Baidu was the lowest-ranked internet and mobile company evaluated and received the third-lowest score in the Index overall. Baidu is new to the Index, joining Tencent as the second Chinese company evaluated. The 2016 Freedom on the Net report by Freedom House rated China’s internet environment as "Not Free" with China scoring the lowest of all countries reviewed. While many aspects of Baidu’s poor performance can be blamed on China’s legal and regulatory environment, the company can be held responsible for poor disclosure on most of the indicators related to how a company handles and secures user information. The fact that Tencent outperformed Baidu on several such indicators (in some cases substantially) proves that the legal environment does not fully excuse Baidu’s poor performance.
Baidu Inc. provides internet search services, in China and internationally. Other services offered include cloud storage, maps, an encyclopedia, and more. Baidu PostBar is an online social network based around discussion topics that are closely integrated with Baidu Search. Baidu also provides online marketing services, from which it derives the majority of its revenue.
Baidu was the only company in the entire Index to receive no credit in the Governance category. The company did not publicly commit to uphold freedom of expression or privacy as human rights (G1), or give any evidence of senior-level oversight over these issues (G2). It did not disclose an employee training or a whistleblower program related to freedom of expression and privacy (G3), if it conducts human rights due diligence (G4), or if the company engages with stakeholders on freedom of expression or privacy issues (G5). Baidu also offered no evidence of grievance and remedy mechanisms for users to report infringements of their freedom of expression and privacy (G6).
Baidu scored lowest of all internet and mobile companies in the Freedom of Expression category, just below Tencent.
Content and account restriction requests: Baidu disclosed less on these indicators than any internet and mobile company evaluated (F3, F4, F8). The company received some credit for its disclosure of what types of content or activities are prohibited on its services (F3). Notably, this indicator rewards companies for the clarity of their rules, rather than for respecting users' freedom of expression rights per se. Baidu did not disclose if it notifies users when their content or accounts have been restricted (F8).
Requests for account or content restriction: Baidu was one of only two internet and mobile companies to receive no credit on these indicators (F5-F7). It did not disclose information about its process for responding to government or private requests to restrict content or accounts (F5), nor did it publish data about these requests it receives (F6, F7).
Identity policy: The company disclosed that it requires users to verify their identity with a government-issued ID for all services. A rule issued by the standing committee of the National People’s Congress in 2012requires internet companies to do so (F11).
Baidu had greater disclosure in the Privacy category, although it still scored substantially lower than all other internet and mobile companies, including Tencent.
Handling of user information: Baidu disclosed less than all internet and mobile companies about how it handles user information (P3-P9). It provided some disclosure of the types of user information it may collect (P3), but gave less information about what is shared (P4), and why (P5). Baidu disclosed nothing about how long it retains this information (P6). The law requires retention for 60 days but does not forbid disclosure of that fact.
Requests for user information: Baidu disclosed almost nothing about how it handles government and private requests for user information, earning equally low scores on these indicators as Tencent (P10-P12). While Chinese law makes it unrealistic to expect companies to disclose most information about government requests, Baidu should be able to reveal if and when it shares data with private parties and under what circumstances. The company did not disclose if it notifies users when governments or private parties request their information (P12).
Security: Baidu had the least amount of disclosure of all internet and mobile companies on this set of indicators (P13-P18). Baidu disclosed no institutional processes to ensure the security of its products and services (P13) or address data breaches (P15). Unlike Tencent it disclosed no information about efforts to address security vulnerabilities (P14).