Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
Facebook and Google face first GDPR complaints
Facebook and Google are already facing their first complaints for non-compliance with the EU’s sweeping new data protection rules that came into force on May 25.
The General Data Protection Regulation (GDPR), which regulates the processing of personal data of EU residents, gives individuals new rights to control how their data is being processed and used, including by businesses and organizations.
These changes include the rights to move one’s data from one company or service to another and the right to request the data a company or organisation holds on individuals. Data processors are also required to provide individuals with clear information on how their data is being processed including the purposes for processing their data, where that data comes from, for how long it will be stored, and whether it will be transferred outside the EU or shared with third parties.
The GDPR officially came into effect on May 24, 2016, giving companies roughly two years to prepare before the new rules came into force this May. Companies have been rolling out changes. Immediately after the regulations came into force, Austrian privacy activist Alex Schrems filed four complaints against Facebook, Instagram, WhatsApp, and Google’s Android for GDPR violations regarding limited user consent options. Schrems stated that while the GDPR requires “informed and specific consent,” the services impose a form of “forced consent” because users have to either agree to their privacy policies or lose complete access to these services.
Internet, mobile, and telecommunications companies should be transparent about how they handle user information including which user information they collect and share and for what purposes, how they collect that information and with whom they share it, and for how long they retain it. Companies should also give users options to control how their information is used, including for targeted advertising.
The 2018 Corporate Accountability Index found that companies do not disclose enough information about how they handle user information and that users remain largely in the dark about what information about them is collected and shared, with whom, and for what purposes.
Syria and Iraq shut down networks to prevent exam cheating
Syrian authorities have once again resorted to shutting down networks to prevent cheating on university entrance exams for high school students. Oracle’s Internet Intelligence blog noted two disruptions each lasting 4.5 hours this week.
Shutting down networks to prevent exam cheating is not unheard of in Syria or in other countries in the region. Such disruptions were documented in Iraq since summer 2015. Authorities there continue to resort to such measures with the latest disruption reported by the digital rights-advocacy group Social Media Exchange on May 31, coinciding with junior high school exams.
Telecommunications companies should be transparent about their processes for responding to government requests to restrict access to networks. They should disclose information about how they handle government network shutdown demands, including under whose authority a shutdown is ordered, so that those responsible can be held accountable. None of the 10 telecommunications companies evaluated in the 2018 Corporate Accountability Index disclosed sufficient information about how they handle government network shutdown demands. Vodafone was the only company to clearly disclose its process for responding to these types of government demands and to clearly commit to push back against demands when possible. Telefónica was the only company that disclosed the number of shutdown requests it received.
California Senate approves net neutrality bill
On Wednesday, the California Senate voted to approve a bill to protect net neutrality. The bill bans internet service providers (ISPs) from blocking or slowing down access to online content and requires them to treat all internet traffic equally.
Following a decision by the Federal Communications Committee (FCC) last December to repeal net neutrality protections, several states have started processes to protect net neutrality at the state level. In California, the bill was approved by 23-12 and will now head to the state Assembly.
A free and open internet depends on the ability for all users to have equal access to content and services, which is not possible if ISPs block or delay certain types of content or apps. Telecommunications companies should therefore commit to not prioritize or block certain types of network traffic. As the 2018 Corporate Accountability Index research showed, most of the world’s leading telecommunications companies fall short of making such a public commitment. Of the ten telecommunications companies evaluated, Vodafone was the only company to clearly disclose that it does not prioritize, block, or delay certain types of traffic, applications, protocols, or content for reasons beyond assuring quality of service and reliability of the network.
