Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
Facebook in breach of German Data protection law
Facebook Headquarters at 1 Hacker Way, Menlo Park, California. Photo by Anthony Quintano (CC BY 2.0)
A German court has ruled that Facebook is in breach of the country’s data protection law, in a lawsuit filed by a consumer advocacy group. The court found that five Facebook default settings such as the disclosure of a user’s location when chatting to others on the Facebook mobile application, and the appearance of personal Facebook profiles in search results—violate the Federal Data Protection Act for failing to meet the requirement of informed consent. Under the act, German users should be provided with “clear and easy to understand information on the nature, scope and purpose of the intended use of [their] data.”
Facebook said that it would appeal the court’s decision.
The court also ruled against eight other clauses in Facebook’s terms of use such as “pre-formulated declarations of consent” allowing the company to use names and profile pictures of its users “for commercial, sponsored or related content” and to transfer their data to the United States.
Companies should clearly disclose to users what options they have to control collection, retention and use of their personal information. Internet, mobile, and telecommunications companies evaluated in the 2017 Corporate Accountability did not disclose enough information about such options. Facebook disclosed less about these options than any of the 12 internet companies evaluated. The company did not disclose options allowing users to control the company’s collection of their user information, and how their information is used for targeted advertising.
The court also ruled that Facebook’s “authentic name” policy which requires users to use a name that appears on their IDs was in violation of the German Telemedia Act, which requires providers to allow users to use pseudonyms. Internet companies and providers of prepaid mobile services should not require users to verify their names with government-issued IDs. Research from the 2017 Index showed that while Facebook did not require users to do so for its Instagram and WhatsApp, users of Facebook and the Messenger app are required to verify their accounts with information that can connect users to their offline identity.
UK government unveils extremism blocking tool
The UK government has unveiled a machine learning tool to detect terrorist propaganda. The Home Office paid a local artificial intelligence firm, ASI Data Science, £600,000 in public funds to develop the software, which identifies potential terrorist content and flags it for human moderation.
Home Secretary Amber Rudd told the BBC that the government is “not ruling out taking legislative action” to force small tech companies to use the tool. The government claims that the software can detect ISIS related propaganda with an accuracy of 99.995%. While an error rate of 0.005% might have a negligible impact on content posted on small platforms, on the most popular platforms the impact could be more significant. As TechCrunch notes: “on Facebook, which has around 2BN users who could easily be posting a billion pieces of content per day, the tool could falsely flag (and presumably unfairly block) some 50,000 pieces of content daily.”
Companies should be transparent about their process for restricting content or accounts by disclosing information such as the types of content or activities they do not allow, and the processes they use to identify infringing content or accounts. None of the internet and mobile ecosystem companies evaluated in the 2017 Corporate Accountability Index disclosed whether government authorities receive priority consideration when flagging content to be restricted.
Network shutdowns in Egypt’s Sinai as forces launch military operation
Internet and telecommunications services in Egypt’s Sinai peninsula have been completely shut down as the country’s armed forces launched a military operation against insurgents affiliated with ISIS. Network disruptions are not uncommon in the peninsula. One resident from Al-Arish, a city in northern Sinai, told Social Media Exchange (SMEX), a Beirut-based digital rights organization, that such disruptions take place “whenever military and security operations are conducted in the desert area south of the city.”
Under the Egyptian Telecommunication Law, Egyptian authorities have the power to force providers of telecommunication services to restrict access to their networks for reasons related to “national security.”
Shutting down networks and restricting access to online communications violate human rights. A resolution adopted by the UN Human Rights Council in June 2016 condemns “measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law.” While governments should refrain from ordering telecommunications companies to restrict services, companies should be transparent about the circumstances under which they may comply with such orders. They should disclose information about how they handle government network shutdown demands, including under whose authority a shutdown is ordered, so that those responsible can be held accountable. None of the telecommunications companies evaluated in the 2017 Corporate Accountability Index disclosed sufficient information about how they handle government network shutdown demands.
