RDR is now an independent initiative. Our website is catching up.  Read our announcement →

Donate

29 Jun

Posted at 12:03h in News by
0 Likes

The EU moves forward with new copyright rules

European lawmakers are moving forward with new copyright rules despite warnings from digital rights advocates over measures they say could increase internet censorship and stifle freedom of expression. Last week, the EU’s Legal Affairs Committee (JURI) approved the Copyright Directive, which overhauls the EU’s copyright law and holds companies legally accountable for monitoring and enforcing the new rules. 

European Union Flags, Photo by user Thijs ter Haar via Flickr (CC BY 2.0)

Among the more controversial provisions is Article 13, which requires all content uploaded online in the EU to be checked for copyright infringement. According to the Electronic Frontier Foundation (EFF), Article 13 means that any website that allows users to post “text, sounds, code, still or moving images, or other copyrighted works for public consumption will have to filter all their users’ submissions against a database of copyrighted works.” The directive requires websites to use “appropriate” measures to prevent infringing content from appearing on their platforms, which critics say is not only vague but also excessively burdensome on companies, which are likely to err on the side of over-censoring content in order to avoid breaching the new copyright rules.

Internet and telecommunications companies should be transparent to their users about their policies and practices for filtering, removing, or otherwise blocking access to content, whether in compliance with national laws or for breaches to the company’s own rules. They should clearly disclose their processes for identifying content that breaches these rules and report the volume and nature of content removed. Results from the 2018 Corporate Accountability Index show that companies across the board fail to disclose sufficient information about these processes.

(more…)

14 Jun

Posted at 06:19h in News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Vietnam parliament approves restrictive cybersecurity measures

Parliament House in Hanoi. Photo by user Hieucd via Wikimedia Commons (CC BY-SA 4.0)

Lawmakers in Vietnam have passed a cybersecurity law limiting freedom of expression online and requiring tech companies to store data locally and to operate offices in the country.

Set to take effect on January 1, 2019 the law includes vague and broad provisions banning speech and posts deemed offensive to the ‘’nation, the national flag, the national anthem, great people, leaders, notable people and national heroes.’’ The law further prohibits the dissemination of ‘’incorrect information.’’ At the request of the Information and Communications Ministry or the Public Security Ministry, companies will have 24 hours to remove content in violation of the new law.

The law raises privacy concerns since it requires tech companies to store data on servers in Vietnam, making it easier for authorities to force companies to hand over user data.

Speaking to lawmakers before the vote, Vo Trong Viet, chairperson of the National Assembly’s Committee on Defense and Security defended the bill on security grounds. However, the bill’s adoption is part of a wider crackdown targeting government critics online, human rights activists, independent journalists and bloggers.

It remains unclear how tech companies will respond to these measures. In a brief statement the Asia Internet Coalition (AIC), an industry group that represents tech and internet companies in Asia including Facebook, Twitter, Google and Line, said that it was ‘’disappointed’ that the law was passed. ‘’The provisions for data localisation, controls on content that affect free speech, and local office requirements will undoubtedly hinder the nation’s 4th Industrial Revolution ambitions to achieve GDP and job growth,’’ according to the group’s statement.

Companies should conduct regular, comprehensive human rights risk assessments evaluating how laws affect freedom of expression and privacy in the jurisdictions in which they operate, and assess freedom of expression and privacy risks when entering new markets or launching new products. Companies should also seek ways to mitigate risks posed by those impacts. The 2018 Corporate Accountability Index found that while Facebook, Google, Microsoft and Oath disclose strong commitments to conduct human rights impact assessments, other major tech players lag behind. Both Apple and Samsung fail to disclose whether or not they regularly assess risks to freedom of expression associated with the laws of the jurisdictions where they operate or a new activity such as the launch of a new service or entry into a new market.

