Telecommunications company

América Móvil, S.A.B. de C.V.

Mexico
EnglishEspañol
Telcel
5

Key findings

  • América Móvil failed to disclose sufficient information about its policies and practices affecting users’ freedom of expression and privacy.
  • The company lacked disclosure about how it responds to government requests to shut down networks.
  • The company did not clearly disclose how it handles government or private requests to restrict content or hand over user information.
Services evaluated

Analysis

América Móvil ranked fifth out of the 10 telecommunications companies evaluated, disclosing little about policies and practices affecting freedom of expression and privacy. The company slightly improved its disclosure of policies affecting users’ freedom of expression in the 2018 Index. Although Freedom House rates Mexico’s internet environment as Partly Free, the country’s legal environment does not prevent the company from meeting basic benchmarks for transparency in key areas. For instance, the company did not disclose its process for responding to government or private requests to block content or accounts, although no laws in Mexico prevent companies from doing so. In addition, although companies are required to report to the telecommunications authority the number of government requests received for real-time location tracking or access to user metadata, América Móvil did not publish this data.

  • Be transparent about policies affecting users’ freedom of expression. The company should be more transparent about how it responds to government requests to block content, restrict user accounts, and shut down networks.
  • Be transparent about external requests. The company should disclose data about the number of government and private requests it receives to remove content and accounts and to hand over user information.
  • Disclose more about security practices. The company should clearly communicate its handling of data breaches to users.

América Móvil, S.A.B. de C.V. provides telecommunications services to Mexico and 35 countries in the Americas and Europe. It offers mobile and fixed-voice and data services for retail and business customers and is one of the largest operators globally.

Diversified Telecommunication Services
USD 63.4 billion
AMX L

Governance

América Móvil scored below most of its peers in the Governance category, but ahead of Bharti Airtel, Etisalat, Axiata, and Ooredoo. The company continued to lack clear disclosure of its commitments to human rights at the governance level, including whether it conducts human rights impact assessments (G4) or if it engages with a range of stakeholders on freedom of expression and privacy issues (G5). However, it disclosed more than most of its peers about remedy mechanisms addressing freedom of expression and privacy related complaints (G6). In Mexico companies are legally required to provide users with a complaint mechanism.

Freedom of expression

América Móvil revealed little about its policies affecting freedom of expression, and less than Vodafone, AT&T, and Telefónica.

Content and account restriction requests: América Móvil was one of six telecommunications companies evaluated that offered no information about how it handles government or private requests to restrict content or accounts (F5-F7). There are no laws in Mexico preventing the company from being more transparent about how it handles such requests.

Network management and shutdowns: Telcel lacked disclosure about its network management policies (F9) and its approach to handling network shutdown requests from governments (F10). Despite committing to net neutrality, Telcel stated it offers zero rating for certain content on specific social networks and instant messaging services (F9). Like most of its peers, the company disclosed no information about how it responds to government demands to shut down networks (F10).

Identity policy: Telcel’s pre-paid contract asked users to provide their identification, although it was not clear if this is mandatory. In practice, it may be possible for users to purchase a pre-paid SIM card without providing identification, but the company failed to clarify this (F11).

F2. Changes to terms of service

América Móvil improved its disclosure of changes to its terms of service by providing an archived version of the terms that apply to pre- and post-paid mobile users.

Privacy

América Móvil ranked fifth out of the 10 telecommunications companies evaluated in the Privacy category, ranking behind AT&T, Orange, and several other companies.

Handling of user information: Telcel disclosed less about how it handles user information than AT&T, Vodafone UK, and Telefónica Spain, but more than most other telecommunications companies evaluated (P3-P8). It disclosed little about what types of user information it collects (P3), shares (P4), and its reasons for doing so (P5). Like most of its peers, Telcel disclosed nothing about how long it retains user information (P6), although no law prohibits the company from doing so. It disclosed little about options users have to control what information is collected, including for targeted advertising (P7).

Requests for user information: Like most telecommunications companies, América Móvil provided almost no information about how it handles government and private requests for user information (P10), and failed to disclose whether it informs users when their information is requested (P12). The company did not publish any data about such requests (P11), despite being required by law to report the number of government requests for real-time location tracking or user metadata to the country’s telecommunications authority.

Security: Telcel did not provide as much information about its security policies as Vodafone UK, AT&T, and Telefónica Spain, but was on par with Airtel India and Orange France (P13-P18). Telcel failed to disclose any information about how it addresses security vulnerabilities, including if it offers a bug bounty program for security researchers to submit vulnerabilities (P14). Like most companies in the Index, Telcel disclosed nothing about its policies for addressing data breaches (P15). Companies in Mexico are legally required to notify users only if the data breach “significantly affects” their rights, however the company does not disclose this information to users.