Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
UK to revamp data protection rules
UK lawmakers have announced plans to revamp the country’s data protection rules in order to comply with the EU’s General Data Protection Regulation (GDPR), which come into force in May 2018. Under the proposed plans, the definition of “personal data” would be expanded to include IP addresses, internet cookies, and DNA. UK organizations could also face fines for not adequately addressing cybersecurity risks. Plans also include measures allowing UK citizens to demand that social media companies delete their data.
The GDPR, which will harmonize data protection laws across the EU, affects data protection regulations and practices globally. The rules apply to all “data processors” that handle data of EU citizens, regardless of where the data processors are based. As noted in our recommendations for the 2017 Corporate Accountability Index, governments should develop effective data protection regimes and privacy regulations in consultation with industry and civil society, with impact assessments to ensure that the laws can avoid unintended consequences for freedom of expression. Companies should also disclose more information about their GDPR compliance, and what this means for non-EU users.
ISPs in India ordered to block over 2,500 websites
Internet service providers (ISPs) in India have been ordered to block 2,650 websites, including the Internet Archive, a nonprofit internet library that hosts the Wayback Machine, a platform that allows internet users to browse cached versions of over 303 billion web pages. According to the BBC, two movie production companies obtained court orders to prevent internet users in India from viewing pirated versions of their movies. Users who attempted to visit the blocked sites reported instead seeing a message indicating access was restricted due to a government order, but not explaining the reason for the block. The fact that they were blocked as an anti-piracy measure was only reported because the BBC obtained copies of the court orders involved.
When responding to government and private third-party requests to remove, filter, or restrict content, companies should commit to carry out due diligence before deciding how to respond, and should also commit to push back on inappropriate or overbroad requests. They should also commit to notify users who attempt to access content that has been restricted, and in this notification, does the company clearly disclose a reason for the content restriction. In our 2017 Corporate Accountability Index, only six out of ten telecommunications companies evaluated received credit on our indicator measuring user notification about content restrictions. Of these, AT&T was the only company to receive any credit for disclosing a reason for the content restriction in its notification.
New bill would lead to greater internet censorship, U.S. NGOs warn
A coalition of NGOs has warned that a new bill introduced in the U.S. Senate poses a significant threat to freedom of expression. The Stop Enabling Sex Traffickers Act (SESTA) proposes criminal and civil liabilities for third-party intermediaries if sex traffickers use their services.
In an open letter to the Senate majority and minority leaders, the NGOs warn that this could not only lead to increased censorship, but also could discourage companies from engaging in good-faith efforts to monitor or take down content, since this could be used to show they have knowledge of potentially illegal content, and could open them up to civil and criminal penalties.
The letter urges Congress use other methods to more effectively combat sex trafficking, and point out that existing U.S. law does not prevent intermediaries from facing federal criminal charges.
As we noted in our Index recommendations, governments should limit the legal liability imposed on companies for their users’ speech and other activities, consistent with the Manila Principles on Intermediary Liability.
