When RDR’s first Corporate Accountability Index was released in 2015, grading 16 tech and telecom companies on their respect for privacy and freedom of expression, it was the first of its kind to rank the impact of companies on specifically digital rights. Unsurprisingly, it took the policy world by storm, including at international forums like the UN. Several U.S. media outlets also took an interest in what the Index revealed about the activities of large global platforms and telcos like Google and AT&T. Meanwhile, however, in the Majority World, many civil society organizations were taking note, instead, of the potential for these standards to hold local and subsidiary companies accountable closer to home.
The first adaptations of RDR’s methodology to study these local contexts globally began in 2018, when Arab region digital rights organization SMEX used the RDR methodology in a report on the state of digital rights for mobile users within Arab states. That same year, an adaptation was conducted examining mobile operators in Russia, while Internet Without Borders produced a report looking at the performance of large international telecom subsidiaries across Africa. In many cases since, adaptations have been carried out in countries or localities with little existing corporate accountability, particularly for the tech sector. Oftentimes, they have been used in precarious socio-political contexts.
In response to the enormous potential of this work, RDR began providing direct support to organizations worldwide in 2021. As Leandro Ucciferri, RDR’s Global Partnerships Manager, put it, “these projects are putting new companies under the spotlight, which have not received enough scrutiny from the digital rights community.” Since this work began, we’ve provided this support to adaptations covering 35 countries and 127 companies. Though adaptations have taken place under various grants, many recent projects have been conducted under the auspices of the Greater Internet Freedom (GIF) project. Among others, these include recent, successful projects across Africa as well as in Central Asia (another report was recently released covering Southeast Europe), both of which we’ll highlight below.
First Evaluations of Central Asian and African ICT Sector: Major Gaps in Human Rights
Internet shutdowns, executed through the telecom sector, are rampant in both of these regions. As we’ve recently detailed, politically motivated shutdowns have taken place frequently in Central Asia over recent years. In Kazakhstan, shutdowns were executed in 2022, after the breakout of mass protest, following on the heels of previous shutdowns in both 2021 and 2020. In addition, in both Uzbekistan and Kyrgyzstan, laws have been introduced aimed at imposing online censorship. In Africa, shutdowns have been weaponized recently in Tanzania and Zimbabwe, among other examples.
It is within this context of poor digital rights protections that RDR recently partnered with GIF and local partner organizations, in both Central and Southern Africa, as well as in Central Asia, to establish a baseline for corporate accountability. According to Mavzuna Abdurakhmanova, GIF’s Central Asia Digital Rights Consultant, her region’s report was notable for being the first of its kind. “From the civil society perspective, no one questioned the private sector on the protection of the digital rights of their users,” she explained. “Nobody was even thinking about asking questions about human rights to the business sector.” And yet company transparency and accountability is particularly important in such countries, where weak human rights protections alongside fragile democracies often lead to the participation of telcos and other ICT service suppliers in infringing on the basic rights of users.
In Central Asia, the report entitled “Ranking Digital Rights in Central Asia” was conducted by Tajikistan-based Civil Internet Policy Initiative (CIPI) and looked at digital rights across three sectors: telecom, e-commerce, and fintech companies. These companies were located in four countries: Kazakhstan, Tajikistan, Uzbekistan, and Kyrgyzstan.
A growing number of GIF reports have been released recently covering East, Central, as well as East and Southern Africa. In 2022, RDR supported local partner Paradigm Initiative (PIN) for the creation of their report “Ranking Digital Rights in Angola, Democratic Republic of Congo and Central African Republic” as well as Internet Freedom Lesotho’s report on “Digital Rights in Lesotho.” Paradigm Initiative focused on three telecommunication companies, one for each country they covered. The Lesotho report, meanwhile, covered four companies: two telcos and two financial companies. Building on previous success, a new report covers countries in Eastern Southern Africa: Uganda, Tanzania, Zimbabwe, and Zambia, examining the policies of top telecom operators.
The findings in these reports have been stark: Researchers discovered that companies will routinely point to government requests to excuse the high number of internet shutdowns that they adhere to. When she began working on this project, Wakesho Kililo, who leads GIF’s Africa work, wondered whether companies would actually have any policies in place to handle such demands. Unsurprisingly, she found that such policies were frequently missing. Transparency about potential actions taken in responding to censorship demands was also limited. Mavzuna recalled that almost all companies evaluated by the Central Asia report were responding to government requests and providing personal information of users, but there was neither a publicly available policy about how they responded to these, nor general data provided on the number of requests received or responded to.
