2020 RDR Index
Telecommunications companies

Bharti Airtel Limited

Rank: 10th
Score: 15%

Headquartered in India, Bharti Airtel provides mobile, fixed-line broadband, and voice services in India and 17 other countries in South Asia and Africa. With a global user base of 440 million, it is the second-largest mobile operator in India and the fourth-largest in the world.

Telefónica
1
49%
Vodafone
2
42%
AT&T
3
37%
Telenor
3
37%
Deutsche Telekom
5
34%
Orange
6
27%
MTN
7
23%
América Móvil
8
22%
Axiata
9
16%
Bharti Airtel
10
15%
Etisalat
11
10%
Ooredoo
12
6%

Bharti Airtel strengthened its governance of human rights issues but continued to lag behind most other telecommunications companies. Bharti Airtel became the second-largest telecommunications company in India in mid-2020. Like other Indian telcos, it faced criticism from civil society for complying with dozens of network shutdown orders issued by the Indian government, including the first recorded shutdown ever to have taken place in Delhi. The company offered little transparency around these orders and its processes for fulfilling them, and thus scored poorly on our indicators on network shutdowns. The company also suffered a data breach that affected 300 million users.

Key Takeaways

  • Despite some signs of progress, Bharti Airtel’s human rights governance is weak. New and updated human rights policies showed promise, but the company’s overall performance remained poor, especially on management oversight, due diligence, stakeholder engagement, and remedy.
  • Bharti Airtel was the least transparent of any telecommunications company we evaluated about policies affecting freedom of expression. The information it did publish in areas such as handling network shutdown orders was scarce and scattered, leading to an overall decline in its freedom of expression and information score.
  • Bharti Airtel slightly strengthened its policies on protecting users’ privacy, but they remain riddled with gaps. Although it gave users more access to and control over their information, it remained silent on demands for user data and failed to improve its security policies.

Key recommendations

  • Improve governance of human rights. Bharti Airtel should significantly strengthen its governance of human rights issues and begin to directly engage with stakeholders on these issues.
  • Release comprehensive transparency reports. Bharti Airtel should publish a clear transparency report covering, at a minimum, government demands to block content, demands for user data, and network shutdowns.
  • Address security vulnerabilities and breaches. Bharti Airtel should publish clear policies on addressing security vulnerabilities and data breaches.

Services evaluated:

  • Operating company evaluated: Airtel IndiaFor telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
  • Market cap: $45.51 billion (as of February 4, 2021)
  • BSE: 532454
  • Website: https://www.airtel.in

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Jan Rydzak, Jie Zhang
Download data and sources

Changes since 2019

  • Bharti Airtel improved most notably on its governance of human rights issues, updating its Human Rights Policy and publishing a new Human Rights Management Policy, which together included new human rights commitments as well as information on employee training, whistleblower programs, and human rights due diligence.
  • Bharti Airtel withdrew a publicly available policy that contained information about its network prioritization practices for its fixed-line broadband service.
  • Bharti Airtel improved its privacy policy by consolidating previously fragmented sections into a single clearer and more understandable policy, and it better articulated users’ right to access and control their data.
+ 3.48 points

Gained 3.48 points on comparable indicators since the 2019 RDR Index.

Governance30%
Freedom of expression2%
Privacy18%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 30%

Bharti Airtel’s most significant improvements were in the governance category, but it still placed fourth from the bottom overall.

  • Commitment to human rights: Bharti Airtel made an explicit commitment to protect users’ freedom of expression and privacy (G1). It also clarified that the scope of its employee training and whistleblower programs includes freedom of expression issues (G3). However, it was still unclear how leadership oversees human rights issues at the executive and management levels (G2).
  • Human rights due diligence: Bharti Airtel’s new Human Rights Management Policy outlined an annual human rights due diligence process covering all of the company’s sites and business functions (G4a). Although the company enumerated several rights covered by these assessments, freedom of expression was not one of them, and the policy did not explicitly encompass new activities. We also found no evidence that these processes covered areas such as policy enforcement and algorithms (G4b, G4d).
  • Stakeholder engagement: Bharti Airtel is a member of several industry associations, but we could find no evidence that the company systematically engages with civil society on human rights issues (G5).
  • Remedy: Although it slightly improved its explanation of its grievance mechanisms for privacy concerns, Bharti Airtel was not clear about how users could submit freedom of expression grievances. The company’s remedy procedures continued to be vague (G6a).

Indicators

Freedom of expression 2%

Bharti Airtel came last among telcos we evaluated in the freedom of expression and information category, publishing scarce information across these indicators.

  • Content blocking and account restrictions: Bharti Airtel’s overarching terms of service were located in the Telecom Consumer Charter, which was also available in Hindi (F1a). But the terms for individual services were hard to find on the company’s home page and they were divided into broad sections that were not easy for the average user to understand. The company made no commitment to notify users of changes to these policies (F2a). Bharti Airtel published new terms for its fixed-line broadband services that more clearly laid out what activities were not allowed, supplementing the otherwise ambiguous Consumer Charter (F3a). But it shared no data on the enforcement of its terms of service (F4) and no commitment to notify customers when it restricts content or accounts (F8).
  • Advertising content and targeting: Bharti Airtel published no information about the rules governing advertising content and targeting on its services and no information about the enforcement of those rules (F1b, F1c, F2b, F2c, F4c).
  • Network management: Bharti Airtel disclosed nothing about its network management policies, including whether it commits to network neutrality principles (F9). India, the world’s most populous democracy, shuts down the Internet more often than any other country, but Bharti Airtel trailed most other companies on its policies and practices related to network shutdowns, revealing almost nothing about them (F10).
  • Censorship demands: Bharti Airtel revealed no information about government demands to restrict content or accounts (F5a, F6) and no information on private requests to do the same (F5b, F7). It is one of five telecommunications companies in the RDR Index that disclosed nothing about third-party censorship demands.

Indicators

Privacy 18%

Bharti Airtel clarified parts of its privacy policy, but it still had the third-lowest privacy score among telecommunications companies.

  • Handling of user data: Bharti Airtel’s updated privacy policy more clearly articulated users’ right to object to the use of their information, delete some types of it, and opt out of cookie-based marketing (P7). It also clarified that users could obtain a copy of their data, though the circumstances and processes for doing so were unclear (P8).
  • Government and private demands for user data: Bharti Airtel offered almost no information about its processes for handling third-party demands for user data (P10) and no data about such demands (P11). It also explicitly stated that it would not notify its users across most services when such demands are submitted (P12). The only information we found on the company’s processes for handling government demands was a vague indication in the Employee Code of Conduct that employees conducted some form of due diligence when they received such demands (P10a).
  • Security: Bharti Airtel published scarce information about its security policies and practices. While it stated that it limits and monitors employee access to user information (P13), it revealed no information about how it addressed security vulnerabilities (P14) or data breaches (P15), despite a 2019 data breach that affected the vast majority of its users. The company did, however, provide guidance to its customers on avoiding cyber threats and malware on its Important Alerts page.

Indicators

33%
0%
17%
P4. Sharing of user information
38%
P5. Purpose for collecting, inferring, and sharing user information
20%
P6. Retention of user information
0%
P7. Users' control over their own user information
25%
P8. Users' access to their own user information
8%
P9. Collection of user information from third parties
0%
4%
0%
P12. User notification about third-party requests for user information
0%
P13. Security oversight
50%
P14. Addressing security vulnerabilities
0%
P15. Data breaches
0%
P16. Encryption of user communication and private content (digital platforms)
NA
P17. Account security (digital platforms)
NA
P18. Inform and educate users about potential risks
100%