Digital platforms

Samsung Electronics Co., Ltd.

Rank: 11th
Score: 26%

Headquartered in South Korea, Samsung is one of the world’s largest manufacturers of consumer electronics, its main source of revenue. After Google, it is the world’s largest producer of the Android operating system. It shipped 274.5 million smartphones in 2020.

Yahoo2
54%
Google4
47%
Meta5
46%
Apple6
44%
Kakao6
44%
Yandex8
35%
Baidu9
28%
VK9
28%
Alibaba11
26%
Samsung11
26%
Amazon13
25%
Tencent13
25%

Samsung powered over one billion mobile phones worldwide in 2021. But despite its enormous role in providing mobile software and hardware around the globe, it once again received one of the lowest scores in our ranking.

In 2021, the company’s profits surged in spite of multiple public scandals. Samsung chairman Lee Jae-yong was jailed in South Korea for bribing the country’s former president to approve a merger, and regulators hit the company with the country’s largest-ever antitrust fine for unfair contracting practices. Reporting by Reuters also revealed that Samsung’s supply chain labor included Uyghur Muslims from China’s Xinjiang region, who had been forced to work in prison-like conditions for the U.S.-based firm Universal Electronics, Inc. The firm, which also supplies Microsoft, LG, and Sony, was operating under an agreement with the Chinese government.

Consistent with the company’s poor performance on our privacy and security metrics, Samsung’s preinstalled apps were caught spying on users. Academic researchers found that Android operating systems modified by Samsung (along with Huawei and Xiaomi) allowed those companies, along with certain preinstalled third-party apps, to capture various kinds of user data even when users had opted out of tracking and other kinds of data collection. Samsung gave users no way to fully disable the surveillance.

In our research, we found that the company’s mechanism for users to submit privacy grievances was inadequate. Samsung also had the dubious honor of being the only company we rank that failed to give users any tips on how to protect their privacy. Regulations are not to blame for Samsung’s poor performance. The company, in fact, has long lagged far behind its South Korean peer, Kakao, on most indicators in our methodology.

Key takeaways

  • Samsung disclosed no evidence of conducting systematic engagement with stakeholders whose rights are directly impacted by the company.
  • Samsung remained the lowest-scoring company in our privacy category. It was the only digital platform we ranked that failed even to give users tips on how to protect their own security.
  • Samsung disclosed nothing about its processes for responding to third-party requests for content restrictions or user information. It published no data about these requests.

Key recommendations

  • Commit to human rights due diligence across operations. Samsung should publish more information about its privacy impact assessments. It should expand them to consider freedom of expression and conduct similar assessments on its policy enforcement, targeted advertising practices, and algorithmic systems.
  • Improve security practices. Samsung should reinstate its commitment to respond to security vulnerability reports within 48 hours. It should also institute a policy for remedying the impacts of data breaches on its users.
  • Help users protect their security. Despite the fact that its users’ smartphones hold the keys to their digital lives, Samsung is the only digital platform we rank that does not publish security guidance for users.

Services evaluated:

  • Samsung implementation of Android

The 2022 Big Tech Scorecard covers policies that were active on November 1, 2021. Policies that came into effect after November 1, 2021, were not evaluated for this ranking.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Zak Rogoff, Mila Bajic

Changes since 2020

  • Samsung clarified previously vague statements indicating that users can request to view the personal information the company holds on them.
  • Samsung provided new information about its mechanisms for receiving bug reports. It also disclosed that it will provide security updates for the software on some of its phones for at least four years after their original release.
  • Samsung removed a disclosure that gave a time frame for responding to reports of security vulnerabilities.

Scores since 2017

100%0%2017201820192020202226%28%29%23%26%
Most companies’ scores dropped between 2019 and 2020 with the inclusion of our new indicators on targeted advertising and algorithmic systems. To learn more, please visit our Methodology development archive.
Governance29%
Freedom of expression17%
Privacy29%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 29%

Samsung made a commitment to respect users’ freedom of expression and privacy (G1), but did little to show how it was implemented. It provided no evidence of conducting human rights impact assessments associated with policy enforcement, targeted advertising, or algorithmic systems (G4). The company stated that it does perform privacy impact assessments (G4a). It also maintains a customer complaint system, as required by South Korean law, but the system can only be used to file complaints related to privacy concerns, and it gives users little assurance regarding the company’s actual procedure or time frame for reviewing complaints (G6a). Despite the diverse communities who use its devices, Samsung disclosed no systematic engagement with people whose rights to privacy and freedom of expression and information are directly affected by the company’s actions (G5).

Freedom of expression 17%

Samsung disclosed some information about how it restricts content and accounts (F3a) but it offered no data on the volume of accounts it restricted for violating its rules (F4a, F4b). Samsung revealed nothing about its processes for handling government or private requests to restrict content or accounts (F5) and no data about the number of requests it received or complied with (F6, F7). South Korean law does not prohibit companies from disclosing this information. South Korean digital platform Kakao has offered this disclosure since 2012.

Privacy 29%

Samsung disclosed less about its privacy-related policies and practices than any of its peers. Though it made minor improvements in some areas, including its procedures for receiving security vulnerability reports and for pushing security updates (P14), Samsung failed to disclose information in several key areas. The company disclosed nothing about its process for handling data breaches (P15), encryption of user communications (P16), or third-party requests for user information (P10, P11). It failed to provide resources to educate users about potential privacy risks (P18).