Archives for September 2017

Corporate Accountability News Highlights: Russia threatens Facebook over data localization, Spain orders companies to censor Catalan referendum content, U.S. and EU complete first annual Privacy Shield review

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Russia threatens to block Facebook over data localization law

Russian authorities have announced that Facebook will be blocked next year if the company does not comply with a Russian data localization law. Under the law, which entered into force in 2015, data operators processing personal data of Russian citizens must do so using servers within Russia. In November 2016, Russia blocked LinkedIn for not complying with the data localization law. In January 2017, Russian authorities also ordered Apple and Google to remove the LinkedIn app from their app stores.

Privacy advocates have raised concerns over the impact of data localization requirements, particularly in Russia, where authorities have significant mass surveillance capabilities. This could also make it more difficult for companies operating in Russia to be transparent about government access to user data. As noted in our 2017 Corporate Accountability Index Russian company analysis, Russian authorities may have direct access to communications data through a program called SORM. It therefore may be impossible for companies to publish data on Russian authorities’ requests for user information, since they may not know themselves how often various agencies exercise their authority under SORM.Continue Reading

Why should investors care about digital rights?

When companies fail to respect users’ privacy and freedom of expression, users clearly pay a price, but they are not alone.

Luis Villa del Campo via Wikimedia Commons (CC-BY 2.0)

Building on the Ranking Digital Rights 2017 Corporate Accountability Index, our inaugural Investor Research Note analyzes how investors may be affected when companies fail disclose adequate commitments and policies affecting users’ rights.

With it we aim to build investor awareness of potential material risks related to digital rights in order to inform investment research and decisions, and to support investor engagement with companies on these issues. We address:

  • How digital rights provide a framework for evaluating risks associated with the management and use of content and personal data by companies.
  • How the financial implications of digital rights issues are growing, reshaping how investors should think about risk profiles of companies that provide services affecting consumer privacy, data security, and management of content affecting users’ freedom of expression.
  • How investors can use RDR’s Corporate Accountability Index as a leading indicator for what are potentially the most material digital rights business and investment risks.

Continue Reading

Corporate Accountability News Highlights: U.S. government drops Facebook gag order, research shows security risks in content filtering apps, Togo orders network shutdown

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

U.S. government withdraws Facebook gag order

D.C. Court of Appeals (Photo by Mr.TinDC, Licensed CC BY-ND 2.0)

The U.S. government has dropped its effort prevent Facebook from notifying three users that their communications were being investigated. Facebook received search warrants for content from the users’ accounts and the warrants were accompanied with gag orders preventing the company from notifying the users. Facebook contested the gag order, though its request was denied by the D.C. Superior Court. Facebook appealed the decision to the D.C. Court of Appeals. A hearing on the matter was scheduled for September 14, though it was cancelled on September 13 after prosecutors said the gag orders were no longer necessary, and withdrew their request.

This is one of several recent instances of U.S. internet and telecommunications companies pushing back against inappropriate or overly broad government requests. Web hosting provider Dreamhost is currently engaged in a legal battle with the U.S. Department of Justice over a demand for information an anti-Trump website, although the DOJ has thus far dropped portions of its original overly broad warrant, including the demand for all IP addresses of visitors to the website. In April of this year, Twitter reported that the Trump administration had attempted to force the company to reveal the identity of an anonymous Twitter account critiquing the administration. Twitter pushed back against the request, which was ultimately withdrawn, saying it was unlawful and a violation of the First Amendment.

As noted in the Corporate Accountability Index methodology, companies should clearly disclose their processes for responding to third-party requests for user information. This disclosure should include a commitment to carry out due diligence on government requests before deciding how to respond, as well as a commitment to push back on inappropriate or overbroad government requests. Of the seven U.S. companies evaluated in the 2017 Corporate Accountability Index—Apple, AT&T, Facebook, Google, Microsoft, Twitter, and Yahoo— all seven committed to carry out due diligence on government requests for user information and to push back on inappropriate or overbroad requests.Continue Reading

Corporate Accountability News Highlights: India’s Supreme Court issues landmark privacy verdict, Yahoo to face civil suit for data breaches, Chinese government’s crackdown on free speech online continues

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Privacy is a fundamental right, says India’s top court

Image by MohitSingh (Licensed CC BY 3.0)

In a landmark decision, India’s Supreme Court has ruled that privacy is a fundamental right, protected by the country’s constitution. The case stems from a legal challenge to the Indian government’s controversial new biometric database, Aadhaar, which is the largest of its kind in the world. Individuals must enroll in this database—which requires submitting their fingerprints, iris photographs, and facial photographs—in order to obtain a variety of government services, including paying taxes or receiving a government subsidy. According to The Atlantic, this makes it “almost impossible to live in India without enrolling.”

Privacy advocates in India petitioned the court over the program’s privacy risks to individuals enrolled in Aadhaar. In its ruling that privacy is a fundamental right, the court also overturned previous cases which said it was not. The court did not rule on the legality of Aadhaar itself, which will be considered separately. Advocates also anticipate the case will also have an impact on tech companies’ collection and use of user data. “These companies must brace for [legal action],” Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, told CNN. “Individuals who are unhappy with the treatment of their personal information can now take them to court, because it is an infringement of a fundamental right.”

The Corporate Accountability Index contains 18 indicators measuring companies’ disclosure of policies affecting users’ privacy, and whether these policies and commitments demonstrate the concrete ways companies respect and protect the privacy rights of users. Indicators in this category are based on standards established by the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights and other international human rights instruments, which guarantee privacy as a fundamental human right. However, national laws and regulations can have a significant impact on a company’s policies affecting users’ privacy. As noted in our recommendations, governments should work with the private sector and civil society to ensure that legal and regulatory frameworks make it possible for companies to respect digital rights.Continue Reading