Bharti Airtel Limited
Domicile: India
Website: www.airtel.in
Operating company evaluated: Airtel India
Download company report: English
Key findings
- Bharti Airtel disclosed little about its policies and practices affecting freedom of expression and privacy, and lacked disclosure of governance and oversight over human rights issues.
- It disclosed minimal information about how it enforces its rules, and no information about its process for responding to government or other types of third-party requests to restrict content or accounts.
- While it revealed some information about its policies for collecting and sharing user information, it revealed few details about how it responds to third-party requests for user data, and nothing about how it addresses security vulnerabilities or responds to data breaches.
- Airtel India (Prepaid mobile)
- Airtel India (Postpaid mobile)
- Airtel India (Fixed-line broadband)
Analysis
Bharti Airtel ranked eighth out of the 12 telecommunications companies evaluated, disclosing less than most of its peers about policies and practices affecting freedom of expression and privacy.1 While the company made several notable improvements this year—including publishing a new human rights policy—it still failed to disclose enough about its policies and practices affecting users’ freedom of expression and privacy for users to have a clear sense of the risks of using the company’s services.2 It fell especially short around policies affecting freedom of expression and continued to disclose less than other telecommunications companies in the Index, except MTN. Freedom House rated the internet environment in India as “Partly Free,” noting a “staggering increase” in the number of government orders to shut down networks.3 Still, the company disclosed little about its policies for responding to these types of government demands. While Indian law prevents companies from disclosing information about specific government content restriction and shutdown orders, there are no legal obstacles preventing companies from disclosing policies for responding to these requests or from having a policy of notifying users about them.
Bharti Airtel Limited provides telecommunications systems and services worldwide, including in India, South Asia, and Africa. It delivers a variety of fixed and mobile voice and data telecommunications services.
Market cap: USD 20.1 billion4
BSE: 532454
- Improve governance of human rights: Bharti Airtel should improve its governance and oversight over human rights issues, particularly over how its policies and practices affect freedom of expression.
- Be transparent about network shutdown demands: Bharti Airtel should disclose more about how it responds to government demands to shut down its networks.
- Clarify security policies: Bharti Airtel should disclose more about its security policies and practices, including how it responds to data breaches and addresses security vulnerabilities.
Governance
Despite some improvements, Bharti Airtel scored poorly in this category, placing in the bottom half of all telecommunications companies evaluated. It disclosed a new commitment to respect users’ human rights (G1), disclosed evidence of board-level oversight over how the company’s operations and practices affect privacy (G2), and clarified that it has a whistleblower program that enables employees to report concerns about privacy-related issues (G3). However, the company disclosed no evidence that it conducts human rights impact assessments (G4). The operating company Airtel India5 disclosed grievance mechanisms for users to submit freedom of expression and privacy complaints, as Indian law requires service providers to have grievance officers and redress mechanisms in place.6 It also provided some information about its process for providing remedy for privacy concerns, but not those related to freedom of expression (G6).
G1. Policy commitment
Bharti Airtel disclosed a commitment to respect human rights in accordance with national law, but did not reference international human rights principles.
G2. Governance and management oversight
Bharti Airtel disclosed a board-level commitment to oversee how company practices affect users’ privacy.
G3. Internal implementation
Bharti Airtel improved its disclosure about its whistleblower program for privacy-related issues.
Freedom of Expression
Bharti Airtel tied with MTN for the lowest score of all telecommunications companies in this category, disclosing very little about its policies affecting users’ freedom of expression. Airtel India published terms of service that were relatively easy to locate but not easy to understand (F1), and it failed to commit to notify users when it introduces changes to the terms (F2). It disclosed little information about its network management policies (F9) or about its policies and practices related to network shutdowns (F10). It provided some information about why it may shut down its network, but failed to disclose any information about its process for responding to government shutdown demands, or the number of requests it received or with which it complied (F10). While Indian law prevents companies from disclosing information about specific government shutdown orders, there is no legal obstacle to disclosing company policies for evaluating and responding to shutdown requests, or from having a policy to notify users about shutdowns.
Bharti Airtel disclosed nothing about how it handles and complies with government and private requests to restrict content or accounts (F5-F7). Indian law forbids disclosure of specific government orders to block content, but nothing prevents companies from disclosing their processes for handling these types of requests (F5), or from having a clear policy to notify users when they restrict access to content or accounts (F8).7
No score changes
Privacy
Bharti Airtel disclosed little about policies affecting users’ privacy rights, disclosing more than only Axiata, MTN, Etisalat, and Ooredoo. Airtel India’s privacy policy was easy to find, but it was not available in Hindi nor was it presented in an understandable manner (P1). The company failed to commit to notify users when it introduces changes to the policy (P2). It disclosed less than most other telecommunications companies about how it handles user information, but more than MTN South Africa, Etisalat UAE, and Ooredoo Qatar (P3-P8). It disclosed some information about what types of user data it collects, shares, and for what purpose (P3, P4, P5), but nothing about how long it retains the information (P6). The company also failed to disclose whether it enables users to control what information about them is collected and shared, or if users can obtain the information Airtel India holds about them (P7, P8).
Bharti Airtel disclosed almost nothing about how it handles government and private requests for user information (P10-P11). Indian law prevents companies from publishing data on government requests for user information but does not prevent them from disclosing their processes for responding to the requests. Airtel India also disclosed little about its policies for securing user information (P13-P18). While it disclosed that it monitors and limits employee access to user information, it lacked clear disclosure of whether it conducts internal and external audits (P13). It provided no information at all about how it addresses security vulnerabilities (P14) or about how it responds to data breaches (P15).
P5. Purpose for collecting and sharing user information
Airtel India improved its disclosure of the reasons it collects user information.
Footnotes
[1] The research period for the 2019 Index ran from January 13, 2018 to February 8, 2019. Policies that came into effect after February 8, 2019 were not evaluated in this Index.
[2] For Bharti Airtel’s performance in the 2018 Index, see: https://rankingdigitalrights.org/index2018/companies/bhartiairtel
[3] India report, Freedom on the Net 2018, Freedom House, freedomhouse.org/report/freedom-net/2018/india
[4] Bloomberg Markets, Accessed April 18, 2019, www.bloomberg.com/quote/BHARTI:IN
[5] For some indicators, RDR evaluates the operating company of the home market, in this case Airtel India.
[6] “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011” (Ministry of Communications and Information Technology, April 11, 2011), meity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf
[7] “Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009” The Centre for Internet & Society,
cis-india.org/internet-governance/resources/information-technology-procedure-and-safeguards-for-blocking-for-access-of-information-by-public-rules-2009