G4. Impact assessment
The company should conduct regular, comprehensive, and credible due diligence, such as human rights impact assessments, to identify how all aspects of its business affect freedom of expression and privacy and to mitigate any risks posed by those impacts.
- As part of its decision-making, does the company consider how laws affect freedom of expression and privacy in jurisdictions where it operates?
- Does the company regularly assess freedom of expression and privacy risks associated with existing products and services?
- Does the company assess freedom of expression and privacy risks associated with a new activity, including the launch and/or acquisition of new products, services, or companies or entry into new markets?
- Does the company assess freedom of expression and privacy risks associated with the processes and mechanisms used to enforce its terms of service?
- Does the company disclose that it assesses freedom of expression and privacy risks associated with its use of automated decision-making, such as through the use of algorithms and/or artificial intelligence?
- Does the company assess freedom of expression and privacy risks associated with its targeted advertising policies and practices?
- Does the company conduct additional evaluation wherever the company’s risk assessments identify concerns?
- Do senior executives and/or members of the company’s board of directors review and consider the results of assessments and due diligence in their decision-making?
- Does the company conduct assessments on a regular schedule?
- Are the company’s assessments assured by an external third party?
- Is the external third party that assures the assessment accredited to a relevant and reputable human rights standard by a credible organization?
People face human rights risks when they use digital tools. Human rights impact assessments (HRIAs) are a way for companies to learn about and to address, or at the very least try to mitigate, those risks, especially when introducing new products and services or entering new markets, or when incorporating the use of automated decision-making.
This indicator examines whether companies disclose the existence of any human rights risk assessment processes, as well as whether and how companies incorporate assessments of freedom of expression and privacy considerations into their decision making. These assessments represent a systematic internal examination to ensure that a company’s decisions and practices align with its commitment (and responsibility) to respect freedom of expression and privacy. We expect companies to disclose they assess freedom of expression and privacy risks associated with new activities, when launching new products or entering new markets. We also expect companies to evaluate risks associated with enforcing their terms of service agreements, with their use of automated decision-making technologies (such as through the use of algorithms and/or artificial intelligence), and with their targeted advertising policies and practices.
Note that this indicator does not expect companies to publish detailed results of their human rights impact assessments, since a thorough assessment includes sensitive information. Rather, it expects that companies should disclose that they conduct HRIAs and provide information on what their HRIA process encompasses. If a company conducts HRIAs but does not publicly disclose the fact that it does so, the company will not receive credit.
Potential sources:
- Company CSR/sustainability reports
- Company human rights policy
- Regulatory documents (e.g., U.S. Federal Trade Commission)
- Reports from third-party assessors or accreditors
- Global Network Initiative assessment reports