Samsung Electronics Co., Ltd.
Headquartered in South Korea, Samsung is one of the world’s largest manufacturers of consumer electronics, its main source of revenue. After Google, it is the world’s largest producer of the Android operating system. It shipped 274.5 million smartphones in 2020.
Samsung powered over one billion mobile phones worldwide in 2021. But despite its enormous role in providing mobile software and hardware around the globe, it once again received one of the lowest scores in our ranking.
In 2021, the company’s profits surged in spite of multiple public scandals. Samsung chairman Lee Jae-yong was jailed in South Korea for bribing the country’s former president to approve a merger, and regulators hit the company with the country’s largest-ever antitrust fine for unfair contracting practices. Reporting by Reuters also revealed that Samsung’s supply chain labor included Uyghur Muslims from China’s Xinjiang region, who had been forced to work in prison-like conditions for the U.S.-based firm Universal Electronics, Inc. The firm, which also supplies Microsoft, LG, and Sony, was operating under an agreement with the Chinese government.
Consistent with the company’s poor performance on our privacy and security metrics, Samsung’s preinstalled apps were caught spying on users. Academic researchers found that Android operating systems modified by Samsung (along with Huawei and Xiaomi) allowed those companies, along with certain preinstalled third-party apps, to capture various kinds of user data even when users had opted out of tracking and other kinds of data collection. Samsung gave users no way to fully disable the surveillance.
In our research, we found that the company’s mechanism for users to submit privacy grievances was inadequate. Samsung also had the dubious honor of being the only company we rank that failed to give users any tips on how to protect their privacy. Regulations are not to blame for Samsung’s poor performance. The company, in fact, has long lagged far behind its South Korean peer, Kakao, on most indicators in our methodology.
The 2022 Big Tech Scorecard covers policies that were active on November 1, 2021. Policies that came into effect after November 1, 2021, were not evaluated for this ranking.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Samsung made a commitment to respect users’ freedom of expression and privacy (G1), but did little to show how it was implemented. It provided no evidence of conducting human rights impact assessments associated with policy enforcement, targeted advertising, or algorithmic systems (G4). The company stated that it does perform privacy impact assessments (G4a). It also maintains a customer complaint system, as required by South Korean law, but the system can only be used to file complaints related to privacy concerns, and it gives users little assurance regarding the company’s actual procedure or time frame for reviewing complaints (G6a). Despite the diverse communities who use its devices, Samsung disclosed no systematic engagement with people whose rights to privacy and freedom of expression and information are directly affected by the company’s actions (G5).
Samsung disclosed some information about how it restricts content and accounts (F3a) but it offered no data on the volume of accounts it restricted for violating its rules (F4a, F4b). Samsung revealed nothing about its processes for handling government or private requests to restrict content or accounts (F5) and no data about the number of requests it received or complied with (F6, F7). South Korean law does not prohibit companies from disclosing this information. South Korean digital platform Kakao has offered this disclosure since 2012.
Samsung disclosed less about its privacy-related policies and practices than any of its peers. Though it made minor improvements in some areas, including its procedures for receiving security vulnerability reports and for pushing security updates (P14), Samsung failed to disclose information in several key areas. The company disclosed nothing about its process for handling data breaches (P15), encryption of user communications (P16), or third-party requests for user information (P10, P11). It failed to provide resources to educate users about potential privacy risks (P18).