Chinese internet companies show room for improvement

Chinese internet companies operate in one of the world's most restrictive environments. The 2016 Freedom on the Net report by Freedom House rated China's internet environment as "Not Free," with China receiving the lowest score of all countries reviewed.

The 2017 Corporate Accountability Index evaluated two Chinese companies: Baidu and Tencent. The poor performance by both companies in the 2017 Index highlights legal and regulatory obstacles that make it difficult for companies to respect for freedom of expression and privacy. Chinese companies indeed will not be globally competitive on respect for users' rights until China undertakes substantial legal and regulatory reforms.

china1

Yet there were notable differences in their disclosed policies, particularly in relation to policies affecting users' privacy and security. These variations in performance indicate that Chinese internet companies can disclose more about policies affecting users' privacy. Chinese companies have room not only to improve-but even to compete-on the degree to which they safeguard user information and handle it responsibly.

Two key trends emerge from these results:

These trends highlight areas in which Chinese companies can and should be held responsible for their policies and disclosures-and provide a roadmap for improvement for these specific companies and the Chinese internet sector more broadly.

Legal and regulatory challenges

All digital products and services operating across and within Chinese borders are subject to Chinese law. Chinese law stipulates nine categories of forbidden content, including speech that "harms the dignity or interests of the State," "disseminates rumors, disturbs social order or disrupts social stability," or "sabotages State religious policy."

Chinese companies are held liable if forbidden content is published on or transmitted through their services. Services that do not make a concerted effort to police such content are blocked from being accessed through mainland Chinese internet service providers. For this reason most major U.S.-based multinational internet companies including Google, Facebook, and Twitter are not accessible to users of fixed-line and mobile networks operating in China.

An even more restrictive cybersecurity law, passed in late 2016 and set to take effect in mid-2017, requires companies to assist public security in "protecting national security and investigating crimes" and authorizes the creation of "systems for cybersecurity monitoring, early warning, and notification" which companies would be required to help implement. This could mean that companies will be obligated to comply with government requests for user information and other surveillance demands, and allow authorities direct access to user communications and stored data.

Chinese officials and state think tanks have on multiple occasions equated the advocacy of online freedom of expression with foreign interference in China's media ecosystem , creating a strong disincentive for Chinese companies to make explicit commitments to respect users' freedom of expression. State secrets laws make it unrealistic to expect companies to disclose information about government requests to remove content or share user information, causing Chinese companies to perform poorly on Index indicators that reward maximum transparency about government requests.

Areas of control and responsibility

In the Governance and Freedom of Expression categories, China's legal and political environment does not prevent companies from making commitments and enacting policies to defend users' rights from attack by private parties. (In other words, entities that are not acting on behalf of the Chinese state: private individuals, other companies, or other non-state actors.)

Providing evidence that such commitments and policies in relation to private parties are being implemented across the company's operations through due diligence, stakeholder engagement and grievance mechanisms should be possible in the Chinese national context. Only Tencent makes a partial commitment to protect users' privacy-though it shows no evidence that it is holding its employees and managers accountable to that commitment. Tencent also provides some channels for users to file complaints and grievances, while Baidu offers nothing. Tencent's slightly stronger performance on freedom of expression was earned because Tencent's QQ and WeChat services do disclose some limited information about how they handle private requests-meaning requests made by people or entities not connected to the Chinese government.

Privacy

china2

While state secrets laws make it unrealistic to expect Chinese companies to reveal information related to government requests, there is no legal obstacle to disclosing a range of information about how the company handles user information, as well as the security measures it takes to protect user information.

Tencent's 13-point score differential over Baidu in the Privacy category underscores the extent to which Chinese companies can and should be expected to disclose maximum possible information in these areas.

Specifically, there are many areas related to the security and handling of user information on which Chinese companies can improve, and even compete:

Read our more on our Key Findings and Recommendations.

Top