RDR is now an independent initiative. Our website is catching up.  Read our announcement →

Donate

05 Oct

Posted at 05:56h in Featured, News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Facebook data breach tests GDPR

Photo by user TheDigitalWay on Pixabay

Facebook could be hit with a $1.63 billion fine over its recent data breach affecting 50 million users. Irish data watchdogs this week opened an investigation over whether the company’s handling of the breach violated the EU’s new privacy rules that came into force in May 2018.

The company last week revealed that hackers gained access to the accounts of at least 50 million Facebook users. Roughly 90 million users were automatically logged out of their accounts as a precaution. Less than 10 percent of affected users are located within the European Union, according to a tweet sent out by Irish regulators.

The case is the first test of the General Data Protection Regulations (GDPR), the EU’s sweeping privacy rules that carry stiff financial penalties for companies that violate the rules. The GDPR requires any “data processor” to safeguard the user information it handles, and to notify regulators and affected users of a breach within 72 hours. According to CNBC, while Facebook appears to have notified regulators of the data breach, Irish regulators will investigate whether the company has violated the GDPR requirements to take appropriate security measures for safeguarding people’s data. If the company is found to not have done enough to protect user information in violation of the GDPR, it could be fined 4 percent of its global revenue, or $1.63 billion.

Internet, mobile, and telecommunications companies collect, store, and share vast amounts of information about users and should have clear policies in place for keeping this data secure. They should also clearly disclose their policies for addressing data breaches in the event that they occur. Findings of the 2018 Corporate Accountability Index showed that while Facebook disclosed more than most internet and mobile companies evaluated about its processes for addressing security vulnerabilities, the company failed to provide any information about its policies for responding to data breaches, including policies of notifying affected users.

Tech companies pledge to help the EU fight misinformation

A group of companies that include Facebook and Google have signed on to a new initiative to fight the spread of misinformation online, as part of the EU’s effort to combat news manipulation and interference ahead of the 2019 European parliamentary elections. The European Commission’s Code of Practice on Disinformation asks companies to monitor and voluntarily remove “verifiably false or misleading” content and to increase transparency of political advertising.  

The initiative was first proposed in April, when the Commission convened a multistakeholder forum that included online platforms, advertisers, journalists, and civil society to discuss self-regulatory solutions for addressing the spread of misinformation on social media and internet platforms. Hailed by proponents as a key step in combating misinformation, the plan has been criticized by media and civil society stakeholders for lacking “measurable objectives,” enforcement tools and oversight, Euractiv reports.

In 2016, the European Commission introduced a similar self-regulatory initiative aimed at combating the spread of hate speech online. A group of companies—including Facebook, YouTube (Google), Twitter, and Microsoft—signed onto the code, despite warnings by critics that the plan gave private companies too much power to censor content.

While private companies have the right to establish rules about what type of content is prohibited on their platforms, they should be transparent about the rules and how they are enforced. Companies should also disclose how they handle external government and private requests to remove content. Findings of the 2018 Index showed that most internet platforms lacked transparency about the volume and nature of content removed as a result of private processes. Ranking Digital Rights urges companies to clearly disclose how much and what types of content it has removed, filtered, or restricted, and why, and to notify users when it does so, and for what reason.

Trump administration opposes Google’s Chinese search engine

The Trump administration says it opposes Google’s efforts to re-enter the Chinese market. The Wall Street Journal reports that Vice President Mike Pence this Thursday called on the company to end the development of a search engine called Dragonfly, a confidential project rights groups say will enable internet censorship and compromise user privacy.

News of the project was first reported by The Intercept, which revealed that the Dragonfly search engine and news app will blacklist websites and search terms according to the Chinese government’s rigid censorship demands. The Chinese government has developed an increasingly sophisticated internet censorship system (called the “Great Firewall”) that filters and blocks information about human rights, political dissent, and other blacklisted topics. According to documents leaked to The Intercept, Google’s Dragonfly would have an automatic filter for banned sites and search results. Further reports indicate that user search results will be tracked by linking searches to individual phone numbers.

Google exited China in 2010 following disputes with authorities over its censorship practices targeting human rights activists. Plans to re-enter China have sparked new criticism from rights groups who say that the Dragonfly search engine will help the government’s extensive censorship and surveillance practices. Companies should conduct comprehensive and credible human rights risk assessments before launching new products or entering new markets in order to mitigate the freedom of expression and privacy risks to users. They must also be fully transparent about how much content it filters or removes at the behest of governments, and why, as well as their processes for handling government requests for user data.

21 Sep

Posted at 06:58h in Featured, News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

European lawmakers approve contested copyright reforms

Photo by user OpenIcons on Pixabay

The European Parliament last week voted in favor of controversial copyright reform measures that tech experts and rights groups warn could threaten internet freedom. The directive, aimed at updating the EU’s copyright laws, includes provisions requiring online platforms to filter copyrighted material and to buy licenses from publishers for linking to their content. Critics have bashed the legislation as “a hammer blow to the open Internet.”

