The COVID-19 pandemic has brought about a multitude of crises that stretch far beyond the realm of public health. In conflict areas like Yemen, the disease compounded already dire circumstances for civilians seeking protection from ongoing violence. For students around the world, it laid bare the meaning of the digital divide: those with reliable internet access have been able to keep up with schooling, and those without have fallen behind. In the tech sector, while profits have soared, the spread of algorithmically-driven disinformation about the virus has brought fatal consequences to people around the world.

While the digital platforms we rank were all prepared to seize the moment and profit from the circumstances created by the pandemic, all the companies were caught off guard by the impact of COVID-19 on their own users. Yet they have all weathered crises before. Telcos have raced to repair infrastructure in the wake of natural disasters. Platforms have grappled with government censorship orders in the face of political upheaval.

The way a company responds to a crisis does not just affect its bottom line. It can have profound implications for the fundamental rights of millions, if not billions, of people, whether or not they are “users” of a product or service that the company provides.

The year 2020 could not have given us a better set of case studies in just how dangerous it is for these companies to be so unprepared for the human impact of crisis.

And yet tech juggernauts are expanding their monopolies as custodians of user data and gatekeepers of access to content with no more accountability than before.

In moments of crisis, companies can enable human rights violations, or they can try to mitigate them by following cornerstone business and human rights practices, like providing remedy to the affected and finding real ways to prevent further abuse.

How can companies shape their policies and practices so that they are prepared—rather than blindsided—when the next crisis strikes? We looked at a few key examples from the past year to help answer this question.

No network, no peace

From Azerbaijan to Myanmar to Zimbabwe, network shutdowns have become a knee-jerk government response to conflict and political upheaval. In 2019 alone, governments around the world ordered approximately 213 network shutdowns, many of them designed to be indefinite.

Incitement gone viral

When social media posts inciting political violence go viral, the consequences can be fatal. There will always be bad actors on the internet. But research has shown that companies’ algorithmic systems can drive the reach of a message by targeting it to people who are most likely to share it, influencing the viewpoints of thousands or even millions of people.^[1]

Facebook itself has published research on its operations in Germany showing that 64 percent of the time, when people join an extremist Facebook Group, they do so because the platform recommended it.

Structured human rights impact assessments are rapidly gaining acceptance as a model for evaluating the harms that a company may cause or contribute to in different contexts. Strong due diligence can help predict, for instance, the rise of fringe movements in social media communities or the likelihood of coordinated extremist violence moving from online spaces into real life. Yet only four companies we ranked appeared to conduct impact assessments of their own policy enforcement, where these kinds of threats often arise.

Companies cannot build resilience to shocks without bridging these gaps, and it is virtually certain that more governments will soon make conducting due diligence compulsory for companies. We urge companies to conduct these assessments before they launch new products or services, or enter new markets, to mitigate harms before they happen.

Companies are erratic and opaque about how they implement their human rights commitments in ordinary times, but these things can become even murkier in volatile situations, and the consequences are often most severe for marginalized communities. When a social media-driven crisis unfolds, companies often fail to respond unless they perceive a risk to their reputation. This encourages the proliferation of “scandal-driven” human rights due diligence that, at most, helps to survey or contain the damage rather than prevent it.^[2]

In Sri Lanka in 2018, rampant hate speech on Facebook helped instigate a wave of violent attacks, mostly targeting Muslims, who represent a minority in the predominantly Buddhist country. Following bitter criticism from civil society and coverage by major media including the New York Times, Facebook commissioned a third-party assessment of its operations in Sri Lanka. In May 2020, the company released an abridged version of the assessment, alongside two others it had commissioned two years prior.

While this marked a step in the right direction, the public documentation showed little evidence that the assessors had investigated how Facebook’s ranking and recommendation algorithms helped incite communal violence and exacerbate other harms. In its response to two of the assessments, Facebook addressed this issue in the most skeletal way, claiming only that certain engagement-driving algorithms were “now phased out.”

Companies also need to publicly report how they carry out these actions. Here too, the companies in the RDR Index are falling short. Facebook’s Community Standards Enforcement Report, for example, does not include the total volume of restricted content or accounts, enforcement by restriction type, or country-specific information.

Companies must include algorithmic transparency in their reporting as well. They should publish rules and policies covering their approach to algorithms and targeted advertising as the basis for their transparency reporting and corporate due diligence.

More algorithms, more appeals

When it comes to content moderation, companies will always make mistakes. Given the scale at which digital platforms operate, there is simply no way to protect everyone from the harms that can arise from online content and companies’ censorship decisions. This is why a user’s right to remedy, or to appeal a company’s content decisions, is so important.

