Axiata Group Berhad
Headquartered in Malaysia, Axiata Group Berhad provides telecommunications and related services to 150 million mobile users in nine countries across Asia.
Axiata made a commitment to human rights for the first time by joining the UN Global Compact, a voluntary corporate responsibility program, in 2021. Nonetheless, the company managed to slip closer to the bottom of our ranking, owing to a lack of transparency around due diligence, security, handling of user information, stakeholder engagement, and other areas of concern for freedom of expression and privacy.
This year, we have a clearer picture of Axiata’s policies, thanks to EngageMedia, an Asia-Pacific digital rights and open technology nonprofit. EngageMedia adapted the RDR Index methodology to evaluate the policies of 12 mobile operators, including four of Axiata’s local subsidiaries in Cambodia, Indonesia, Nepal, and Sri Lanka. The report found that multiple subsidiaries failed to publish key policies in widely spoken local languages in these countries and, like their parent company, made no commitment to net neutrality. The report also concluded that “telecommunications companies [including Axiata] do not have (or are not interested in having) adequate policies to protect subscribers’ rights in terms of freedom of expression and privacy.”
Axiata also lacked transparency about the way user data fits into its business model; its adtech subsidiary Ada boasts “deep proprietary data of 375 million consumers” for use in targeted advertising and business analytics. Though it is likely that this includes information submitted by Axiata customers as they signed up for mobile service, the company did not say so publicly.
Axiata complies with internet shutdown orders without following any known due diligence process. In October 2021, Axiata’s Bangladeshi operating company complied with a government order to black out the mobile internet, following attacks on religious sites. Unlike an increasing number of its peers, it did not release data about the volume of such demands it receives or complies with. Network shutdowns do great damage to freedom of expression, and there is no evidence they improve public safety. Axiata’s Malaysian subsidiary, Celcom, is in the process of merging with fellow carrier Digi, owned by RDR-ranked Norwegian telco Telenor.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Axiata disclosed almost nothing about its human rights due diligence (G4), though it scored marginally better than Etisalat and Ooredoo because it committed—though without providing details—to assess privacy impacts of activities it has already deemed “high risk” (G4a). Axiata also scored better than Etisalat and Ooredoo on policy commitments related to corporate governance. Axiata joined the UN Global Compact, signaling a commitment to human rights broadly, but failed to commit to human rights in algorithmic use and development. The company disclosed very little on remedy and grievance procedures (G6), receiving the second-lowest score of any company we rank.
Axiata lacked integral processes for protecting users’ freedom of expression. It required that users provide identification when registering for a mobile plan (F11) and had no process for notifying users when they are attempting to access content that is blocked or restricted (F8). It was tied with Airtel and Ooredoo for the least transparency regarding government orders for network shutdowns (F10), providing only a vague list of reasons why services may be terminated. It provided no disclosure regarding its process for responding to third-party demands to censor users (F5) and did not publish data about content and accounts removed due to government (F6) and private demands (F7).
With its score declining since the 2020 RDR Index, Axiata earned the third-lowest score in this category. The company provided a minimal description of its process for handling government demands for user information (P10a), but offered little to no disclosure on several key privacy areas including how many government demands it complies with, how long it retains user data (P6), and mechanisms for users to control the use of their data (P7). It also failed to share anything on security measures, including whether and how it addresses security vulnerabilities (P14) and data breaches (P15).