Digital platforms

Baidu, Inc.

Rank: 10th
Score: 25%

Headquartered in China, Baidu provides a wide range of internet services, including a social media platform, cloud storage, and Baidu Search, its flagship service, which dominates the Chinese market.

Baidu tied with Alibaba for 10th place out of the 14 digital platforms in the RDR Index, and scored slightly higher than its direct peer, Tencent. In 2020, Baidu published a human rights policy, marking a major departure from corporate norms in China, but the policy was released beyond the reporting period for the 2020 RDR Index cycle.[1] In 2019 and 2020, the company was warned twice by the Cyberspace Administration of China, the country’s central internet regulator, for vulgar newsfeed ads and “low-brow” content on its app. Baidu has long been accused of allowing false content and advertising to appear on its platforms. In response, the company released more data about content and advertisements it restricted. However, Baidu still disclosed the least of all digital platforms about policies affecting freedom of expression and information. For the first time, Baidu provided some information about its process for handling government and private requests to restrict contents or accounts by clarifying the legal basis for these requests. But, as with other Chinese companies, Baidu said little about its policies for handling government demands for user information. China's political environment discourages companies from disclosing detailed information about these types of demands.

Key takeaways

  • Baidu disclosed more information about its privacy-related policies than about its governance or about policies affecting freedom of expression.
  • Baidu published some data about content, accounts, and advertisements restricted for violating its policies, but it fell short of explaining its internal processes for these restrictions.
  • Despite making some progress, Baidu revealed almost nothing about its processes for handling government and private requests for content restrictions and user information, and it published no data about such requests.

Key recommendations

  • Improve disclosure of human rights due diligence. Baidu should disclose more information about its human rights due diligence, including whether it conducts human rights risk assessments on new and existing services and when entering new markets.
  • Increase transparency about private demands. While China's political environment discourages companies from disclosing detailed information about government demands, Baidu should be able to disclose more about its compliance with private requests to censor content and for user information.
  • Improve user control of personal data. Baidu should improve users’ options to control and access their own information, including how that information is used to develop and train algorithms and for targeted advertising.

Services evaluated:

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Jie Zhang and Zak Rogoff

Changes since 2019

  • Baidu improved its governance processes by establishing a committee to supervise privacy protections and broadening the range of privacy issues addressed in its internal training program.
  • For the first time, Baidu provided some information about how it handles third-party requests to restrict content or accounts.
  • Baidu Cloud and Baidu PostBar committed to limiting their collection of users’ information to what is necessary for those services.
  • Baidu improved transparency about its policies and practices on security. It disclosed that it conducts internal and external security audits and offered users improved tools and resources to mitigate security risks.
+ 6.5 points

Gained 6.5 points on comparable indicators since the 2019 RDR Index.

Governance11%
Freedom of expression13%
Privacy37%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 11%

Baidu disclosed significantly less about its governance than most digital platforms, outperforming only Alibaba, Tencent, and Amazon.

  • Commitment to human rights: Baidu failed to make a commitment to respect users’ freedom of expression.[2] Although it vowed to protect users’ privacy, this was not characterized as a human right. Baidu also made no overarching policy commitment to respect human rights in its development and use of algorithmic systems (G1).
  • Human rights due diligence: Baidu was the only Chinese company to disclose that it undertakes some human rights risk assessment processes. These processes focus on privacy risks of its existing services. Baidu did not state if it conducted human rights risk assessments associated with freedom of expression and information, policy enforcement, algorithmic systems, or targeted advertising (G4).
  • Stakeholder engagement: We found no evidence that Baidu engaged with stakeholders whose privacy and freedom of expression rights are directly affected by the company (G5).
  • Remedy: Baidu offered a weak mechanism for users to file grievances (G6a). It provided some information for users seeking to appeal company decisions when their posts were deleted, but it offered no information about how this appeals mechanism actually works (G6b).

Freedom of expression 13%

Baidu disclosed the least of all digital platforms about policies affecting freedom of expression and information. The Chinese government requires internet content platforms to monitor, filter, and control content that is illegal under Chinese law. Although Baidu provided some data about illegal content and ads the company restricted, it failed to publish clear content moderation, ad content, and targeting rules or to clarify its process to enforce those rules.

