Mail.ru Group Limited, together with its subsidiaries, provides online communication products and entertainment services in Russia and internationally. The company operates through five segments: Email, Portal and IM; Social Networks; Online Games; Vkontakte (VK); and Search, E-Commerce and Other Services. These segments deliver social platforms or services that enable online communications and sharing, offer games or entertainment, provide advertising services, support e-commerce and in application purchases, and deliver search services.
IndustryInternet Software and Services
Market CapUSD 3,996 million
Stock SymbolLSE: MAIL
Mail.ru had the lowest score of all companies in the Index. The Russian Internet was rated “not free” by Freedom House’s 2015 “Freedom on the Net” index. Internet companies operating in Russia are governed by laws that give authorities broad powers to create “blacklists,” hold companies responsible for policing user content, and require companies to block and remove content. A recent study indicates relatively broad support for censorship in Russia. Russian law also requires companies to implement a mass surveillance system called SORM, which [enables security services])https://csis.org/publication/reference-note-russian-communications-surveillance) to access all user data. These factors contribute to an environment in which Russian companies face little incentive to make public commitments to respect users’ freedom of expression and privacy. Nonetheless, there is room within Russian law for Mail.ru to make efforts that could result in stronger performance on many of the Index indicators.
Mail.ru scored lowest among Internet companies on Commitment, and it was second to last of all companies in the Index. In this category, it only received some credit for grievance and remedy mechanisms (C6) because the company’s mail and chat services, but not the social network VKontakte, have a provision in their user agreement that users who believe their “rights and interests are infringed by the actions of Mail.Ru shall be entitled to lodge a claim.” Russian law does not specifically prevent Mail.ru from strengthening its policy commitments and grievance and remedy mechanisms, in addition to other efforts such as oversight (C2), training, (C3), and impact assessment (C4) outlined in this category.
Mail.ru placed second to last among Internet companies on Freedom of Expression. Its score in this category surpassed that of Tencent because the company does not subject mail and chat users to identity checks (F11). Beyond having publicly available terms of service (F1), the company’s only other disclosures for this category related to informing users about reasons why it may restrict content and access to the service (Indicators F3 and F4).
Transparency about requests to restrict content: Russian law does not specifically prevent companies from being more transparent about their processes to handle third-party requests and terms of service enforcement. While Russian law has not been tested in this regard, it does not appear to prevent the company from publishing at least some data related to some types of restriction requests it receives. However legal experts we consulted point to Russia’s rapidly evolving regulatory landscape, which is trending towards stronger restrictions, thus dis-incentivizing companies from testing legal boundaries in the direction of respecting users’ freedom of expression.
On Privacy, Mail.ru scored fewer points than any other company in the entire Index.
Handling of user information: Mail.ru does not offer publicly available privacy policies for two of the three services examined (Mail and chat). The company’s disclosures about what user information it collects (P3) and shares (P4) are notably weaker than the Chinese company, Tencent. Based on our understanding of Russian law, it should be possible for Mail.ru to disclose more about how and why the company collects, shares, and retains user information. It should also be possible for the company to disclose to users what information about them it holds.
Transparency about requests for user data: Russian law, which requires all user data to be shared with authorities, is also interpreted to prevent companies from sharing information related to government requests (Indicators P9, P10, P11). Experts and resources we consulted indicate that the line between government and private requests is generally blurry, creating strong disincentives for companies to disclose any type of requests for user data.
Security: The company does provide some information about security standards (P12); notably, it offers “two step authentication” across two of the three services examined. It also offers some user education about cyber threats (P14).