Digital platforms

Alibaba Group Holding Limited

Rank: 11th
Score: 26%

Headquartered in China, Alibaba runs China’s largest e-commerce platform, alongside cloud computing, video streaming, food delivery, and various other services. It had 891 million active users in China in 2021. Alibaba derives the largest share of its revenues from e-commerce.

Yahoo2
54%
Google4
47%
Meta5
46%
Apple6
44%
Kakao6
44%
Yandex8
35%
Baidu9
28%
VK9
28%
Alibaba11
26%
Samsung11
26%
Amazon13
25%
Tencent13
25%

Over the past 15 years, Alibaba has built a sprawling tech empire that began with an online retail platform and then extended to mobile payment, cloud computing, entertainment, and mass media services. Like its Chinese peers, Alibaba has faced both regulatory and soft pressure amid China’s crackdown on the tech sector that has targeted issues ranging from antitrust actions to data protection. In November 2020, the Shanghai stock exchange called off the USD $37 billion IPO of Ant Group, the sister company of Alibaba, as a prelude to China’s crackdown on the tech sector. Alibaba's own IPO in 2014 was the biggest in history and established a skewed voting structure that favored company insiders over ordinary shareholders.

In 2021, the company was fined by Chinese authorities a record USD $2.75 billion for "abusing market dominance" by preventing its merchants from using online e-commerce platforms other than its own platforms. Moderation of merchandise on Taobao has been a persistent challenge: H&M was banned from Taobao in March 2021 after the Swedish clothing retailer publicly refused to buy cotton produced in China’s western Xinjiang region, owing to reports of forced labor and other human rights abuses against Uyghur Muslims and other ethnic minorities. The platform also was summoned by the Cyberspace Administration of China (CAC), China’s top internet regulator, for “inappropriate child-related content.”

In our research, we found that Alibaba failed to publish any data about actions it took to enforce content rules, nor did it provide sufficient information about its processes for responding to government demands to restrict content and accounts. In contrast to Chinese peer companies Tencent and Baidu, it provided a relatively understandable mechanism for appealing content-moderation decisions for its e-commerce platform Taobao. But given the regulatory environment in which it operates, Alibaba is unlikely to accept appeals for cases that are politically sensitive or otherwise go against official sentiment.

The company’s overall performance on our privacy indicators declined slightly, though China’s new laws on privacy and cybersecurity also led to some small improvements. Taobao began allowing users to opt out of its browsing recommendation system, in accordance with China’s new Personal Information Protection Law, and Alibaba committed to notify users and the public if a data breach should occur. After Alibaba failed to report a major software vulnerability in a timely manner, a requirement of China’s Cybersecurity Law, the government suspended its cybersecurity partnership with the company in late 2021. Like its Chinese competitors, Alibaba did not engage with RDR during the company feedback phase of our research.

Key takeaways

  • Alibaba did not publish a commitment to respect users’ rights to freedom of expression and privacy and provided no evidence of conducting human rights due diligence.
  • Alibaba was not transparent about third-party demands, both government and private, to restrict content and accounts. It disclosed no concrete data about actions it takes to enforce its rules, including ad-content and ad-targeting rules.
  • Alibaba published more information about its security policies than about its handling of user data, thanks to strong disclosures on its internal security protocols and its approach to data breaches.
  • Taobao, the e-commerce platform of Alibaba, allowed users to opt out of its algorithmic recommendation system and targeted ads system.

Key recommendations

  • Commit to respect human rights. Alibaba should make a formal commitment to respect freedom of expression and privacy as human rights.
  • Publish more information about processes for responding to third-party demands. Alibaba should publish more information about its processes for responding to government demands and private requests to censor content and to hand over user information. While China's political environment discourages companies from disclosing detailed information about government requests for user data, Alibaba should be able to disclose if and under what circumstances it hands over user data in response to private requests.
  • Be transparent about policies on handling user information. The company should disclose all the types of user data it infers and shares, and the retention periods for each type of user data it collects. It also should provide users with sufficient options to control how the company uses their data.

Services evaluated:

  • Taobao.com
  • AliGenie
  • Market cap: $272.04 billion (as of April 13, 2022)
  • NYSE: BABA
  • HKEX: 9988
  • Stock structure: Single class, one vote per share. Company partners (insiders) have the exclusive right to nominate candidates for the board of directors.
  • Read more about how stock structures can be a barrier to shareholder participation
  • Website: https://www.alibabagroup.com

The 2022 Big Tech Scorecard covers policies that were active on November 1, 2021. Policies that came into effect after November 1, 2021, were not evaluated for this ranking.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Jie Zhang, Afef Abrougui

Changes since 2020

  • The company provided comprehensive disclosures on the role of AI in moderating content on AliGenie, Alibaba’s virtual assistant.
  • Alibaba disclosed that it enables third parties to target users with advertising content.
  • Alibaba allowed users of Taobao, its e-commerce platform, to opt out of all targeted advertising.
  • Alibaba published less information about certain policies than it did in 2020. Alibaba no longer mentions that it uses de-identified data from its Taobao users for machine learning or the training of algorithms. Further, Alibaba no longer describes situations in which the company will not notify Taobao users when handing over their data in response to government demands.

Scores since 2017

100%0%2017201820192020202225%26%
Most companies’ scores dropped between 2019 and 2020 with the inclusion of our new indicators on targeted advertising and algorithmic systems. To learn more, please visit our Methodology development archive.
Governance8%
Freedom of expression18%
Privacy37%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 8%

Alibaba earned the lowest governance score of all the companies we evaluate. It did not disclose a commitment to protect human rights (G1) and failed to provide any evidence of conducting human rights impact assessments for any of its products or services (G4). Although it allowed sellers and buyers to appeal if their listings, content, or accounts were restricted, it did not provide a channel for its users to file complaints regarding their freedom of expression concerns (G6a).

Freedom of expression 18%

Alibaba was not transparent about its policies affecting freedom of expression. It was transparent about its ad-content rules and how it enforces them (F3b), but it lacked transparency about its ad-targeting rules (F3c) and failed to publish any data about the actions it takes to enforce them (F4). It was more transparent about its use of algorithms to curate, rank, and recommend content than most other companies we rank, although its disclosures lacked clarity about how these systems work and what options users have to control them (F12).

Privacy 37%

While Alibaba failed to sufficiently inform users about how it handles their information (P3–P9), it was more transparent about its security policies (P13–P16). Along with Baidu and Yahoo, it earned the highest score for its process for responding to data breaches (P15). It also earned full credit for its internal measures to keep user information secure (P13). However, the company’s encryption policies were weak, as it did not disclose whether it uses a unique key in communication transmission or end-to-end encryption to protect users’ private content (P16).