Across the board, these company gaps were clear and gaping. According to Mavzuna, no companies covered by the research publish annual reports on their websites. There were no companies publishing information about their governance structure. Wakesho, meanwhile, noted that Terms of Use are also rarely comprehensive. In fact, her research across Africa showed that a majority of companies there were failing to translate Terms of Use into local languages. In addition, many of the companies Wakesho helped evaluate have privacy policies that are sorely lacking, and sometimes non-existent. This was true, for example, of NetOne Zimbabwe, which has no privacy policy for any of its services investigated for the report. Wakesho remembered thinking, as she completed her research, that “users’ digital rights are being abused. They’re not being protected, either at all or at the rate they should be.” She added, “When a telco doesn’t even have a privacy policy, what are they doing with user data? We don’t know.”
Another pattern of note has appeared across RDR-supported adaptations, and was also evident in both of these regions: Parent companies of corporations based in Western Europe often offer more robust human rights policies to their clients at home than they do to the users of their subsidiary companies abroad. GIF Central Asia’s Mavzuna explained that, when they conducted a comparative data analysis, many good policies and practices of parent companies were notably absent in those of their subsidiaries. “Why didn’t you take those good policies and good practices from European parent companies and adapt them to our local context?” Mavzuna wondered. (For more on this discrepancy, please check out our essay from the 2022 Telco Giants Scorecard “The disconnect between HQ and local subsidiaries results in less transparency and protection.”)
A First Experience with Company Engagement: Is Change Really Possible?
Following the completion of their reports, Mavzuna and Wakesho were determined to engage with companies—as RDR does following the release of our Scorecards—with the hope of influencing new company policies. In all cases, many of the largest telecom companies simply ignored them. However, smaller companies (and a couple of larger telcos) expressed interest in improving their policies based on the findings of the reports.
For example, Mavzuna was able to attend a meeting with SMEs (small to medium-sized enterprises) in Tajikistan where the Central Asia report findings were presented for the first time. There, a representative for Alif Bank, a fintech company, expressed appreciation for the report and the important gaps it uncovered, which he promised to address. Though she didn’t engage directly in Uzbekistan, her local partner in that country reported a positive reception; many within that country’s private sector are aware of a positive correlation between improved human rights respect and investment from Western countries.
Meanwhile, in Lesotho, the report’s researcher, Nthabiseng Pule, was able to meet directly with representatives from Vodacom Lesotho and Vodafone. Not only that, but the company also heeded some of the report’s top recommendations. This included hiring a language expert to translate the company’s terms and conditions into Sesotho, Lesotho’s main language. In addition, the company agreed to create a privacy portal, where one can find all information relating to user privacy. This represented an important win and first step for the organization. Paradigm Initiative was also able to meet with France-based Orange, a telco with subsidiaries across the African continent. Finally, GIF, with support from the Global Network Initiative, was also able to meet with Vodacom Tanzania.
Engagement also extended beyond companies. In Lesotho, a policy brief was sent to the country’s regulator, the Lesotho Communications Authority, noting the report’s main findings. Meanwhile, the report also opened many eyes in civil society. One organization, Internet Society Lesotho, began a campaign around the right to privacy, based on the report. Wakesho also highlighted engagement at international forums, including the Forum on Internet Freedom (FIF) Africa, the Digital Rights and Inclusion Forum, and RightsCon 2023, where she got to share the reports’ findings with civil society as well as with company representatives, some of which even requested their companies be evaluated in the future.
According to Mavzuna, she and her colleagues are now feeling “more confident” after receiving positive feedback from the private sector. Mavzuna hopes to continue engaging with companies interested in implementing more robust human rights protection. Indeed, she believes this is just the beginning for this kind of engagement. Although there was a lack of willingness from larger companies to engage during this first round, she maintains hope based on the interest she’s witnessed mostly from smaller companies, including from the region’s nascent e-commerce sector, where companies are mostly younger and more dynamic.
Despite initial successes, Wakesho believes that “we need more of this work. There’s more to be done. We need the regulators to be aware… We need to call the companies to account.” Both Wakesho and Mavzuna believe this must involve eventually getting the larger telcos to the table and holding them accountable for the same level of human rights protections they offer users in their home country. And RDR hopes to continue supporting them in that task.
As RDR’s Leandro Ucciferri has explained, “By making it easier to use our methods and standards, we aim to grow the community of corporate accountability advocates that are bringing these conversations to new countries and regions outside the Silicon Valley and Brussels bubbles.” Indeed, we’ve already doubled down on our commitment to support this movement globally, including through last year’s launch of the RDR Research Lab, a hub for digital rights researchers and experts across the world. This represents, however, just one part of our commitment to ensuring the full democratization of the global tech accountability movement, as we continue to help global allies hold the ICT sector to account for the rights of all users, everywhere.