People around the world increasingly rely on the internet and digitally networked devices in all aspects of their lives. But do we have a global information ecosystem in which future generations’ rights can be respected?
Unfortunately, the answer is “no,” according to our research. Ranking Digital Rights (RDR) on March 23 launched its 2017 Corporate Accountability Index which ranks 22 of the world’s most powerful telecommunications, internet and mobile companies disclosed commitments and policies affecting user’s freedom of expression and privacy. Findings showed that companies did not disclose enough information about policies affecting users’ rights—and as a result most of the world’s internet users lack the information they need to make informed choices.
Click image to watch video of the full event. (Photo by Niels ten Oever)
“There is tremendous room for improvement by all companies,” said project director Rebecca MacKinnon, despite positive steps by some companies since organization released its inaugural Index in 2015. Only two companies—Google and Microsoft—scored more than 60 percent on this year’s Index, with the remaining 20 companies evaluated receiving failing grades.
This year’s Index included an evaluation of the “mobile ecosystems” controlled by Apple, Google and Samsung. Findings showed that Apple’s iOS, Google’s Android, and Samsung’s implementation of Android all offered poor disclosure of policies affecting users’ freedom of expression and privacy. This is a particular concern given that most of the world’s new internet users are coming online with smartphones.
MacKinnon also highlighted that companies overall struggled to disclose policies affecting users’ freedom of expression. For example, all telecommunications companies evaluated had insufficient disclosure on their policies for responding to requests for network shutdowns. Telefónica and Vodafone tied for the highest score on this indicator, but these companies still fell short. None of the telecommunications companies evaluated provided any information on the number of network shutdown requests with which they complied.
Companies that disclosed data breach-related policies.
While companies tend to focus more on privacy and security than freedom of expression, there are nonetheless serious gaps. On the indicator measuring company disclosure of their policies for responding to data breaches, only three out of all 22 companies evaluated, disclosed any information. This is troubling given recent news of various high-profile data breaches, and this issue is of particular concern for users and investors alike.
MacKinnon was joined for a panel discussion by Melissa Brown, Partner at Daobridge Capital and Arvind Ganesan, Director of Business and Human Rights at Human Rights Watch. Moderating the discussion was Niels ten Oever, Head of Digital at Article 19, and Open Technology Institute Director Kevin Bankston.
Panelists discussed whether rankings like the Index can motivate companies to change their policies make policy change. Does highlighting differences in company performance promote competition and a “race to the top”? Do companies that perform better do so because of their business models, because they have been exposed to public scrutiny for longer, or because of other factors?
As speakers noted, there have already been some improvements since the first Index in 2015. Bankston pointed out that in the 2015 report, not a single company received any credit for disclosure of data about content takedowns due to the company’s terms of service enforcement. In the 2017 Index, three companies received some credit on this indicator, and just this week Twitter released its latest transparency report, for the first time including some data on terms of service takedowns.
“With that domino falling, if the trend goes the way it usually does, this is going to become a common practice in the next five or ten years, and that will be due in no small part to the work of Ranking Digital Rights,” said Bankston.
Many people in the audience were concerned about poor company disclosure of the user information they collect, share, and retain. “If someone built a profile on me based on my use of Google, Facebook, AT&T, and my iPhone ecosystem, what kind of profile could be built about me? I need to have enough information that I have some sense of that so that I can then make informed choices. And right now, people are much too far in the dark on that.” One person asked whether it is harder to get companies to change when opacity about the handling of user information is connected to companies’ business model. Another audience member who works for a company not covered by the Index responded: “If you don’t have people trusting you, you don’t have a business.”
The impetus for change can come not only from civil society activists and policymakers but also from investors. As Daobridge’s Capital’s Melissa Brown pointed out, investors are not monolithic: some focus on human rights issues in general but few truly understand digital rights issues. However, Brown believes that the Index shows the extent to which “companies are outsourcing privacy and security risks to users,” without giving users enough information to understand or protect themselves against the risks. Over the long run, privacy and security will become “increasingly material” to investors, Brown said.
Fortunately, the Index provides a roadmap for companies to improve. Of course, the 2017 Index is just the beginning of the conversation. We look forward to continuing this dialogue, starting with RightsCon in Brussels next week!
A webcast of the event is available here.
