Facebook is part of an industry-wide problem: lack of transparency about policies affecting users’ online rights
In the wake of Facebook’s data abuse scandal, civil society groups across the world are dissatisfied with explanations by the company’s CEO Mark Zuckerberg to the U.S. Congress, and with the company’s recent changes to some privacy policies and settings. Advocates are concerned not only about how the company uses and shares users’ information, but also about how Facebook polices and manages users’ speech and regulates information flows across its global platform.
As Global Voices Advocacy reported, human rights advocates from Vietnam recently wrote an open letter to Zuckerberg asking whether the company has a special censorship agreement “with a government known for cracking down on expression.” Groups in Sri Lanka called on Facebook to work more directly with them to better combat “gender-based violence and hate speech propagated through its platform.” Advocates from Myanmar cited a litany of concerns including “lack of a proper mechanism for emergency escalation, a reticence to engage local stakeholders around systemic solutions and a lack of transparency.” In the U.S., the Black Lives Movement demanded access to their data.
Unfortunately, poor transparency and inadequate stakeholder engagement about the impact of a company’s business on users’ human rights is by no means unique to Facebook. As the Ranking Digital Rights 2018 Corporate Accountability Index reveals, poor transparency is epidemic across the world’s most powerful internet, mobile, and telecommunications companies. Our annual benchmark of companies, whose products and services are collectively used by over half of the world’s 4.2 billion internet users, finds that most internet users are still being left in the dark about how their personal information is accessed and used, and how online speech is managed and policed. As a result, people do not have enough information to make informed choices as consumers or as citizens, exposing them to undisclosed risks. Even the highest-ranked companies such as Google, Microsoft, and Vodafone earn low scores on many disclosures.
Data protection: Despite Mark Zuckerberg’s claims that his company offers users high levels of transparency and control over their data, the 2018 Index found that Facebook disclosed less about how it handles user data than most of its U.S. peers, none of which earned satisfactory marks overall. Indeed all of the companies evaluated disclosed too little about how they handle users’ information. The worst performers were telecommunications companies.
On indicators examining the various ways that companies should disclose how user information is collected, used, shared, and retained, and how much control users are given, the highest-scoring telecommunications company (AT&T) received the same low transparency score as Facebook. The lowest scoring were Etisalat of the UAE and Ooredoo of Qatar, whose privacy policies are not public. A recent study of telecommunications companies across the Arab region by Lebanon-based NGO Social Media Exchange (SMEX), based on the Index methodology found that many companies evaluated did not even publish privacy policies.
Data security: Also alarming is the extent to which most companies withhold basic information about measures they take to safeguard users’ data from breach or theft, preventing users from knowing the risks they may face when using a particular platform or service. (Click here to read the full analysis)
Policing online speech: Index data also shows that companies do not adequately inform the public about how they police content on their platforms and services, or control access to service. In light of revelations that the world’s most powerful social media platforms have been used to spread disinformation and manipulate political outcomes in a range of countries, companies’ efforts to police and manage content lack accountability without greater transparency.
In many countries, our jurisdictional analysis found that corporate efforts towards transparency are blocked by national laws that forbid even basic transparency, such as disclosure of aggregate data about the volume and nature of requests received. The fact that telecommunications’ companies disclose little about how they handle government shutdown demands is partially attributable to regulation that runs counter to the public interest. Bharti Airtel, whose home country of India experienced 64 internet shutdowns across the country in 2017, discloses almost no information about how it responds to government shutdown orders.
Governance: Unfortunately, too few companies make users’ rights a central priority for corporate oversight and risk assessment.Companies do not have adequate processes to identify and mitigate the full range of potential harms to users that may be caused not only by official censorship or surveillance, and by malicious non-state actors, but also by practices related to their own business models. Notably, the only companies found to be carrying out relatively systematic and regular impact assessments, at least for how they should handle government censorship and surveillance demands, are members of the Global Network Initiative. (Companies scoring greater than 30 percent in the chart below are all GNI members)
These findings are a small sample of the 2018 Index results. For our full report with interactive data and analysis, company report cards, methodology, raw data and other resources for download please visit: https://rankingdigitalrights.org/index2018