The 2017 Ranking Digital Rights Corporate Accountability Index finds the world’s most powerful internet, mobile and telecommunications companies leave users in the dark, failing to disclose key information about policies affecting users’ rights.
Tune in here at 9:30am ET (13:30 GMT) to watch the 2017 Index launch event at New America in Washington, DC. You can also join the conversation on Twitter by following @rankingrights and by using the hashtag #rankingrights.
According to the 2017 Corporate Accountability Index, top companies fail to disclose key corporate policies and practices affecting freedom of expression and privacy. While some companies have improved since they were first evaluated in 2015, most of the world’s internet users do not receive adequate information about how companies’ policies affect what users can or cannot say online or who is tracking them. Ranking Digital Rights analyzed a representative group of 22 companies whose products and services collectively are used by over half of the world’s 3.7 billion internet users. It builds on the 2015 Corporate Accountability Index, which found widespread failure by companies evaluated to disclose key information about their policies and practices affecting freedom of expression and privacy.
Companies were assessed on 35 indicators in three categories: Governance, Freedom of Expression, and Privacy. This methodology was revised since the 2015 Index, following an extensive review and consultation process. It also includes new indicators, focusing on company disclosures related to issues such as network shutdowns and data breaches.
Selected findings include:
Top scores: Overall, Google ranked highest among 12 internet and mobile companies, followed closely by Microsoft. They were the only two companies to score over 60 percent.
The U.K.-based Vodafone and U.S.-based AT&T tied for first place among 10 telecommunications companies, despite significant gaps resulting in scores of less than 50 percent.
Mobile ecosystems: Six new companies were added to the 2017 Index, including Apple and Samsung, which control the world’s largest mobile ecosystems.
Apple ranked seventh among the 12 internet and mobile companies evaluated, with an overall score of only 35 percent, despite the company’s strong public stand for users’ privacy rights in the face 
of recent U.S. government demands. A major reason for Apple’s relatively low score was lack of disclosure about commitments and policies affecting freedom of expression. Also, next to its U.S. peers, Apple disclosed little about how or whether it has institutionalized commitments to protect users’ rights. Samsung ranked ninth out of 12 companies in the same category, scoring only 26 percent.
Given that most of the world’s new internet users are coming online through smartphones it is especially troubling that companies controlling the world’s mobile ecosystems do not clearly disclose policies affecting users’ freedom of expression and privacy. We hope the Index will lead to greater corporate transparency across the industry, thereby empowering users to make more informed decisions about how they use technology.
Other highlights of the 2017 Index:
- Freedom of expression is getting short-changed. How do the company’s actions affect our ability to publish, transmit, or access content? With a couple of notable exceptions, most companies disclosed the least amount of information about policies that affect users’ freedom of expression.
- Handling of user information is opaque. How and for what purpose is our information collected, shared, retained, and used? If somebody were to build a profile on us using this information what would it look like? Companies don’t disclose enough for us to understand our risks and make informed choices.
- Security commitments lack sufficient evidence. Is a company making maximum efforts to keep our information secure? While we don’t expect companies to reveal security information that will help attackers, they need to provide clearer evidence that their security policies and practices are robust enough for us to trust them with sensitive information.
The Index also includes practical recommendations for steps that internet and telecommunications companies–as well as other companies throughout the sector–can take to improve. These include:
- Provide concrete evidence that the company has institutionalized its commitments. While it is important for company leaders to demonstrate strong personal commitments to users’ rights, it is even more important that such commitments be clearly institutionalized. Otherwise, how do users know whether policies and practices will change or stay the same after key individuals leave the company?
- Explain to users why speech, access to information, or access to service may be blocked or constrained. Who has the ability to ask the company to remove or block content or otherwise restrict speech? How does the company handle these requests? Are there effective grievance and remedy mechanisms? Companies must be transparent and accountable about the circumstances under which access to a service may be denied, or content is restricted or blocked.
- Demonstrate a credible commitment to security. Companies should maintain industry standards of encryption and security, conduct security audits, monitor employee access to information, and educate users about threats. These policies and practices should be disclosed to users.
To view and download the complete report—including in-depth analysis and “report cards” for each company—as well as raw data files and other materials, visit rankingdigitalrights.org/index2017.
The 2017 Index website and data visualization were developed in partnership with the SHARE Foundation, a digital rights NGO.
