MTN Group Limited
Headquartered in South Africa, MTN provides internet access and mobile telephony to more than 272 million customers across 19 countries in Africa, the Middle East, and central Asia. It offers voice and data plans as well as cloud infrastructure.
Companies from emerging economies made the biggest improvements since the 2020 RDR Index, and MTN exemplified the trend. The company’s score jumped from 23% to 34% as it began engaging in transparency reporting, joined the Global Network Initiative (GNI), and implemented other RDR recommendations. GNI is the primary multi-stakeholder forum for tech and telecom companies committed to protecting users from inappropriate government demands. It arranges external expert reviews of all member companies’ mechanisms for identifying human rights risks caused by their activities.
Though MTN broke ground as the first major African transnational telco to publish a transparency report, it quickly undermined this achievement. Published soon after the 2020 RDR Index, MTN’s first transparency report included data about government demands for user information, account restrictions, and internet shutdowns. Yet after releasing its second transparency report in 2021, the company deleted the first report from its website with no explanation. The deleted first report contained data on government demands from Iran, subsequently omitted from the second and third reports.[1]
In fall 2021, Ugandan nongovernmental organization Unwanted Witness adapted RDR’s methodology to call out disparities in privacy and data protection policies across the company’s operating units in different countries throughout Africa. Privacy policies were found to be more robust in South Africa and Nigeria than in the smaller market of Uganda. Meanwhile, RDR data has shown for years that, even for users in its home country of South Africa, the terms of service for MTN’s mobile plans are hard to find on its website and not always easy for users to understand due to spacing and formatting issues.
In recent years, governments across Africa have begun pushing for all citizens to register their SIM cards with their government ID or biometrics, citing domestic security concerns such as terrorism. Companies, including MTN, are facing increased pressure from governments to disconnect all unverified users. Uganda-based civil society organization CIPESA has pointed out the risks for privacy and freedom of expression of mandatory SIM registration, especially given the fact that only half of African countries have laws in place protecting privacy rights. MTN’s transparency reporting program, which reports disconnections of unregistered SIM cards, may prove an important tool for tracking and responding to this trend.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
MTN disclosed that it conducts annual human rights impact assessments, which consider freedom of expression and privacy. But their scope was vague and they appeared to lack focused consideration of high-risk areas such as algorithmic systems, zero rating, and targeted advertising (G4). The company also contracted an external, expert firm to verify the assessment (G4a) it began in 2021, and as long as it remains a member of the Global Network Initiative, its future assessments will be verified through that organization’s formal process.
MTN’s yearly transparency reports included data about the government demands it receives both to deactivate accounts (F6) and shut down the internet (F10). However, for some countries, it omitted its rate of compliance with such demands. This included nations with significant ongoing human rights violations being carried out by the government, such as Cameroon and Iran (in the latter case, the company also failed to share the total number of demands). The company did not commit to network neutrality, running a “No Data Facebook” zero-rating program that gives Facebook a competitive advantage by exempting it from data caps (F9). Further, the terms of service for MTN’s prepaid mobile and fixed broadband plans were difficult to identify in the policy section of MTN’s South African website (F1a). The company had no policies governing the content or targeting of the location-based text message ads it delivers on behalf of other companies (F1b, F1c).
Until this year, MTN’s privacy score had never surpassed that of any European telco, but this year it surpassed both Telenor and Orange. MTN earned this increase mainly by committing to stronger internal security measures (P13) and by disclosing government demands for user information (P10a) in the transparency reporting program it began soon after the 2020 RDR Index. It was also the only telco to disclose that it allows users to download the data it algorithmically infers about them (P8). The company is nevertheless lacking clear and comprehensive disclosures about foundational privacy questions, namely what information it collects (P3a), infers (P3b), and shares (P4).
[1] MTN’s second transparency report, released in 2021 and covering 2020, states that Iran and several other countries were “excluded due to insufficient information and in-country reporting limitations.” The third report, released in 2022 and covering 2021, states that Iran was excluded due to MTN’s minority ownership.
[2] In September 2022, MTN published a “Position Statement on Responsible Marketing” that includes some information about MTN’s use of targeted advertising. However, it was released after the June 1, 2022 cutoff date for this research cycle.