Corporate Accountability News Highlights: Telegram faces challenges from Russian authorities, U.S. and EU publish first annual Privacy Shield review, and data breach exposes millions of South Africans’ personal information

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Telegram faces challenges from Russian authorities

Image via Wikipedia

The messaging app Telegram has been fined for refusing to give Russian authorities access to encrypted communications. A Moscow court fined Telegram 800,000 Rubles (around 14,000 USD) after the company refused to turn over encryption keys allowing  authorities to decrypt and access the contents of user communications. In June, Telegram agreed to register as an “information distributor” with Russian communications regulator Roskomnadzor, a requirement under Russian data laws. Telegram founder Pavel Durov said this was a formality and that the company would not share private user data with the government. Durov also said the company would appeal the court ruling.

This case highlights the crackdown on encrypted communications by many governments throughout the world—both through efforts to legislate “backdoors” and law enforcement efforts to break encryption. It is important that companies publicly commit to implement high encryption standards, and advocate and push back against government efforts to undermine encryption. This also highlights challenges that many companies face in dealing with government requests for access to user information. As noted in our 2017 Corporate Accountability Index recommendations, companies should also commit to push back against excessively broad or extra-legal requests, and should use every opportunity available to pressure governments to move away from mass surveillance and institute meaningful oversight over national security and law enforcement authorities.Continue Reading

Corporate Accountability News Highlights: German telecommunications regulator makes landmark net neutrality decision, Twitter suspension raises questions about rules enforcement, U.S. government revives encryption debate

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

German telecommunications regulator makes landmark net neutrality decision

Photo by fdecomite (Licensed CC BY 2.0)

In a key decision affecting net neutrality in Europe, Germany’s telecommunications regulator has said that Deutsche Telecom’s zero rating program can continue. Zero rating programs allow telecommunications companies to offer certain services for free without counting against a customer’s data cap. Net neutrality advocates say that zero rating undermines the principle of net neutrality, and in some countries, like India, zero rating has been ruled in violation of net neutrality laws. The EU’s net neutrality rules, adopted in 2015, do not prohibit zero rating, and its 2016 implementation guidelines left it largely up to regulators to determine if zero-rated services are permissible. According to ZDNet, Germany’s zero rating decision is the first from an EU regulator since the EU net neutrality rules were implemented, and may influence how other countries approach the issue.

Our Corporate Accountability Index indicator on network management evaluates companies on whether they clearly disclose that they do not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network. It considers zero rating as a type of traffic prioritization, and look for companies to clearly disclose that they do not engage in such practices. If they do, we look for them to clearly disclose their purpose for doing so. Of the ten telecommunications companies evaluated in the 2017 Index, Vodafone was the only one to receive full credit on this indicator, for clearly disclosing that it does not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network.Continue Reading

Corporate Accountability News Highlights: Google and Apple report increase in user data requests from U.S. government, new German law imposes steep fines on social media companies, EU-US data transfer case referred to EU high court

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Google and Apple report jump in U.S. government requests for user data

U.S. Department of Justice (Image via Wikipedia, licensed CC BY-SA 3.0)

Google and Apple both report a significant increase in U.S. government requests to hand over user information, according to the companies’ latest transparency reports covering a six-month period from January to June 2017. Apple reported an increase in U.S. government requests for user information, affecting 6,407 accounts, a 62 percent increase compared to the previous six-month period. Google reported that requests from U.S. government authorities for user data affected more than 33,000 accounts, a 23 percent increase. Both companies also reported an increase in government requests worldwide.

Internet and telecommunication companies often receive requests from governments to restrict content and to hand over user information. As noted in the Index, companies should publish information about their process for handling such requests, as well as the number of they receive and comply with. Companies should also disclose that they push back on overly broad requests so that the public can make informed decisions about potential freedom of expression and privacy risks associated with products and services they use. In the 2017 Corporate Accountability Index, although 15 of the 22 companies evaluated published some information on their processes for responding to government requests for user information, only 11 published any data about these requests.Continue Reading

Corporate Accountability News Highlights: Russia threatens Facebook over data localization, Spain orders companies to censor Catalan referendum content, U.S. and EU complete first annual Privacy Shield review

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Russia threatens to block Facebook over data localization law

Russian authorities have announced that Facebook will be blocked next year if the company does not comply with a Russian data localization law. Under the law, which entered into force in 2015, data operators processing personal data of Russian citizens must do so using servers within Russia. In November 2016, Russia blocked LinkedIn for not complying with the data localization law. In January 2017, Russian authorities also ordered Apple and Google to remove the LinkedIn app from their app stores.

Privacy advocates have raised concerns over the impact of data localization requirements, particularly in Russia, where authorities have significant mass surveillance capabilities. This could also make it more difficult for companies operating in Russia to be transparent about government access to user data. As noted in our 2017 Corporate Accountability Index Russian company analysis, Russian authorities may have direct access to communications data through a program called SORM. It therefore may be impossible for companies to publish data on Russian authorities’ requests for user information, since they may not know themselves how often various agencies exercise their authority under SORM.Continue Reading

Why should investors care about digital rights?

When companies fail to respect users’ privacy and freedom of expression, users clearly pay a price, but they are not alone.

Luis Villa del Campo via Wikimedia Commons (CC-BY 2.0)

Building on the Ranking Digital Rights 2017 Corporate Accountability Index, our inaugural Investor Research Note analyzes how investors may be affected when companies fail disclose adequate commitments and policies affecting users’ rights.

With it we aim to build investor awareness of potential material risks related to digital rights in order to inform investment research and decisions, and to support investor engagement with companies on these issues. We address:

  • How digital rights provide a framework for evaluating risks associated with the management and use of content and personal data by companies.
  • How the financial implications of digital rights issues are growing, reshaping how investors should think about risk profiles of companies that provide services affecting consumer privacy, data security, and management of content affecting users’ freedom of expression.
  • How investors can use RDR’s Corporate Accountability Index as a leading indicator for what are potentially the most material digital rights business and investment risks.

Continue Reading