Telenor ASA
Headquartered in Norway, Telenor Group offers mobile and fixed-line broadband services to 166 million customers across Nordic countries and Asia.
Telenor sold its Myanmar subsidiary a year after the 2021 military coup that saw the civilian government, voted into power in 2010, deposed. For months after the coup, the company—which first entered the country in 2014 during a period of democratization—faced pressure from civil society to honor its commitments to human rights by protecting users from the junta’s orders to spy on citizens and shut down the internet.
Telenor provided thorough documentationof the human rights challenges it faced in Myanmar since 2014, including a list of shutdown orders. In addition to the pressures it faced from the authorities, Telenor's decision to leave triggered a backlash from human rights activists, who have emphasized the risks of transferring the data of millions of users to Lebanon’s M1 Group, the company to which it sold its subsidiary. M1 has since transferred control of 80% of the operation to a local military-linked company, the Shwe Byain Phyu conglomerate. To mitigate the crisis, the company has reached an agreement with civil society organizations from Myanmar to provide training and support to former clients and employees there.
With Telenor operating in several higher-risk markets with regard to human rights, it was transparent about why it shuts down its network, how it responds to government demands to do so, and the number of government shutdown orders it received and complied with. Telenor also shared detailed information about how it managed government demands for content or account restrictions and for user information. Yet it released only some data about the nature and volume of the government demands it received.
The Norwegian telecom giant’s setback in Myanmar did not impede the company’s Asian expansion. In November of 2021, Telenor agreed to merge its Thai telecom unit with that of Thailand-based conglomerate Charoen Pokphand Group, creating the largest mobile carrier in the kingdom, with 51 million users. In October, the merger was approved by the Thai telecom regulator, almost one year after the initial announcement. In June, Malaysia’s telco regulator approved a merger between Digi and Celcom, the Malaysian mobile operators of Telenor and Axiata, respectively. The new entity will form the country’s biggest player in the sector.
By 2021, Telenor’s Asian operations already accounted for around half of the company’s annual revenue. This year, the company announced the formation of Singapore-based Telenor Asia, an independent regional hub that will lead the company’s operations in Bangladesh, Malaysia, Pakistan, and Thailand.
In 2021, Telenor received a reprimand from the Norwegian Data Protection Authority, as the company failed to report a vulnerability in the protection of personal data for its voicemail service, leading to data breaches affecting about 1.3 million subscribers. Meanwhile, the company revealed nothing about what measures it has in place to handle data breaches.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Telenor was significantly more transparent about its governance than about its practices and policies regarding freedom of expression and privacy. The company had policies in place for oversight and internal implementation of its human rights commitments (G2, G3). Although Telenor revealed that it conducts a thorough human rights risk assessment of the regulatory and policy landscapes in which it operates (G4a), these assessments did not tackle the risks associated with targeted advertising, algorithmic systems, and zero-rating services, or with its own processes for policy enforcement (G4b, G4c, G4d, G4e).
Telenor shared detailed information about the network shutdown orders it received (F10), but it lacked transparency on its processes for policy enforcement affecting freedom of expression more broadly. The company failed to publish adequate rules outlining its use of targeted advertising or advertising content (F1b, F1c, F2b, F2c, F3b, F3c). Although Telenor released some data about the accounts it restricted to comply with government demands (F5a), it did not provide any data about content, advertisements, or accounts restricted to enforce its own policies (F4a, F4b, F4c).
Despite some improvement in its privacy policy, Telenor still provided only partial information about how it collects, shares, or retains user information (P3a, P4, P6, P9) and offered only limited options for users to manage and control their own data (P7). Meanwhile, Telenor disclosed the least amount of information about data security policies among European and U.S. telecommunication companies. The company was silent about how it responds to data breaches (P15).