Bharti Airtel Limited
Headquartered in India, Airtel provides mobile, fixed-line broadband, and voice services in India and 15 other countries in South Asia and Africa. With a global user base of 497 million, it is the second-largest mobile operator in India.
At the end of last year, India’s mobile market reached one billion active subscribers, joining China’s as one of only two markets to reach this number. For years, India has also been the country with the highest number of government-ordered network shutdowns. India’s central, state, and local governments have ordered shutdowns in response to violence and protests. They claimed the shutdowns were meant to address public emergencies and protect public safety. But government actors have also ordered shutdowns for non-urgent administrative purposes, such as preventing cheating on exams for entry into government jobs. Although the Indian government has ordered almost 700 shutdowns since 2012, Airtel continued to provide almost no information or data to the public about how it handles such orders. This fall, the Department of Telecommunications of India released the draft Indian Telecommunication Bill 2022. The bill has already been criticized for providing the government with expansive new shutdown and surveillance powers.
In August, the Indian government unexpectedly withdrew its controversial 2019 draft of a new personal data protection law, following accusations from privacy advocates and some lawmakers that the bill would have given the government too much power over user data. But this decision has also prolonged the wait for new national legislation to safeguard people’s privacy in the country with the fastest-growing population of internet users in the world.
Airtel shared little about how it handles and protects user information and gave users few options to control the use of their data. Regulations such as India’s Information Technology Rules do discourage companies from sharing adequate details about some government orders for user information. But there are no laws or regulations stopping companies from disclosing processes for handling third-party demands for content removal or for user information. Still, Airtel disclosed almost nothing about such demands.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Airtel was opaque about its governance processes related to freedom of expression and privacy. The company committed to respecting human rights (G1) and disclosed that it conducts annual human rights due diligence across its operations. But it failed to specify what human rights risks it assesses (G4). There was still no evidence that Airtel engages with civil society on freedom of expression or privacy issues (G5).
As the least transparent company on policies and practices affecting users’ freedom of expression, Airtel offered only limited information about its process for restricting content or accounts (F3a). It did not release any policies guiding the use of targeted advertising or advertising content (F1b, F1c, F2b, F2c, F3b, F3c). The company was silent about how it handles government demands and private requests for removing content or accounts (F5a, F5b). It also failed to publish any relevant data about the nature or volume of content or accounts restricted by the company, either to enforce its own policies or to comply with third-party requests (F4, F6, F7).
Airtel performed significantly better on privacy than it did on freedom of expression, but its overall transparency on privacy was still weak. It offered some information about how it collects user information (P3a) and then shares that information (P4). The company provided very limited options for users to access (P8) or control (P7) their data. It revealed nothing about how long it retains user information (P6) or about what measures it has in place to handle potential data breaches (P15). It was almost completely silent about how it manages third-party requests for user information (P10a, P10b, P11a, P11b).