  • Content moderation: Baidu disclosed its reasons for restricting content or accounts when they stood in violation of its terms of service, but its explanation of the policy enforcement process was vague (F3a). Baidu did not commit to notify users about changes to its terms of service (F2a) or when their content or accounts were restricted (F8). The company provided some data about the content or accounts it restricted for violating its rules (F4a, F4b).
  • Algorithmic use and content curation: Baidu failed to release any operational policies governing the use or development of its algorithmic systems (F1d, P1b). The company implied that it deploys algorithmic systems to curate, recommend, and rank content, but did not explain clearly how those algorithms work (F12). Baidu also failed to explain how it regulates the use of bots on its platform (F13).
  • Advertising content and targeting: Baidu’s ad content rules were not all easy to find (F1b). They listed types of content that the company prohibits and described some of its processes for identifying violations (F3b). Baidu was the only digital platform outside the U.S. that reported data about the ads it removed for violating ad content rules (F4c). Baidu provided some parameters for targeted advertising, but it failed to disclose its ad targeting rules (F1c), describe how it enforces them (F3c), or release any data about these practices (F4c).
  • Censorship demands: For the first time, Baidu provided some information about its process for handling government and private requests to restrict contents or accounts by clarifying the legal basis—China’s “Cybersecurity Law”[3]—under which it may respond to government demands for content and account restrictions. It also implied that it conducts limited due diligence on copyright-related content restriction requests coming through private processes (F5b). The company disclosed no further information about these processes, and Baidu did not publish any data about third-party requests for account or content censorship (F6, F7). Although no specific laws or regulations in China prohibit Chinese companies from publishing data about government demands to restrict content, the political environment discourages them from releasing such information.

Privacy 37%

Baidu received a lower-than-average score on privacy, but still outranked nearly half of the digital platforms that we evaluated.

  • Handling of user data: Baidu’s privacy policies failed to adequately articulate how it handles user information. After Tencent, Baidu disclosed more than all other digital platforms about what types of user information it collects (P3a), but less about what information it shares (P4) and why (P5). Baidu offered limited details on its collection of user information from third parties (P9) and about its data inference practices (P3b). The company failed to disclose how long it retains user information (P6) and gave users few options to control or access the information the company retains about them (P7, P8).
  • Government and private demands for user data: Baidu was one of the three digital platforms, along with Samsung and Tencent, that revealed nothing about how it handles government and private requests to access user information (P10). It published no data about its compliance with these types of demands (P11). Baidu described some circumstances in which it would not need to notify users about government requests for user data (P12). Although there are no laws or regulations in China prohibiting Chinese companies from releasing data about government demands to access user information, the political environment discourages companies from doing so.
  • Security: Baidu made big improvements to its transparency around security policies, earning the third-best average score on our security indicators among digital platforms, after earning the second-lowest security scores in the 2019 RDR Index. In addition to limiting employees’ access to user data, Baidu disclosed it had a team dedicated to conducting internal security audits and also commissioned external third-party audits (P13). Along with Alibaba, Baidu outperformed all other digital platforms for strong disclosure of its policies for handling data breaches, as required under China’s cybersecurity law[4] (P15). Baidu also offered more information to help users keep their accounts secure (P17) and protect themselves from cybersecurity risks (P18). The company failed to disclose sufficient information about its bug bounty program (P14).
  • Encryption: Apart from a vague commitment to adopt “encryption technologies,” Baidu did not offer users the ability to deploy end-to-end encryption for their private communications. This is unsurprising, given China’s laws requiring internet operators to give authorities access to users’ communications (P16).[5]

Footnotes

[1] Because Baidu published this commitment in November 2020, which fell outside our research window for the 2020 RDR Index, it was not accounted for in our scoring or analysis.

[2] Because Baidu published a commitment to protect users’ freedom of expression rights in November 2020, which fell outside the research window for the 2020 RDR Index, it was not accounted for in our scoring or analysis in this RDR Index.

[3] Cybersecurity Law of PRC, http://www.cac.gov.cn/2016-11/07/c_1119867116.htm; for English translation, see: https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/

[4] Article 42 of Cybersecurity Law of PRC, http://www.cac.gov.cn/2016-11/07/c_1119867116.htm; for English translation, see: https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/

[5] Article 18 of China Anti-Terrorism Law, http://www.npc.gov.cn/zgrdw/npc/xinwen/2018-06/12/content_2055871.htm; and Article 28 of China Cybersecurity Law, http://www.cac.gov.cn/2016-11/07/c_1119867116_2.htm