Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
Egypt approves controversial ride-hailing bill
The Egyptian parliament has approved a bill that would regulate ride-hailing apps operating in the country. The new law requires ride-hailing companies to store data locally and to retain user data for 180 days and share it with authorities “on request.” An earlier version of the bill had provisions giving authorities real time access to passenger and trip information, but those provisions were amended due to privacy concerns.
Uber and the Dubai-based ride-hailing app Careem already operate in Egypt. Egypt is Uber’s bigger market in the Middle East with 4 million riders and 157,000 drivers in 2017. Careem operates across 12 Middle Eastern countries countries and Pakistan. The company recently announced a breach that affected 14.5 million riders and drivers.
The two companies will have six months to comply with the new regulations. Despite the Egyptian government’s history of abusing its surveillance powers, both Uber and Careem welcomed the bill’s adoption. “This is a major step forward for the ride-sharing industry as Egypt becomes one of the first countries in the Middle East to pass progressive regulations,” Uber said.
Egypt is the second country in the region to pass legislation regulating such services. Earlier, this year Jordan adopted licensing conditions requiring ride-hailing services to provide the authorities with any requested user data stored in their databases, including information related to ‘’the driver, the car, the rider and the trip.’’
Companies should conduct regular, comprehensive human rights risk assessments that evaluate how laws affect freedom of expression and privacy in the jurisdictions in which they operate as well as assessments of freedom of expression and privacy risks when entering new markets or launching new products. Companies should also seek ways to mitigate risks posed by those impacts.
The 2018 Corporate Accountability Index found that internet, mobile and telecommunication companies do not disclose sufficient information about whether not they conduct such assessment, with eight companies failing to reveal any information at all.
Russia disrupted mobile services during anti Putin protests
Russian telecom operators reportedly disrupted mobile services as protests against Vladimir Putin broke out before his inauguration into his fourth term on May 7. Activists said telecom operators were ‘’intentionally degrading the quality of service or even delisting their numbers at the orders of the authorities,’’ Global Voices reported.
One activist said that Beeline, one of the country’s mobile operators, told him that his number was delisted at the request of law enforcement authorities. A representative for the company later released a statement denying that the company restricted access to users’ numbers at the requests of authorities.
Internet, mobile, and telecommunications companies should be transparent about how they handle government requests for content or account restrictions, and publish data about the number of requests received, the number they complied with, and the types of subject matter associated with these requests. Most telecommunication companies evaluated in the 2018 Corporate Accountability Index lacked transparency about how they handle government requests to restrict content or accounts, and did not disclose sufficient data about the number of requests they received or complied with, or which authorities made these requests.
Companies should also notify users when they restrict content. The 2018 Index found that companies do not disclose sufficient data about their user notification policies when they restrict content or accounts.
Cambridge Analytica ordered to give American researcher his own data
The UK’s Information Commissioner’s Office ordered Cambridge Analytica to provide the information it holds on a U.S. academic within 30 days or face an unlimited fine. The company is facing accusations of gaining access to data of millions of Facebook users in the U.S without their consent. It used the data to build detailed profiles of American voters and target them with pro-Trump political ads. David Carroll requested access to the info under the UK data protection law which allows non-residents to access data a British company holds on them.
“The right to request personal data that an organization holds about you is a cornerstone right in data protection law and it is important that Professor Carroll, and other members of the public, understand what personal data Cambridge Analytica held and how they analyzed it,’’ the commissioner said.
Internet, mobile, and telecommunications companies should give users options to control how their information is collected and used for targeted advertising. Companies evaluated in the 2018 Corporate Accountability Index did not disclose enough information about such options. Facebook disclosed less about these options than any of the other 12 internet and mobile ecosystem companies evaluated. Users should also be allowed to obtain all of the information companies hold on them. Ten of 22 companies evaluated in the 2018 Index did not disclose any such options to their users.