Telefónica, S.A.
Headquartered in Spain, Telefónica provides mobile and fixed-line broadband and telephony to more than 369 million customers in Europe and Latin America.
Telefónica implemented a number of recommendations from our previous ranking and, for the first time, led its peers in all three of our categories. It made a new commitment to assessing the human rights impacts of its use of both targeted advertising and zero rating. But this year, Telefónica pulled out from the primary multi-stakeholder organization dedicated to human rights in the tech and telecom sectors, the Global Network Initiative (GNI). Telefónica has lost access to an important forum for tech and telecom companies committed to protecting users from inappropriate government demands.
In an action that appears to contradict its strong policies protecting user privacy, the company joined other telcos in requesting that policymakers stop the rollout of Apple’s Private Relay, software which keeps telcos and websites from seeing iPhone users’ browsing data. Telefónica is also participating in TrustPID, a new technology that allows telcos to attach unique IDs to web users for tracking and ad targeting. Similar to the controversial “supercookie” deployed by U.S. telco Verizon in 2016, TrustPID gives telcos a new way to engage in targeted advertising. As privacy concerns and protections diminish the use of third-party tracking cookies, TrustPID may take up the work of identifying internet users for advertising, particularly in Europe.
Telefónica is still the only company we rank that both made a clear commitment to human rights with regard to algorithmic systems and disclosed the policies it has in place to meet it. Room for improvement remained, however. Telefónica provided insufficient control to users in determining how their data was employed in developing these algorithmic systems. It also failed to explain how it employs algorithmic systems to identify violations of its policies by its users.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Telefónica was the only company ranked by RDR (including in the Big Tech Scorecard) to perform human rights impact assessments on all the topics covered by our standards: the effects of laws in the jurisdictions where it operates (G4a), enforcement of company policies (G4b), targeted advertising (G4c), algorithmic systems (G4d), and zero rating (G4e). Despite its leadership on governance, it is no longer a member of GNI (G5), the best existing corporate accountability mechanism protecting users from inappropriate government demands. To further improve its score, Telefónica must clarify its processes for mitigating human rights harms reported to the company by its users (G6a).
Telefónica was one of only five ranked companies to clearly commit to net neutrality (F9). It published the rules it enforces on its systems, including for advertisers on its Movistar+ TV platform (F3). However, some rules were overbroad and Telefónica did not publish any data about how often it enforced these policies (F4). It was the only telco we rank that published operational-level policies addressing the use of algorithmic systems across its services (F1d). The company was transparent about its due diligence process for addressing government blocking demands (F5a). It had a policy in place of denying any such demands from private entities (F5b).
For the first time, Telefónica outperformed Deutsche Telekom in this area and earned the highest privacy score among the telcos we rank. Telefónica stood out for its transparency and due diligence around government demands for user information, which can strongly impact human rights (P10a, P11a). Compared to other telcos, the company had clear and comprehensive policies governing data collection and use. Its policies addressed often-neglected issues such as inference of user information (P3b) and algorithmic system development (P1b). But it did not provide users with enough options for controlling the information it collects from them (P7). Further, it remained relatively weak on security, particularly with regard to instituting measures that would protect external security researchers (P13) and mitigate harm to users affected by data breaches (P15).