European lawmakers in June voted down the directive after intense pressure by rights groups and tech companies. The European Parliament last week approved the directive, despite only minor amendments to the original proposal.

The directive has sparked widespread criticism from tech lobbying groups, who warn the reforms will thwart access to information and could lead to censorship. Among the more contested provisions, Article 11 would prohibit online platforms from linking to news content unless they first get a license from the publisher for the digital use of their content, and Article 13 would require all content published online in the EU to be checked for copyright infringement. According to the Electronic Frontier Foundation (EFF), this means any website that allows users to post “text, sounds, code, still or moving images, or other copyrighted works for public consumption will have to filter all their users’ submissions against a database of copyrighted works.” Rights groups agree this would lead to excessive filtering and censorship. While digital rights groups have panned the measures, content producers, including many music and media organizations, have hailed the proposed reforms.

The approved legislation now enters into closed-door discussions between the European Commission, the Council of the European Union, and the European Parliament before a final vote in January 2019. If the vote passes, EU-member states will have two years to adopt new regulations.

Ranking Digital Rights recommends that companies push back against overly broad or vague regulations that infringe on users’ freedom of expression and privacy. Companies should be transparent about their policies and practices for filtering, removing, or otherwise blocking access to content, whether in compliance with national laws or for breaches to the company’s own rules. This involves clearly disclosing how they handle requests to restrict content.

Benin levies internet tax

The government of Benin has approved measures that will tax citizens for using the internet and social media. The measures require citizens to pay five CFA francs ($0.008) per megabyte of data used on “over-the-top” (OTT) services, which includes for regular internet access, as well as apps like Facebook, Twitter, and WhatsApp. An additional tax of five percent will be levied on the price of service—excluding VAT—of standard telephony-based calls and messages.

Benin’s internet tax is part of a growing trend by African lawmakers to curb access to online services. Similar tax regimes have been implemented by the governments of Tanzania, Uganda, and Zambia. Digital rights advocates in Nigeria warn that the government there may soon follow suit. The policies are likely to aid regional telecommunications companies, who have lost significant revenue as OTT services continue to grow, but they will also impede internet access in a region where penetration remains low.

Governments should refrain from introducing measures, such as taxing internet usage, that impede internet access and violate human rights. Both governments and companies should carry out human rights due diligence in order to ensure that policies do not negatively affect freedom of expression, in breach of international human rights standards and norms.

Amazon investigates reported data breach

Amazon is investigating reports that employees have been accepting bribes in exchange for leaking customer data and manipulating product reviews in order to give some online sellers an advantage, according to the Wall Street Journal.  

The incidents were first discovered among Amazon employees in China, but the company is also investigating similar reports involving Amazon employees in the US.

Studies show that “insider threats” account for a majority of breach incidents. The 2018 Corporate Accountability Index recommends that companies disclose basic information on what steps they take internally to keep user information secure, including if they limit and monitor unauthorized employee access to user information. They also should disclose information about their processes for handling data breaches once they do occur, including policies for notifying affected users.

20 Sep

Posted at 06:00h in Announcements, Featured, News by
0 Likes

Photo by user geralt on Pixabay

Ranking Digital Rights (RDR) has partnered with Global Voices Translation Services to translate key components of the 2018 Corporate Accountability Index into six major languages—Arabic, Chinese, French, Korean, Russian, and Spanish.

The Index ranks the world’s most powerful Internet, mobile, and telecommunications companies on their disclosed policies affecting freedom of expression and privacy. The companies evaluated by RDR are headquartered around the world, and their products and services are accessed by the world’s 4.2 billion internet users. These translations will make our findings more accessible to companies, civil society, and policy makers in these regions.

The following materials are now available in each of the six languages listed above:

A summary of the overall findings of the Index:

Company report cards:

 

We would like to thank Global Voices for their work on these translations, as well as our research partners and regional partners for their help in reviewing and promoting these materials.

17 Sep

Posted at 11:56h in Announcements, Featured, News by
0 Likes

Global digital rights advocacy group Access Now has teamed up with the Business and Human Rights Resource Center (BHRRC) on a campaign urging all 22 companies evaluated in our 2018 Corporate Accountability Index to publicly respond to Index findings.

The Index ranks the world’s most powerful internet, mobile, and telecommunications companies on their disclosed policies affecting freedom of expression and privacy. Our 2018 Index found that all companies evaluated failed to disclose enough about these policies and practices for people to make informed decisions about their products and services.