Losing access to remedy can leave people in a sort of information and communication limbo. When accounts are wrongfully suspended, people lose what might be their only remote communication tool. On the content side, we’ve seen companies mistakenly censor everything from vital public health information, to calls for protest, to evidence of war crimes.

When the COVID-19 pandemic struck, Facebook sent home workers who review millions of posts each day for rule violations. The company decided to put its algorithms in charge instead, hoping the technology would keep content moderation processes moving. But the solution had at least one critical flaw: it was unable to address appeals. In an August 2020 press call, Facebook explained that it had severely scaled back the processing of new appeals sent by disgruntled users, indicating that the company’s experiments with algorithmic moderation had not worked out so well. The system’s apparent collapse left millions of users unable to appeal moderation decisions at all.

The story at YouTube was different. Like Facebook, Google (YouTube’s parent company) was forced to send workers home, also “relying more on technology” to carry out content moderation. Google even offered a statement saying that the change might result in the company “removing more content that may not be violative of our policies.” But Google also thought ahead and ramped up its appeals systems, anticipating that algorithmic content moderation would lead to more wrongful removals and more appeals from users. Indeed, appeals doubled in the same period. But because the company took measures to prepare, the number of videos restored on appeal quadrupled.

How can companies prepare for crisis?

No person or company can anticipate every harm that will arise in an emergency. But there is a significant distance between this zone of impossibility and the lack of preparedness that many companies exhibited in 2020. Our indicators, which draw extensively from international human rights doctrine and the expertise of human rights advocates around the world, offer a path forward. 

Whether circumstances are ordinary or extraordinary, companies should pursue three objectives (among many others) if they seek to improve.

1. Publicly commit to human rights

Companies must make a public commitment to respect human rights standards across their operations.^[3] Of course, a policy alone will not improve performance. As our 2020 data showed, many companies in the RDR Index committed to human rights in principle, but failed to demonstrate these commitments through the practices that actually affect users’ rights. These kinds of commitments can serve as a tool for a company to measure and document violations, and for advocates to push for better policies at the product and service level.

Take Apple, which was one of the most improved companies in the 2020 Index, largely due to a new human rights policy that the company published after years of sustained pressure by RDR and others. When Apple delayed the rollout of pro-privacy, anti-tracking features in iOS 14, advocates (including RDR) were able to use the new policy to hold the company to account.

2. Double down on due diligence

Large multinational companies like the ones in our index can no longer plead ignorance. They must reinforce their policy commitments by putting human rights at the center of their practices, and carrying out robust human rights due diligence. 

Companies that conduct human rights impact assessments should see early warning signs when political or social conflict is on the horizon, and they can act on this by enhancing scrutiny of online activity, stanching the spread of inciting or hateful content, or even notifying authorities, where appropriate. When chaos erupts, a company with strong due diligence processes in place can quickly identify how its platform may be used to cause harm and activate protocols to protect potential victims.

3. Pull back the curtain and report data

Companies can and do report some data on their enforcement of their own policies, along with compliance with government censorship and surveillance demands, in the form of transparency reports. 

While 16 companies in the RDR Index offer some kind of transparency report (and two others have begun doing so since our research cutoff date), none of these companies does nearly enough to show users, civil society, or policymakers what’s really happening behind the curtain. 

Only five companies in the 2020 RDR Index published data about enforcement of their own policies and only six revealed data on government censorship demands. Even existing transparency reports suffer from major blind spots. Facebook’s Community Standards Enforcement Report, for example, does not include the total volume of restricted content or accounts, enforcement by restriction type, or country-specific information.

Together, such gaps can deprive users and researchers of the ability to map enforcement surges to specific events, especially as companies expand their arsenal of enforcement actions. Greater clarity here would brighten what remains a grim landscape.

Better late than never

Without preparedness, crises spin out of control. Understaffed hospitals and truncated national pandemic response teams fail to harness the outbreaks of diseases, security forces fail to protect core institutions overwhelmed by frenzied mobs, and social media companies fail to quash online threats of violence before they lead to real-life harm.

Companies can address these harms by anchoring all of their actions in international human rights standards. Companies that build respect for human rights into their policies and products from the start will always be better prepared to face uncertainty than those that do not.

As we continue to grapple with a global crisis that has kindled innumerable local fires, companies continue to make ad hoc decisions that affect millions. They are late to embrace these standards. But late is better than never.