(more…)

04 Jun

Posted at 11:05h in News, Publications by
0 Likes

Last week David Kaye, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, published a landmark report examining State and company regulation of online expression. Kaye’s report, which will be presented to the Human Rights Council on June 19th, offers a human rights framework to guide companies in moderating online content. (Update: please note that the date of the HRC presentation has been corrected from July to June 19th.)

Drawing on the UN Guiding Principles on Business and Human Rights and other “best practices in the field” the Special Rapporteur outlines measures that companies should incorporate into their interactions with governments and the development and enforcement of their own rules and policies. These measures emphasize transparency, due diligence, regular public input and engagement, and access to remedy.

The Ranking Digital Rights Corporate Accountability Index evaluates some of the world’s most powerful companies on whether and how they enact just such types of policies and measures. In December we submitted a paper highlighting relevant findings and recommendations from the 2017 Corporate Accountability Index—focusing on the question of whether and how platforms can respect users’ rights in policing online content. Kaye’s report cites RDR’s data and analysis in several places, and refers to RDR’s Index as “the leading review of Internet transparency.”

Our latest 2018 Corporate Accountability Index further reinforces the conclusions of Kaye’s report. As we noted in our analysis of corporate governance disclosures, few companies provide evidence of systematic human rights due diligence, particularly in relation to how they formulate and enforce their own terms of service. Transparency reporting was found to be weakest around the private policing of content. Platforms are much less transparent in general about how content is restricted than about how the companies respond to government requests for user data.

The Special Rapporteur also called on governments to ensure that “their policies toward online expression, and toward the platforms, sustain enabling environments for freedom of expression.” As we highlighted in our 2018 Index report, many countries’ laws and government policies are preventing companies from maximizing transparency around how online expression is policed and governed. Many of Kaye’s recommendations to governments overlap with several of RDR’s 2018 recommendations for governments. Specifically, we recommended:

  • Corporate accountability: Ensure that laws and regulations maximize companies’ ability to be transparent and accountable with users about how they receive and handle government and other third-party requests to restrict speech or information flows, or to share user information. Laws that prevent transparency and cannot be justified on public security grounds, in line with international human rights standards, should be reformed.
  • Government accountability: Publish government transparency reports that disclose the volume, nature, and legal basis for requests made to companies to share user information or restrict speech. This should be a fundamental component of any nation’s commitment to open government.
  • Judicial remedy: Ensure that adequate judicial remedies are in place for internet users whose freedom of expression and privacy rights are violated.
  • Corporate remedy: Require companies to provide and implement effective mechanisms for grievance and remedy that are accessible to users who believe that their freedom of expression and privacy rights have been violated in connection with the use of a company’s products and services.
  • Legislative accountability: Carry out human rights due diligence to ensure that laws and regulations governing ICT sector companies do not have a negative impact on internet users’ freedom of expression and privacy as defined by the Universal Declaration of Human Rights and international human rights instruments, such as the International Covenant on Civil and Political Rights.

We are excited to work with the Special Rapporteur and the community of stakeholders who provided input into this year’s report to promote global platform governance that is compatible with international human rights standards.

Kaye’s June 19th presentation in Geneva will be livestreamed at http://webtv.un.org/

[Corrected 13 June: The original version of this post incorrectly gave the date of Kaye’s Geneva presentation as July 19th instead of June 19th.)

01 Jun

Posted at 07:31h in News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Facebook and Google face first GDPR complaints

Facebook and Google are already facing their first complaints for non-compliance with the EU’s sweeping new data protection rules that came into force on May 25.

The General Data Protection Regulation (GDPR), which regulates the processing of personal data of EU residents, gives individuals new rights to control how their data is being processed and used, including by businesses and organizations.

These changes include the rights to move one’s data from one company or service to another and the right to request the data a company or organisation holds on individuals. Data processors are also required to provide individuals with clear information on how their data is being processed including the purposes for processing their data, where that data comes from, for how long it will be stored, and whether it will be transferred outside the EU or shared with third parties.

