Governments committed to a free and open internet must do more than sign statements to ensure that the internet supports and sustains human rights for future generations.
This week, world leaders descended on New York City for the UN General Assembly’s annual debate. While issues like climate change, migration, military conflict, and economic inequality have dominated the news, many government delegations also came to talk about the problems and opportunities of globally networked digital technologies.
On Monday, 27 countries issued a joint statement on “Advancing Responsible State Behavior in Cyberspace.” It affirms that an “international rules-based order should guide state behavior in cyberspace,” including a commitment to universal human rights standards:
“We reiterate that human rights apply and must be respected and protected by states online, as well as offline, including when addressing cybersecurity. …As responsible states that uphold the international rules-based order, we recognize our role in safeguarding the benefits of a free, open, and secure cyberspace for future generations.”
We appreciate this public commitment, but governments must do more than sign statements. Not only must they uphold their own constitutional and treaty obligations to protect and respect human rights, but also they must ensure that the companies that provide the infrastructure, content moderation, and other services that more than half the world now rely on do not corrode fundamental human rights, especially the rights to freedom of expression and privacy.
In order for people to exercise their rights and hold power accountable in our digitally networked age, internet users must be able to know who controls their ability to connect, speak online, or access information; and who has the ability to access and share their personal information. Four iterations of the RDR Corporate Accountability Index have underscored how people around the world still lack basic information about how private and government entities exercise power over their digital lives.
Meanwhile, governments are responding to serious national and public security threats perpetrated through networked communications technologies. Some regulations have improved company disclosures, policies, and practices. Far more have made it harder for companies to meet global human rights standards for transparency, responsible practice, and accountability in relation to freedom of expression and privacy.
In our 2019 RDR Index report we cite some concrete examples: Many regulatory efforts targeting hate speech and disinformation on social media are pushing companies to over-censor journalism and activism even as they fail to address the harms caused by the abuse of their rules. Government surveillance via internet, mobile and telecommunications companies is growing less accountable and transparent in much of the world. And while data protection laws in some places are helping to protect users’ rights, the lack of coherent regulation in other parts of the world enables threats to proliferate.
Our analysis of these challenges shows that governments could be doing much more to optimize their legal, regulatory, and policy frameworks both to raise the costs of corporate behavior that infringes on people’s freedom of expression and privacy, and to incentivize greater respect for human rights. While we have included recommendations for governments in previous years, in the 2019 RDR Index we expanded the recommendations for governments in each chapter, and we have now summarized all of them in one reference document to provide more concrete, actionable advice for policymakers.
Measures and commitments should include: Conducting human rights impact assessments on proposed legislation; maintaining limitations on liability for third-party content; instituting comprehensive privacy law; reforming surveillance law and practices to comply with human rights standards; and protecting the right to encrypt. Most important, just as companies should be subjected to more robust oversight to prevent abuses of users’ rights, governments must commit to enabling independent and credible oversight to prevent abuse of their own censorship and surveillance powers.
Other recommendations emphasize the importance of accountability and transparency by governments as well as by companies. Specifically, we recommend that companies should be required by law to implement board oversight, systematic internal and external reporting, and impact assessments to identify, evaluate, and mitigate potential human rights harms, including violations of users’ freedom of expression and privacy. As we note in our 2019 RDR Index, such laws are starting to emerge in Europe.
Government transparency must also be strengthened. As the human rights community pushes companies to be more transparent about what content is removed or restricted, and about who has access to people’s personal data, governments should also publish regular reports revealing the volume, nature, and purpose of requests their agencies and branches make to companies.
Access to remedy is also vital. Some countries already require that companies provide grievance and remedy mechanisms, but where they exist, such laws tend to focus more on physical harms or commercial and service issues rather than digital rights issues like freedom of expression and privacy. Laws could do much to improve the quality and availability of grievance and remedy mechanisms for internet users.
Finally, global collaboration is essential. Governments committed to advancing a free and open internet that supports and sustains human rights should work proactively and collaboratively with one another, as well as with civil society and the private sector. They should work together with all stakeholders to establish a positive roadmap for addressing threats to individuals and communities without causing collateral violations of human rights.
The 27 signatories should now hold one another accountable for translating words into action. Only then will they deserve applause from internet users around the world.