Corporate Accountability News Highlights: EU Parliament committee endorses end-to-end encryption, companies are behind in preparing for new EU data rules, and U.S. net neutrality debate resurfaces

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights that highlights key news related to tech companies, freedom of expression, and privacy issues around the world.

EU Parliament committee endorses end-to-end encryption

European Parliament, image via Wikipedia

A European Parliament committee is proposing that end-to-end encryption be mandatory for all electronic communications. The proposal calls for  amending the EU Charter of Fundamental Rights to include online privacy. It also includes a ban on encryption “backdoors” that give governments access to encrypted communications. “Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services,” according to the proposal.

This is a stark contrast to recent discussions among officials in the UK, Germany, and Australia who say authorities should be able to access encrypted communications to stop terrorism. As highlighted in the 2017 Corporate Accountability Index, governments should not pass measures that undermine encryption. As the EU Parliament committee’s proposal asserts, “The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.”

Companies not ready for new EU data protection rules

The Financial Times reports that European companies are unprepared for the EU’s new data protection regulations that come into force in less than a year. Many businesses are “dramatically underestimating” the impact of the General Data Protection Regulation (GDPR), according to the report, and appear to be behind schedule in making necessary changes, or are unaware of their obligations under the new rules. While the law is currently in effect, companies have until May 2018 to be compliant with the rules. The Irish Times also cited a survey showing that two-thirds of 150 businesses in Ireland “did not realize what they would have to do regarding the GDPR.”

Any company that handles personal data of EU citizens must comply with the GDPR. The rules cover a wide range of data protection issues, and include new requirements for handling personal data and reporting data breaches. Findings of the 2017 Corporate Accountability Index showed that most companies lacked transparency about how they handle user information, and only three of the 22 companies evaluated disclosed any information about their process for responding to data breaches.

Companies and rights groups to protest net neutrality rollback in the U.S.

Several companies, including Amazon, Netflix, and Reddit are joining with civil society advocates for an “internet-wide day of action to save net neutrality” to protest the Federal Communications Commission (FCC) plan to repeal the current net neutrality rules. In February 2015, the FCC classified internet service providers as “common carriers” under Title II of the Communications Act, protecting the principle of net neutrality—requiring carriers to treat all types of content and traffic equally. The measure was hailed by internet rights groups since it created strong protections for net neutrality, helping to ensure equal access to content and the free flow of information online.

In May 2017, the FCC voted to begin the process of repealing the 2015 net neutrality rules and the Title II classification for ISPs. On July 12, websites participating in the day of action will display a message about the importance of net neutrality and provide a prompt for users to submit a comment to the FCC and Congress in support of strong net neutrality protections.

While some telecommunications companies support net neutrality, our research shows they many lack transparency about their network management policies and practices. The Corporate Accountability Index evaluates if companies disclose whether they engage in practices that affect the flow of network traffic, like by prioritizing certain content or throttling traffic. We expect companies to avoid these types of practices unless for legitimate traffic management reasons, like to ensure the flow of traffic through their networks. If companies do engage in throttling, traffic shaping, or prioritization, we expect them to publicly disclose this and to explain their purpose for doing so. Of the ten telecommunications companies evaluated in the 2017 Index, Vodafone was the only company to clearly disclose a commitment to not prioritize, block, or delay certain types of traffic other than for assuring quality of service and reliability of the network.

UN expert says companies must do more to advance freedom of expression online

Many of the most serious threats to human rights online—like censorship, surveillance, and network shutdowns—are driven by governments, but are often carried out by companies. It is well-established that states have an obligation to protect human rights, but what responsibilities do companies have? On June 12, UN Special Rapporteur on Freedom of Expression, David Kaye, […]

Continue reading...

Corporate Accountability News Highlights: Russia moves forward with banning anonymous use of messaging apps, Australian government sets its sights on encryption, and research finds majority of apps share user data with third parties

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights that highlights key news related to tech companies, freedom of expression, and privacy issues around the world. Russian legislature considering banning anonymous use of messaging apps Russian lawmakers are discussing a bill that would ban anonymity on certain messaging apps. If passed, the […]

Continue reading...

Corporate Accountability News Highlights: UK Government calls for increased internet regulation, Brazil holds hearings on WhatsApp blocking, and Weibo users face restrictions on Tiananmen anniversary

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights that highlights key news related to tech companies, freedom of expression, and privacy issues around the world. UK Government calls for increased internet regulation following terror attack In response to the most recent terror attack in London, UK Prime Minister Theresa May is […]

Continue reading...

Corporate Accountability News Highlights: Facebook internal documents highlight lack of transparency on content removals, Apple reveals it received a National Security Letter, and WeChat unveils new search feature

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights that highlights key news related to tech companies, freedom of expression, and privacy issues around the world. The Guardian publishes Facebook internal content guidelines, offering glimpse into opaque process An investigation by the Guardian has revealed new details about Facebook’s internal rules for […]

Continue reading...