2020 RDR Index
Digital platforms

Samsung Electronics Co., Ltd.

Rank: 12th
Score: 23%

Headquartered in South Korea, Samsung is one of the world’s largest manufacturers of consumer electronics. It shipped 255.6 million smartphones worldwide in 2020.

Twitter
1
53%
Verizon Media
2
52%
Microsoft
3
50%
Google
4
48%
Facebook
5
45%
Apple
6
43%
Kakao
7
42%
Mail.Ru
8
27%
Yandex
8
27%
Alibaba
10
25%
Baidu
10
25%
Samsung
12
23%
Tencent
13
22%
Amazon
14
20%

Samsung once again received one of the lowest scores among digital platforms, ranking 12th out of the 14 digital platforms we evaluated in 2020. Itcontinued to lag far behind its South Korean peer, Kakao, on most indicators in the RDR Index.Multiple incidents in 2020 sparked public concern about the company’s security practices, including a data leak on Samsung’s U.K. website and a fingerprint authentication flaw that left its handsets vulnerable to abuse. These events demonstrated the need for Samsung to be more transparent about its user information and security policies. Although it made slight improvements in 2020, Samsung still disclosed less information about its security policies than all other digital platforms we evaluate.

Key takeaways

  • Samsung disclosed less about its privacy and security policies than all of its peers.
  • Samsung failed to provide clear grievance and remedy mechanisms for freedom of expression and privacy complaints, although in South Korea companies are required to offer these mechanisms by law.[1]
  • Samsung disclosed nothing about its processes for responding to government or private requests for content restrictions or user information and published no data about these requests, although there are no legal restrictions preventing the company from doing so.

Key recommendations

  • Improve on security: Samsung should disclose policies about data breaches and encryption.
  • Improve human rights due diligence: Samsung should publish more information about its impact assessments of government regulations and how they affect users in different regulatory environments. It should conduct similar assessments on its policy enforcement, targeted advertising practices, and algorithmic systems.
  • Publish transparency reports: Samsung should provide data and details about its process for handling third-party requests for content or accounts restrictions as well as about requests for user information.

Services evaluated:

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Jie Zhang, Afef Abrougui
Download data and sources

Changes since 2019

  • Samsung made a slight improvement on remedy by providing users with contact information to file complaints about privacy issues in its privacy policy.
  • Samsung improved its policy oversight and policy enforcement information about apps available in its app store.
  • Samsung improved its transparency about its internal and external security audits as well as about the security of user accounts.
  • Samsung improved its privacy policies by clarifying options for users to obtain a copy of their information upon their request.
+ 3.5 points

Gained 3.5 points on comparable indicators since the 2019 RDR Index.

Governance29%
Freedom of expression15%
Privacy25%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 29%

Despite its commitment to human rights, Samsung disclosed less about its governance and oversight over human rights issues than most digital platforms from the U.S, as well as Kakao, its South Korean peer.

  • Commitment to human rights: Samsung made a commitment to respect users’ freedom of expression and privacy (G1).
  • Human rights due diligence: With the exception of some privacy impact assessments, Samsung provided no evidence of conducting risk assessments associated with policy enforcement, targeted advertising, or algorithmic systems (G4).
  • Stakeholder engagement: Samsung continued to disclose no systematic engagement with stakeholders that represent, advocate on behalf of, or are people whose privacy and freedom of expression and information are directly impacted by the company (G5).
  • Remedy: Companies in South Korea are by law required to provide a remedy mechanism.[2]However, Samsung’s grievance and remedy procedures were unclear. Samsung provided contact information for users to file privacy-related complaints, but it did not supply options for users to submit freedom of expression-related grievances (G6a). Nor did the company offer options for developers or users to appeal content moderation decisions in its mobile ecosystem (G6b).

Indicators

Freedom of expression 15%

Samsung’s policies and practices affecting freedom of expression and information were among the least transparent of those we evaluated, slightly outperforming only Amazon and Baidu.

