MTN ranked sixth out of the 10 telecommunications companies and 17th in the Index overall. Although South Africa’s internet environment is ranked as free by Freedom House, the company operates in a number of challenging markets including Iran, Rwanda, Afghanistan, and other countries across the Middle East and North Africa, making it difficult for the company to disclose concrete policies to implement its commitment to respect human rights across all of its global operations. MTN’s group-level corporate entity has historically relied on the company’s operations outside of South Africa for revenue. While South African law might prevent some specific disclosures, it does not prevent MTN South Africa from being much more transparent in general about policies and practices that affect users’ freedom of expression and privacy.
MTN Group Limited is a telecommunications company that serves markets in 35 countries in Africa, Asia, and the Middle East. It offers voice and data services, and business services, such as cloud, infrastructure, network, software, and enterprise mobility.
MTN received the ninth-highest score of all 22 companies evaluated in the Governance category, and notably ahead of Twitter and Apple. The company disclosed an explicit commitment to freedom of expression and privacy as human rights (G1), and evidence of senior-level oversight over these issues within the company (G2). However, the company fell short on the remaining governance indicators: it disclosed a whistleblower program, but the focus of the program appeared related only to corruption and fraud (G3). Although MTN noted plans to finalize internal risk assessment guidelines, it did not reveal if it currently conducts human rights due diligence (G4). Likewise, MTN lacked clear disclosure of whether it engages with stakeholders on freedom of expression and privacy issues (G5), or of a grievance and remedy mechanism allowing users to address freedom of expression and privacy concerns (G6).
In the Freedom of Expression category, MTN tied with Axiata for the second-lowest score of all telecommunications companies, ahead of Bharti Airtel.
Content and account restriction requests: MTN was one of the six telecommunications companies to receive no credit on these indicators (F5-F7). The company did not clearly disclose its process for handling government or private requests to restrict content or accounts (F5) nor did it publish any data about the number of such requests it received or complied with (F6, F7). South African law does not prevent companies from disclosing this information.
Network management and shutdowns: MTN disclosed little about its network management and shutdown policies (F9, F10). The company enables users to access Facebook without charging their data plan, a practice known as “zero rating,” but disclosed nothing more about its network management practices (F9). MTN also provided minimal information about its network shutdown policies and procedures (F10).
Identity policy: MTN South Africa disclosed that users must register their SIM card with the company using their government-issued identification. All mobile phone users in South Africa are legally required to do so (F11).
MTN ranked eighth out of the 10 telecommunications companies in the Privacy category, ahead of only Etisalat and Ooredoo.
Handling of user information: MTN was among the lowest-scoring companies on these indicators, offering slightly more disclosure than Etisalat and Ooredoo (P3-P8). It provided just minimal information about what types of user information it collects and why (P3, P5), but no information about what it shares or for how long it retains user information (P4, P6). The company also failed to disclose options available to users to control what information about them the company collects and shares (P7), or to obtain all of the information the company holds on them (P8).
Requests for user information: Like most telecommunications companies, MTN South Africa provided almost no information about how it handles requests from governments and private parties for user information (P10-P11). It gave little information about its process for handling such requests (P10) and no data about the number of such requests it receives or complies with (P11). Companies in South Africa are prohibited from publishing such information about government requests, including the fact that a request was made, but nothing prevents them from fully disclosing how they handle private requests and the number of these requests they receive and comply with.
Security: MTN had low disclosure on this set of indicators, scoring better than only Etisalat and Ooredoo (P13-P18). The company revealed that it conducts audits to address security vulnerabilities, but did not clearly disclose whether it has a security team that conducts these audits (P13). However, it was one of only two telecommunications companies to offer any disclosure on its processes for addressing security vulnerabilities (P14).