abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb

16 May 2019

16/05/19 - Laura Reed, Research and Engagement Manager at Ranking Digital Rights

Ranking Digital Rights 2019 index finds tech companies 'still failing' to curb abuse on privacy and free expression

See all tags

Despite some notable progress, most of the world’s biggest internet, mobile, and telecommunications companies are still failing to predict and mitigate the human rights harms of their business decisions, design choices, and deployment of new technologies.

Since 2015, Ranking Digital Rights (RDR) has benchmarked a growing number of major listed multinational companies on their respect for internet users’ freedom of expression and privacy. Most have improved to varying degrees, while the companies that led in the 2019 RDR Corporate Accountability Index all demonstrated and disclosed stronger governance of human rights risks. 

However, despite these improvements, a majority of the companies evaluated failed to disclose enough information about governance and oversight.

The results underscore the importance of strong governance when it comes to building an internet that supports and sustains human rights. 

The 2019 RDR Index ranked 24 companies on 35 indicators examining publicly disclosed commitments, policies, and practices affecting freedom of expression and privacy, including governance and accountability mechanisms. 

Microsoft had the top score, unseating Google, which led previous editions of the RDR Index. Among telecommunications companies, Telefónica shot to the top, surpassing Vodafone. Not only did Microsoft and Telefónica lead overall; they also led in the Governance category. Other companies had significant gaps in their disclosure. 

Much of the bad news plaguing the tech sector—data breaches, misuse of user information, surveillance and censorship, and enforcement of terms of service in ways that fail to respect users’ human rights—is related to poor corporate governance of human rights risks. Civil society advocates, investors, and regulators should expect and require companies to go beyond basic commitments and implement meaningful oversight, due diligence, and remedy. (See our corporate governance recommendations for companies and governments.) 

2019 RDR Index Governance category scores 

While the majority of companies evaluated—15 out of 24—disclosed a formal policy commitment to respect freedom of expression and privacy (G1), far fewer disclosed meaningful implementation. Only a third earned credit on indicators examining senior-level oversight over how policies and practices affect freedom of expression and privacy (G2), and of mechanisms to implement human rights commitments, including employee training and whistleblower programs (G3). Apple’s strong privacy-related policies and disclosures were undercut by its poor governance score, particularly in relation to freedom of expression, and contributed to its middling overall rank. 

Proactive due diligence: Given the scope and severity of potential human rights harms, companies must continually assess the potential human rights impacts of their business decisions, including choices to enter new markets, roll out new services, change how they handle user information, or establish new rules governing speech. The results from the 2019 Index show that companies’ due diligence is lacking: the average score on the indicator evaluating due diligence (G4) was just 25 percent. 

How comprehensive are companies’ human rights impact assessments?

Eight companies disclosed nothing about human rights due diligence. The data also highlighted the extent to which most companies fail to identify and mitigate risks associated with targeted advertising and automated decision-making: only three companies (Telefónica, Deutsche Telekom, and Microsoft) disclosed any information about risk assessments related to their use of automated decision-making technologies. None disclosed evidence of risk assessments related to targeted advertising policies and practices. 

Google’s relatively high levels of overall transparency about many policies and practices affecting freedom of expression and privacy kept it near the top of the RDR Index. However, its Governance score was notably lower than any other member of the Global Network Initiative, whose members commit to uphold principles of freedom of expression and privacy, particularly in relation to government surveillance and censorship demands. 

Google provided no evidence that it conducts human rights impact assessments in relation to its targeted advertising business model or the deployment of automated decision-making technologies. Nor did it provide clear evidence of board oversight over freedom of expression concerns within the company. 

Its governance gaps have played out in negative headlines: last August, The Intercept reported that Google executives were working on a secret plan to roll out a censored search engine in China, raising concerns that the company was forgoing its human rights commitments for a chance to re-enter a lucrative market. In April 2019, reports revealed that YouTube executives ignored evidence that its algorithms were facilitating the spread of toxic content on its platform, and failed to address the concerns raised by its employees. 

While Facebook received credit for due diligence around the launch of new products or services, it provided no evidence of conducting human rights impact assessments of its terms of service, targeted advertising business model or deployment of automation. In November 2018, Facebook published the findings from a targeted human rights impact assessment on its role in the violence in Myanmar.

It concluded that Facebook had not been “doing enough to help prevent our platform from being used to foment division and incite offline violence.” There is a clear need for Facebook to mitigate future risks in a comprehensive and systematic manner, and currently it is not disclosing enough information to conclude that these concerns are being prioritized. 

Looking ahead: Governance and oversight is by no means the only area where companies need to implement more effective mechanisms and increase transparency. Yet companies need to make governance a serious priority if they want to help make the internet a place that supports and sustains human rights. Full details can be found in the 2019 RDR Index report, the company report cards, and comprehensive data visualizations.

Laura Reed is Research and Engagement Manager at Ranking Digital Rights