Telenor tied with AT&T for third place among telecommunications companies, trailing behind Telefónica and Vodafone. In 2020, Telenor’s operating company in Myanmar received and complied with various government orders to shut down its network services and block content, including over 2000 websites prohibited under Myanmar’s Telecommunications Law. In the 2020 RDR Index, Telenor was more transparent than all of its peers about its process for responding to government demands to shut down networks, but it revealed insufficient information about the nature and volume of government demands it receives to block content.

Key takeaways

While Telenor disclosed strong governance and oversight over human rights issues, it lacked sufficient transparency about whether it conducts regular, comprehensive, and credible human rights due diligence across all aspects of its operations, including on its zero-rating programs.

Telenor did not disclose the number or nature of content blocking and account restriction actions it took to enforce its own rules. Although in 2020 it began providing more information on the number of accounts affected by government demands to restrict content and accounts, this data was not comprehensive and did not cover key issues, like the types of subject matter associated with the demands it receives.

Telenor disclosed less about its security policies than most of its European peers, disclosing almost no information about how it addresses security vulnerabilities.

Key recommendations

Clarify handling of user data. Telenor should clearly disclose what options users have to control what data it collects and uses — including for targeted advertising.

Improve human rights due diligence. Telenor should conduct regular, comprehensive, and credible due diligence to identify the human rights risks of enforcing its own policies.

Uphold net neutrality in practice. Telenor should clarify and affirm its commitment to upholding net neutrality principles by refraining from engaging in paid prioritization of traffic, including offering zero-rating programs, which are a form of network discrimination that undermines net neutrality.

Services evaluated:

Operating company evaluated: Telenor NorwayFor telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
Market cap: $23.51 billion (as of February 4, 2021)
OSE: TEL
Website: https://www.telenor.com

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

Lead researchers: Veszna Wessenauer, Jan Rydzak

Download data and sources

Changes since 2019

Telenor’s latest transparency report included more data about government requests to restrict content or accounts, and to shut down networks.

Telenor disclosed more about how long it retains user information and what systems it has in place to limit employee access to user information.

Telenor lost points on security for removing a statement indicating that it notifies affected users when a data breach happens.

+ 4.11 points

Gained 4.11 points on comparable indicators since the 2019 RDR Index.

Governance

Freedom of expression

Privacy

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 64%

While Telenor disclosed strong governance and oversight over human rights issues and commitments across its global operations, it lacked sufficient transparency about whether it conducts regular, comprehensive, and credible human rights due diligence.

Commitment to human rights: The company published a public commitment to respect privacy and freedom of expression as human rights (G1) and disclosed evidence of senior-level management over these issues within the company (G2). Telenor Group's Artificial Intelligence page outlines the company’s goals for AI but did not articulate a clear commitment to human rights in its development and use of algorithms.

Human rights due diligence: According to Telenor Group’s 2019 annual report the company conducted a human rights due diligence process which identified its most critical group-wide human rights risks. While Telenor conducted risk assessments on some aspects of the regulatory environments in which it operates, it disclosed no evidence of conducting risk assessments of its own policies (G4b) on targeted advertising (G4c), use and development of algorithmic systems (G4d), and zero-rating programs (G4e).

Stakeholder engagement: Telenor is a member of the Global Network Initiative, a multistakeholder organization. However, GNI focuses primarily on government demands and does not cover a wider set of human rights issues that internet users face (G5).

Remedy: Telenor has an Integrity Hotline that anyone can use to report a grievance or violation to the company's Code of Conduct. Since the Code of Conduct clearly addressed the company's commitments to human rights and invoked the Universal Declaration of Human Rights, it was clear that the scope of this mechanism can be used to report freedom of expression- and privacy-related grievances. But while the company provided users with an option to submit such complaints, it offered no information about the number of complaints it received or any evidence that it provided users with a remedy (G6a).

Indicators

G1. Policy commitment

83%

G2. Governance and management oversight

100%

G3. Internal implementation

100%

16%

G5. Stakeholder engagement and accountability

50%

33%

Freedom of expression 28%

While Telenor made progress by explaining its process for responding to government censorship demands, it still failed to disclose adequate information about policies and practices affecting users’ freedom of expression.

Content blocking and account restrictions: Telenor’s terms of service were easy to access (F1a) but included limited information about whether and how the company will directly notify users about changes to those policies (F2a). While these terms included some information about what types of content and activities are prohibited on its services (F3a) and information about how users will be notified when their accounts are restricted (F8), Telenor disclosed nothing about what actions it took to enforce these rules (F4).

Advertising content and targeting: Telenor indicated that it enables third parties to target its users with advertising content, but provided no further information about its ad targeting rules (F3c). Like most companies in the 2020 RDR Index, Telenor published no data showing evidence of enforcing its ad policies (F4c).

Censorship demands: Telenor was clear about how it responds to government censorship demands (F5a) and even shared some information about how it responds to private requests to block child sexual abuse material (F5b). Telenor provided limited information on the number of accounts affected by government demands for content and account restrictions (F6).

Network management: Telenor did not make clear commitments to net neutrality. It failed to clearly explain if the company can block or delay certain traffic for reasons other than ensuring quality of service. In addition, it offered a zero-rating program for music services called Music Freedom, which is an example of prioritizing traffic for purposes other than assuring quality of service (F9). The company disclosed more than all of its peers about its process for responding to government demands to shut down networks (F10).

Indicators

46%

13%

24%

44%

F6. Data about government demands to restrict for content and accounts

50%

F7. Data about private requests for content or account restriction

F8. User notification about content and account restriction

33%

F9. Network management (telecommunications companies)

25%

F10. Network shutdown (telecommunications companies)

75%

F11. Identity policy

F12. Algorithmic content curation, recommendation, and/or ranking systems

F13. Automated software agents (“bots”)

Privacy 33%

Telenor disclosed less than most of its European peers about policies affecting users’ privacy and was particularly unclear about the types of information it collects from third parties.

Handling of user data: Telenor did not fully share the types of data it collects (P3a), or shares (P4), and did not give users very clear options to control what data the company collects and shares about them, including for the purposes of targeted advertising or developing algorithmic systems (P7). It failed to clarify the types of information it collects from third parties through data brokers (P9). Such data can be used to make inferences, or predictions, about users’ behaviors.

Government and private demands for user data: Telenor made some progress in explaining how it handles government demands to access user information or communications (P10a). It disclosed more data about government requests for user information and began reporting the number of requests it complied with. It failed to explain how it responds to private requests for user information (P10b) or provide data regarding the nature and volume of such requests (P11b).

Security: Telenor improved its disclosure of how it limits employee access to user information, but did not specify precisely how it does this. It was not clear whether the company merely limits employee access to user information, or if such access is also monitored (P13). The company disclosed almost no information about how it addresses security vulnerabilities (P14). Telenor removed a statement from its website in which it pledged to notify affected users when a data breach occurs (P15).