  • Content moderation: The terms of service policy for Samsung Cloud was easy to locate but this was not the case for Samsung Galaxy and its implementation of Android (F1a). Samsung disclosed some information about how it restricts content and accounts (F3a) but it did not publish any data about content or accounts restricted for violating the company’s rules (F4a, F4b). Samsung pledged to notify users about account restrictions, though the relevant policies lacked detail (F8).
  • Algorithmic use and content curation: Samsung published a set of AI principles, but the company did not disclose an operational-level policy describing the use of algorithmic systems (F1d). Nor did it disclose whether or how it deployed algorithms for content curation or ranking in its Galaxy Store (F12).
  • Advertising content and targeting: Samsung published easy-to-access ad content policies for Android, which conveyed what advertising content was prohibited, but the company failed to release an ad content policy for Cloud (F1b, F3b). Samsung did not publish an ad targeting policy (F1c, F3c) or provide any data about ads restricted for violating its content or targeting rules (F4c).
  • Censorship demands: Samsung revealed no information about its processes for handling government or private requests to restrict content or accounts (F5) and no data about the number of requests it received or complied with (F6, F7). In contrast, its peer Kakao published transparency reports about third-party requests. No law prohibits companies from disclosing this information in South Korea.

Indicators

Privacy 25%

Samsung disclosed less about its policies and practices on privacy than any of its peers.

  • Handling of user data: Samsung disclosed some information about what user information the company collects and shares and why (P3a, P4, P5). But these policies failed to explain what user information the company inferred (P3b), what user information it collected from third parties (P9), or the underlying purpose of these actions (P5, P9). Although Samsung provided users with some options to control the use of their information, it failed to provide users with adequate means to control or access their information (P7, P8).
  • Government and private demands for user data: Samsung was one of only three digital platforms (alongside Baidu and Tencent) that published no information about its process for responding to government and private requests for user information (P10) or any data about these requests (P11). The company also did not commit to notify users of such requests from third parties (P12).
  • Security: Samsung had the weakest disclosure about its security policies among the 14 digital platforms we evaluated. The company improved transparency about its internal security audits (P13) and how it helps users keep their accounts secure (P17), but it removed from its website information on its vulnerability reporting program for Cloud (P14). The company also provided no information about how it would respond to data breaches (P15) or about its encryption policies (P16).

Indicators

47%
28%
37%
P4. Sharing of user information
69%
P5. Purpose for collecting, inferring, and sharing user information
30%
P6. Retention of user information
24%
P7. Users' control over their own user information
26%
P8. Users' access to their own user information
19%
P9. Collection of user information from third parties
0%
0%
0%
P12. User notification about third-party requests for user information
0%
P13. Security oversight
67%
P14. Addressing security vulnerabilities
22%
P15. Data breaches
0%
P16. Encryption of user communication and private content (digital platforms)
0%
P17. Account security (digital platforms)
83%
P18. Inform and educate users about potential risks
0%

Footnotes

[1] Act on Promotion of Information and Communications Network Utilization and Information Protection (ICNA), June 9, 2020, partially amended, www.law.go.kr/법령/정보통신망이용촉진및정보보호등에관한법률; and Telecommunications Business Act, December 24, 2018, partially amended, www.law.go.kr/%EB%B2%95%EB%A0%B9/%EC%A0%84%EA%B8%B0%ED%86%B5%EC%8B%A0%EC%82%AC%EC%97%85%EB%B2%95

[2] Act on Promotion of Information and Communications Network Utilization and Information Protection (ICNA), June 9, 2020, partially amended, www.law.go.kr/법령/정보통신망이용촉진및정보보호등에관한법률; and Telecommunications Business Act, December 24, 2018, partially amended, www.law.go.kr/%EB%B2%95%EB%A0%B9/%EC%A0%84%EA%B8%B0%ED%86%B5%EC%8B%A0%EC%82%AC%EC%97%85%EB%B2%95