Key findings
- Bharti Airtel disclosed less about policies and practices affecting freedom of expression and privacy than most other telecommunications companies evaluated.
- It disclosed almost no information about its policies for responding to network shutdown demands from the Indian government, despite the increasing number of these types of requests and the significant human rights risks they pose.
- The company disclosed more than most of its peers about its grievance and remedy mechanisms, since Indian law requires companies to offer users redress.
Analysis
Bharti Airtel ranked seventh out of the 10 telecommunications companies evaluated, disclosing less than most of its peers about policies and practices affecting freedom of expression and privacy. The company made a slight improvement to its privacy commitments by disclosing employee training on security practices and that it monitors employee access to user information. Notably, Bharti Airtel received one of the highest scores in the Index for its grievance and remedy mechanisms (G6), as Indian law requires service providers to have redress mechanisms in place. However, the company continued to disclose less than any other telecommunications company in the Index about policies affecting freedom of expression. Freedom House rates the internet environment in India as “Partly Free,” noting a sharp increase in the number of government orders to shutdown networks. Still, the company disclosed little about its policies for responding to these types of government demands. While Indian law prevents companies from disclosing information about specific government content restriction and shutdown orders, there are no legal obstacles preventing companies from disclosing policies for responding to these requests or from having a policy of notifying users about these actions.
- Disclose more about network shutdowns. Bharti Airtel should disclose information about its policies and practices for handling government demands to shut down networks, and commit to push back on such requests.
- Be transparent about external requests. The company should disclose information about its processes for responding to government and private requests to block content or restrict accounts and to hand over user information.
- Clarify security policies. Bharti Airtel should disclose more about its security policies and practices, including its processes for responding to data breaches.
Bharti Airtel Limited provides telecommunication systems and services worldwide, including in India, South Asia, and Africa. The group delivers a variety of fixed and mobile voice and data telecommunications services across these markets.
Governance
Bharti Airtel scored poorly in the Governance category, placing in the bottom half of all telecommunications companies evaluated. While it has a corporate social responsibility program that stresses the importance of a “responsible business approach” addressing “every dimension of how business operates in the social, cultural, and economic environment,” the company demonstrated weak commitments to users’ freedom of expression and privacy rights. While scoring less than most other telecommunications companies on all governance indicators, it outperformed most of its peers on disclosure of grievance and remedy mechanisms (G6). Notably, Bharti Airtel tied for second place with Vodafone for grievance and remedy mechanisms (G6), as Indian law requires service providers to have grievance officers and redress mechanisms in place.
G3. Internal implementation
Bharti Airtel improved its G3 score by disclosing mandatory employee training on security issues, however, it was not clear if this program covers a broader range of privacy issues which go beyond data security concerns.
Freedom of expression
Bharti Airtel disclosed less than any other telecommunications company about policies affecting freedom of expression.
Content and account restrictions: Like most of its peers, Bharti Airtel disclosed nothing about how it handles and complies with government and private requests to restrict content or accounts (F5-F7). Indian law forbids disclosure of specific government orders to block content, but nothing prevents companies from disclosing processes for handling these types of requests, or from having a clear policy of notifying users when they restrict or block content that users publish, transmit, or attempt to access (F8).
Network management and shutdowns: Airtel India disclosed little information about its network management policies (F9) or about its policies and practices related to network shutdowns (F10). The company lost points for disclosure of its network management practices, since its previously disclosed zero rating program was no longer in effect (F9). While Indian law prevents companies from disclosing information about specific government shutdown orders, there is no legal obstacle to disclosing company policies for evaluating and responding to shutdown requests, or from having a policy to notify users about shutdowns.
Identity policy: Airtel India disclosed that it requires pre-paid mobile users to provide government-issued identification (F11), as required by law.
F9. Network management
Airtel India lost points for disclosure of its network management practices, since its previously disclosed zero rating program was no longer in effect and researchers could not locate any updated disclosure for its post-paid mobile service.
Privacy
Bharti Airtel disclosed little about policies affecting users’ privacy, disclosing more than only MTN, Etisalat, and Ooredoo, the lowest-scoring companies in this category.
Handling of user information: Airtel India disclosed less than most other telecommunications companies about how it handles user information, but more than MTN South Africa, Etisalat UAE, and Ooredoo Qatar (P3-P8). It disclosed some information about what types of user information it collects, shares, and for what purpose (P3, P4, P5), but nothing about how long it retains this information (P6). The company also failed to disclose whether it enables users to control what information about them is collected and shared, or if users can obtain the information the company holds about them (P7, P8).
Requests for user information: Like most other telecommunications companies, Bharti Airtel disclosed little about how it handles government and private requests for user information (P10-P11). Indian law prevents companies from publishing data on government requests for user information but does not prevent them from disclosing their processes for responding to these requests.
Security: Airtel India scored above the telecommunications company average on these indicators, on par with América Móvil’s Telcel and Orange France (P13-P18). The company slightly improved its disclosure of policies limiting employee access to user data (P13), however it offered no information about its policies for addressing security vulnerabilities (P14) or for responding to data breaches (P15).
P13. Security oversight
Airtel India improved its disclosure of its internal security monitoring policies by providing more detailed information about how the company monitors and limits employees’ access to user data.
