to censor comments and for user information.
⮕Bharti Airtel should release comprehensive transparency reports on government demands. Transparency reports are the first step toward accountability for human rights.
⮕MTN made news for helping to silence pro-democracy protesters in Eswatini. This should serve as further motivation for MTN to improve its disclosures on network shutdowns.
⮕Samsung should publish its process for handling third-party requests for content or accounts restrictions and requests for user information. Samsung is currently facing alleged security breaches with its preinstalled apps, making it even more important that the company is transparent with users about the security of their information.
⮕Yandex recently came under fire for sharing journalists’ rideshare data with police officers under a questionable legal basis. As a result, it should disclose more detailed information on both government and non-government requests in its future transparency reports.
Human rights due diligence
⮕Alibaba should issue a formal commitment to respect freedom of expression and privacy as human rights. As highlighted by its recent data breach, Alibaba is a home for the private information of hundreds of millions of individuals, so it is crucial that the company commits to upholding the rights of those using its services.
⮕Axiata is becoming an even more important player in the technology space as it merges and expands. Therefore, Axiata should publish an explicit commitment to protect users’ freedom of expression and privacy rights.
⮕Google has made recent headlines regarding a broad range of human rights issues, including its plans to open a Google Cloud region in Saudi Arabia. It is critical that Google improve its human rights due diligence by undertaking robust human rights impact assessments and addressing the potential impacts of its business decisions.
⮕Ooredoo should commit to respecting users’ rights to privacy and freedom of expression in accordance with international human rights standards. This is critical as the Myanmar junta pressures Ooredoo to allow military officials to spy on phone calls..
Content moderation and user data
⮕Deutsche Telekom continues to grow rapidly, making it even more urgent that the company strengthen its governance and oversight over freedom of expression and information issues, including by disclosing evidence of senior-level oversight of these issues across the company’s operations.
⮕Etisalatshould be more transparent about how it handles user information. It should articulate which user information it shares and with whom, and the duration of time it retains this information. This is all the more important as the company is headquartered in the UAE, a country. raising alarm for use of mass surveillance tactics.
⮕Facebook should significantly improve its content moderation by publishing consistent data on actions it takes to enforce platform rules, including its ad content and targeting policies. Facebook is currently in court for privacy issues and content moderation debates; as these confrontations continue, it is critical that Facebook is transparent with its users on its current policies.
⮕Mail.Ru should publish data on content removed or accounts suspended for violations of platform rules. Given the Russian government’s history of putting pressure on tech platforms to remove undesirable content and hand over user data without a court order, Mail.Ru should also clearly outline how it responds to government requests for data.
⮕Tencent should publish data about the volume of content it restricts for violating company rules. This would complement the data it already publishes about account restrictions. This is especially relevant as Tencent’s WeChat has sparked controversy for its content moderation decisions, with the recent removal of Didi from its application store and its blocking of LGBT+ student accounts.
All the companies in the 2020 RDR Index have room to improve on how they impact human rights. But the companies who responded to civil society’s call are a step ahead of their peers. We know they are listening. Now it’s time for the 16 that did not respond to show what they are doing to protect our rights. The power they wield is immense, and they must demonstrate the responsibility that comes with it.