Digital platforms

Verizon Media Inc.

Rank: 2nd
Score: 52%

Headquartered in the United States, Verizon Media is a division of the multinational telecommunications company Verizon Communications. It offers digital media, online advertising, and other internet services.

Verizon Media placed second among digital platforms, dueto strong governance of human rights issues and transparency on its advertising policies and algorithms. In August 2019, Verizon Media sold blogging platform Tumblr, but it continued to offer Yahoo Mail, which is the sole service we evaluated in the 2020 RDR Index. Verizon Media has consistently ranked among the top companies in the RDR Index for strong commitments to and governance over human rights, but falls notably short on some security policies. In July 2020, a California court approved a class action settlement in a long-standing case stemming from multiple data breaches over a period of several years that affected billions of Yahoo accounts. The court found that Yahoo had failed to promptly disclose these breaches and ordered the company to beef up its data protection systems and mechanisms for addressing security vulnerabilities. Verizon Media had yet to publish a policy describing how the company handles data breaches as of the publication of the 2020 RDR Index.

Key takeaways

  • Verizon Media’s ad content and targeting policies were clearer than other companies’. But it revealed only a snapshot of its data on the enforcement of ad content and targeting rules.
  • Verizon Media published policies on how it uses algorithmic systems, but revealed only scant information about the risk assessment procedures on these systems.
  • Verizon Media did not publish a policy clearly describing how it responds to data breaches, in the event one should occur.

Key recommendations

  • Adopt a human rights framework for developing and using algorithms. Verizon Media should publicly commit to using human rights as the primary framework guiding its development and use of algorithms.
  • Be more transparent about rules enforcement. Verizon Media should publish data on content and accounts restricted due to policy violations and disclose more comprehensive data on the enforcement of its ad policies.
  • Improve security policies. Verizon Media should publish a policy addressing how it handles data breaches, specify how it controls unauthorized employee access to data, and provide information on third-party security audits.

Services evaluated:

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Jan Rydzak, Veszna Wessenauer

Changes since 2019

  • Verizon Media clarified that it conducts human rights risk assessments on the development and use of algorithms.
  • Verizon Media improved its security policies by committing not to pursue lawsuits or initiate law enforcement investigations against researchers who report security vulnerabilities.
+ 2.53 points

Gained 2.53 points on comparable indicators since the 2019 RDR Index.

Governance64%
Freedom of expression40%
Privacy51%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 64%

Verizon Media earned the second-highest governance score among digital platforms we evaluated on the strength of its oversight of human rights issues, robust internal implementation, and some aspects of its human rights due diligence.

  • Commitment to human rights: Verizon Media made an explicit commitment to protect and respect privacy and freedom of expression as human rights, but did not publish a similar commitment to adhere to human rights principles as it develops and deploys algorithms (G1).
  • Human rights due diligence: Verizon Media provided evidence of robust human rights due diligence, including comprehensive human rights impact assessments (HRIAs) of government regulations in different jurisdictions in which it operates (G4a). The company also revealed that its HRIA process encompasses evaluations of how it enforces its terms of service (G4b) and on its development and deployment of algorithms. Still, we found no equivalent information on targeted advertising (G4c), and it is unclear whether the company’s assessments of the impact of its algorithmic systems specifically consider freedom of expression and information, privacy, and non-discrimination.
  • Stakeholder engagement: Verizon Media is a member of the Global Network Initiative, a multi-stakeholder organization. However, GNI focuses primarily on government demands and does not cover a wider set of human rights issues that internet users face (G5).
  • Remedy: Access to remedy was a weak point in Verizon Media’s overall governance score (G6a). The company provided some information on grievance mechanisms, but the scope of these mechanisms was unclear.

Freedom of expression 40%

Verizon Media had clearer terms of service enforcement processes and advertising policies than many of its peers, but it failed to publish sufficient enforcement data.

  • Content moderation: Yahoo Mail’s Terms of Service and Community Guidelines were easy to find and understand(F1a), but did not clearly explain how users are notified of changes to these policies (F2a). Policies clearly described what content is prohibited and how these rules are enforced, including how the company uses algorithms to combat the spread of child sexual abuse material and prevent other types of abuse(F3a). Yet it did not report data about restrictions to content or accounts for violations of these rules (F4a).
  • Algorithmic use: Verizon Media described how it uses algorithms for Yahoo Mail in its Communication Products Policy, its FAQ, and its Analytics page (F1d).
  • Advertising content and targeting: The company’s Ad Serving Policy and Relevant Advertising Policy were both easy to find and clear, as was its page on How Digital Advertising Works, which provided users with more insight about targeting (F3b, F3c). It was the only company to state that human reviewers examined at least some of its targeting audiences (F3c). Verizon Media’s Ad Policy Enforcement Updates provided some data on ads enforcement (F4c).

Privacy 51%

Verizon Media earned the second-best score on privacy after Apple, but fell short on several security indicators.

  • Handling of user data: Yahoo Mail’s Privacy Policy was clear and easy to find, but did not clearly commit to notifying users of changes prior to those changes coming into effect (P2a). Yahoo Mail did not publish a policy explaining how it develops and trains its algorithms (P1b). The company revealed some information about its data inference practices (P3b). But its Privacy Dashboard and Controls required users to log in to understand what types of data collection and processing they could control (P7). Its publicly available policies provided limited information about how users can control the information Verizon Media collects and no information about how they can control what it infers.
  • Government and private demands for user data: Verizon Media clearly explained how it responds to government requests for user information (P10a). Like other U.S. companies, it did not divulge the exact number of requests received for user data under the Foreign Intelligence Surveillance Act or National Security Letters, or the actions it took in response to these requests, since it is prohibited by law from doing so. The company disclosed information about its policy for notifying users about government demands for their data, but not for private requests (P12).
  • Security: While Verizon Media was adequately transparent about its mechanisms for addressing security vulnerabilities and protecting the security of users’ accounts, its oversight of security issues and policies on data breaches were weak. Verizon Media published an explicit commitment not to pursue legal action against researchers reporting security vulnerabilities (P14). It also retained strong policies on two-factor authentication and other account security features (P17). But Verizon Media failed to specify how it limits and monitors unauthorized employee access to user information and how it conducts third-party audits (P13). The company did not publish a policy on how it addresses data breaches (P15).