The GDPR officially came into effect on May 24, 2016, giving companies roughly two years to prepare before the new rules came into force this May. Companies have been rolling out changes. Immediately after the regulations came into force, Austrian privacy activist Alex Schrems filed four complaints against Facebook, Instagram, WhatsApp, and Google’s Android for GDPR violations regarding limited user consent options. Schrems stated that while the GDPR requires “informed and specific consent,” the  services impose a form of “forced consent” because users have to either agree to their privacy policies or lose complete access to these services.

Internet, mobile, and telecommunications companies should be transparent about how they handle user information including which user information they collect and share and for what purposes, how they collect that information and with whom they share it, and for how long they retain it. Companies should also give users options to control how their information is used, including for targeted advertising.  

The 2018 Corporate Accountability Index found that companies do not disclose enough information about how they handle user information and that users remain largely in the dark about what information about them is collected and shared, with whom, and for what purposes.

(more…)

30 May

Posted at 09:35h in Events, News by
0 Likes

Internet and mobile companies operating in politically restrictive or developing markets disclose hardly any information about policies affecting users’ freedom of expression and privacy, leaving users in these regions particularly vulnerable to unknown human rights risks, according to several new studies using the Ranking Digital Rights Corporate Accountability Index methodology.

Researchers who were involved in these studies gathered at RightsCon in Toronto on May 18 to discuss results of their research on companies in Africa, China, the Middle East, and Russia, and to discuss how RDR’s Index methodology can be used to encourage corporate accountability and transparency in developing economies and challenging political environments.

Session participants were among a growing number of researchers and advocacy groups around the world who are adapting the Index methodology to evaluate local and regional internet and telecommunications companies on their disclosed commitments to users’ freedom of expression and privacy.

In 2018, the digital rights group Internet Without Borders  published a report analysing the terms of service and privacy policies of Orange in Senegal and Safaricom, a Vodafone subsidiary, in Kenya. Beirut-based digital rights group Social Media Exchange (SMEX) produced a study applying the Index methodology to evaluate 66 mobile operators in the Arab region. The Russian internet freedom NGO RosKomSvoboda used a select number of Index indicators to evaluate the transparency of four network mobile operators in Russia and used technical testing to evaluate how companies implement their policies in relation to content blocking. Researchers with the Hong Kong Transparency Report conducted an analysis of how laws in China help or hinder companies from being more transparent regarding policies and practices measured by Index indicators.

This type of research gives advocacy groups an opportunity to start a conversation around digital rights issues and to engage the private sector, particularly in countries and regions where awareness about the impact ICT businesses have on people’s rights is lacking, according to participants. “Our report has opened up a conversation with companies, and even encouraged changes in some of them,” according to Julie Owono, executive director of Internet Without Borders. “For example, some Orange subsidiaries are now offering training for users on their privacy rights,’’ she said.

‘’Transparency isn’t a part of Russian business culture,’’ Sarkis Darbinyan, one of the co-authors of the RosKomSvoboda report, said. Although it has been challenging for them to directly engage with these operators, RosKomSvoboda researchers have been able to ‘’engage somewhat’’ with companies by asking them questions at public events, according to Darbinyan.

Research using the Index methodology can also help digital rights groups and activists focus on areas in which companies can be more transparent about their policies even in legally and politically challenging environments. For example, researchers with the Hong Kong Transparency Report found several areas in which the law does not prevent Chinese internet companies from disclosing information about policies affecting users’ rights, particularly in terms of users’ privacy.

‘’Tencent and Baidu scored quite poorly in the 2018 Index, but even under Chinese law, they could significantly improve [their] digital rights disclosures,’’ Ben Zhou of the Hong Kong Transparency Report said. Tencent and Baidu were among 22 internet, mobile, and telecommunications companies evaluated by RDR’s 2018 Corporate Accountability Index on their public commitments and disclosed policies affecting users’ freedom of expression and privacy.

We encourage digital rights groups and researchers to use and adapt the Index methodology to produce local research evaluating the human rights policies and practices of companies and services in their regions.