In order to encourage companies to respond to our findings, Access Now has sent public letters to top executives of each of the companies ranked in the Index, with recommendations on ways each company can improve. The letters, which can be viewed heredraw from each company’s individual “report card” that summarizes their performance in the Index and outlines key areas where the company could improve its disclosure without requiring regulatory change.

Research from the 2018 Index found that while some companies are doing better than others, all companies can improve in the following areas:

  • Privacy: Companies failed to disclose enough about what user information is collected and shared, with whom, and under what circumstances.
  • Security: Companies provided insufficient evidence of measures to protect users’ information.
  • Expression: Companies don’t say enough about how they police content.
  • Governance: Too few companies make users’ expression and privacy rights a central priority for corporate oversight, governance, and risk assessment.

Responses by companies to Access Now’s letters will be published on the Business and Human Rights Resource Center (BHRRC) website as they are received.

14 Sep

Posted at 06:42h in Featured, News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Tech companies oppose Australia’s surveillance bill

Photo by user typographyimages on Pixabay

A group of top tech giants that includes Facebook, Google, Microsoft, Oath and Twitter has condemned a draft surveillance bill proposed by the Australian government’s Department of Home Affairs. The measures would require tech companies to aid law enforcement in decoding encrypted communications or face fines of up to A$10 million ($7.1 million). The government insists the legislation is needed to curb increasingly sophisticated criminal activity and will not undermine encryption, but critics say that the measures could compromise security and give authorities spying powers without proper judicial oversight.

The draft legislation represents a growing trend by governments around the worldincluding in the UK, the US, and Russiato seek access to encrypted communications, a move that security experts warn risks users’ security and privacy. Last October, the messaging app Telegram was fined for refusing to turn over encryption keys to Russian authorities.

The UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression asserts that encryption and anonymity are essential for enabling people to exercise their human rights. Governments should refrain from enacting regulations that undermine encryption or weaken encryption standards, in order to avoid unintended consequences for freedom of expression. The 2018 Corporate Accountability Index also recommends that companies should publicly commit to implementing the highest encryption standards available and permissible by law.

Google appeals global expansion of EU’s ‘Right To Be Forgotten’ ruling

Google and French regulators were back in Europe’s top court this week to argue about applying the controversial “Right To Be Forgotten” ruling worldwide. The French privacy watchdog has been pushing to expand the ruling to Google sites globally, a move heavily criticized by the company and rights groups for threatening free speech.

The 2014 ruling by the European Court of Justice (Google v Spain) requires search engines to remove “irrelevant and outdated” links at the request of individuals who believe the material violates their privacyeven if the information is lawful. The original ruling sparked outcry from free press advocates and media outlets, who warned that it limits access to information and can be abused by public figures to remove embarrassing information that the public has a right to know.

The ruling also triggered a wave of legal issues over how, when, and in what jurisdictions Google should remove links to search results. Google has complied with the ruling on all European versions of its search engine but not to domains outside Europe. French data regulators in 2016 challenged the company after receiving complaints that content had not been taken down, and fined Google EUR 100,000 ($116,000) for not removing links on its search engines outside of Europe. The regulator demanded that Google delist content on all Google sites globally.

At a hearing at the European Court of Justice this week, Google argued that applying the ruling to all of its search sites outside of Europe would constitute an unreasonable interference with freedom of expression and information and lead to conflicts with countries that don’t recognize the ruling. The European Commission agrees.

In accordance with international human rights law, restrictions on freedom of expression is not permissible except where proportionate and justifiable. Companies must therefore demonstrate a strong commitment to transparency by clearly disclosing their processes for responding to private requests to remove or restrict content. Companies should also regularly disclose data about such requests.

Social media platforms make moves to police hateful content

Facebook and Twitter this week took moves to ban hateful content and the spread of misinformation on their platforms. Twitter permanently banned rightwing conspiracy theorist Alex Jones, while Facebook permanently banned the accounts of 18 military officials in Myanmar including the commander-in-chief of the armed forces, as well as 52 related pages with a combined following of nearly 12 million people.

Twitter joins a handful of other social media companies to ban Jones from their platforms, including Facebook, Apple, and Spotify (Jones’ InfoWars remains active on Google’s Play Store, Newsweek reports). Facebook’s decision to ban the accounts of several Myanmar military officials follows a United Nations report highlighting the Myanmar military’s use of the platform in inflaming ethnic and religious tensions. A recent Reuters investigative report also forced Facebook to admit it had been “too slow to act” in removing content that was fueling violence.

Social media companies in recent months have come under growing criticism for failing to  better police content, and for lacking clarity about their rules and how they are enforced. As noted by the 2018 Corporate Accountability Index, companies should clearly disclose what types of content and activities they prohibit on their services and the process for enforcing these rules. They should also publish data about the volume and nature of content or accounts they have removed or restricted for violating their terms of service. While Facebook and Twitter have made some progress in this area, both still fall short of being fully transparent.