Telecommunications companies

Axiata Group Berhad

Rank: 9th
Score: 15%

Headquartered in Malaysia, Axiata Group Berhad provides telecommunications and related services to 150 million mobile users in nine countries across Asia.

Axiata made a commitment to human rights for the first time by joining the UN Global Compact, a voluntary corporate responsibility program, in 2021. Nonetheless, the company managed to slip closer to the bottom of our ranking, owing to a lack of transparency around due diligence, security, handling of user information, stakeholder engagement, and other areas of concern for freedom of expression and privacy.

This year, we have a clearer picture of Axiata’s policies, thanks to EngageMedia, an Asia-Pacific digital rights and open technology nonprofit. EngageMedia adapted the RDR Index methodology to evaluate the policies of 12 mobile operators, including four of Axiata’s local subsidiaries in Cambodia, Indonesia, Nepal, and Sri Lanka. The report found that multiple subsidiaries failed to publish key policies in widely spoken local languages in these countries and, like their parent company, made no commitment to net neutrality. The report also concluded that “telecommunications companies [including Axiata] do not have (or are not interested in having) adequate policies to protect subscribers’ rights in terms of freedom of expression and privacy.”

Axiata also lacked transparency about the way user data fits into its business model; its adtech subsidiary Ada boasts “deep proprietary data of 375 million consumers” for use in targeted advertising and business analytics. Though it is likely that this includes information submitted by Axiata customers as they signed up for mobile service, the company did not say so publicly.

Axiata complies with internet shutdown orders without following any known due diligence process. In October 2021, Axiata’s Bangladeshi operating company complied with a government order to black out the mobile internet, following attacks on religious sites. Unlike an increasing number of its peers, it did not release data about the volume of such demands it receives or complies with. Network shutdowns do great damage to freedom of expression, and there is no evidence they improve public safety. Axiata’s Malaysian subsidiary, Celcom, is in the process of merging with fellow carrier Digi, owned by RDR-ranked Norwegian telco Telenor.

Key takeaways

  • Axiata revealed almost nothing about how it handles government demands for user information or content restrictions.
  • Axiata’s score on privacy indicators declined this year due to its failure to disclose that it carried out internal security audits on a regular basis. In the past, it had publicly disclosed carrying out such audits.
  • The company made a commitment to human rights for the first time by joining the UN Global Compact.

Key recommendations

  • Increase transparency and push back on network shutdown orders. Axiata should explain how it handles government orders to shut down networks and commit to push back against these demands.
  • Publish information about censorship and demands for user information. Axiata should disclose the number of demands it receives and complies with, from both governments and private parties.
  • Publish policies governing ad targeting and the use of algorithmic systems. Axiata should disclose its rules for the application of these technologies, particularly given their central role in the company’s adtech subsidiary Ada.

Services evaluated:

  • Celcom (Prepaid mobile)
  • Celcom (Postpaid mobile)
  • Celcom (Fixed-line broadband)
  • Operating company evaluated: Celcom (Malaysia)For telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
  • Market cap: $7.68 billion (as of November 4, 2022)
  • KLSE, based in Kuala Lumpur: AXIATA
  • Read more about how stock structures can be a barrier to shareholder participation
  • Website: https://www.axiata.com

The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Zak Rogoff, Anna Lee Nabors

Changes since 2020

  • The company made its first commitment to human rights, by joining the UN Global Compact.
  • Axiata broadened its limited process for carrying out privacy-related impact assessments to include third-party vendors.
  • The company provided more information on the third parties with which it shares information.
  • Axiata did not disclose, in its most recent annual report, that it still carries out internal security audits on a regular basis, as it claimed to do in a previous annual report.

Scores since 2017

100%0%2017201820192020202213%14%14%16%15%
Most companies’ scores dropped between 2019 and 2020 with the inclusion of our new indicators on targeted advertising and algorithmic systems. To learn more, please visit our Methodology development archive.
Governance28%
Freedom of expression5%
Privacy16%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 28%

Axiata disclosed almost nothing about its human rights due diligence (G4), though it scored marginally better than Etisalat and Ooredoo because it committed—though without providing details—to assess privacy impacts of activities it has already deemed “high risk” (G4a). Axiata also scored better than Etisalat and Ooredoo on policy commitments related to corporate governance. Axiata joined the UN Global Compact, signaling a commitment to human rights broadly, but failed to commit to human rights in algorithmic use and development. The company disclosed very little on remedy and grievance procedures (G6), receiving the second-lowest score of any company we rank.

Freedom of expression 5%

Axiata lacked integral processes for protecting users’ freedom of expression. It required that users provide identification when registering for a mobile plan (F11) and had no process for notifying users when they are attempting to access content that is blocked or restricted (F8). It was tied with Airtel and Ooredoo for the least transparency regarding government orders for network shutdowns (F10), providing only a vague list of reasons why services may be terminated. It provided no disclosure regarding its process for responding to third-party demands to censor users (F5) and did not publish data about content and accounts removed due to government (F6) and private demands (F7).

Privacy 16%

With its score declining since the 2020 RDR Index, Axiata earned the third-lowest score in this category. The company provided a minimal description of its process for handling government demands for user information (P10a), but offered little to no disclosure on several key privacy areas including how many government demands it complies with, how long it retains user data (P6), and mechanisms for users to control the use of their data (P7). It also failed to share anything on security measures, including whether and how it addresses security vulnerabilities (P14) and data breaches (P15).