In the five years since the UN Human Rights Council adopted the Guiding Principles on Business and Human Rights, human rights scrutiny of information and communication (ICT) companies has escalated significantly. More governments than ever are pressuring companies to censor content, network shutdowns have become disturbingly routine in many countries, and Edward Snowden’s revelations have undermined the credibility of Western governments and companies associated with the “internet freedom agenda.”
Just as significantly, companies’ own commercial interests and business models have major human rights implications. In his first report, UN Special Rapporteur on the right to privacy Joseph Cannataci warns, “The data available for the profiling of individuals is now in order of magnitude larger than it was in 1991-1992 and the extent of risks for privacy associated with the use or misuse of that data are not yet completely understood.” Company repositories of personal data provide a tempting target for state and non-state actors alike, from intelligence agencies to criminals. And company actions affect a wide set of rights beyond freedom of expression and privacy. Nominally well-intentioned initiatives to increase access to the internet, particularly through zero rating of selected content, have been widely criticised by global civil society for failing to safeguard user rights. Decisions that companies make about what content and behaviour does or does not violate their own terms of services have huge ramifications on individuals’ rights to assembly and association online. And although some companies are beginning to take new steps to respond to technology-related violence, especially against women, on their products, services and platforms, few explicitly consider this to be a human rights obligation.
For companies, loss of trust is an existential threat to business models. A recent survey covering 24 countries found only 30% of global citizens think governments are doing enough to keep personal information secure and safe from private companies, and a majority are more concerned about their online privacy than they were a year ago. Although some companies have responded to human rights risks through participation in multistakeholder accountability initiatives, or by increasing transparency reporting about government requests and lobbying to reform government surveillance, many companies in the ICT sector have taken little in the way of action to commit to respect human rights according to the Guiding Principles, or recognise their full range of impacts, negative and positive, on all human rights.
Against this backdrop, the debate on whether the Guiding Principles provide adequate corporate accountability for human rights abuses continues. In 2014, Ecuador and South Africa put forward a Human Rights Council resolution to establish an intergovernmental working group formed to discuss the creation of a legally binding treaty to regulate transnational companies under human rights law, which met for the first time in 2015. When weighing how to work with governments to hold companies accountable while also collaborating with companies to press against government overreach, civil society organisations must consider whether a global treaty process will contribute to or detract from other efforts to protect and respect the rights of users who face more threats from more governments and companies than ever around the world.
This issue paper takes stock of the implementation of the Guiding Principles in the ICT sector, using their three pillars to explore key issues, implementation gaps, and emerging best practices for technology companies. These are:
• The state responsibility to protect human rights
• The corporate responsibility to respect rights
• The need for access to effective remedy when rights have been violated.
A complete analysis of the impact of ICT companies on all human rights is beyond the scope of this paper, which focuses on some of the most salient rights impacted by companies, looking at both civil and political rights as well as economic, social and cultural rights. With its transformative potential to help advance human rights, the ICT sector should be driving global discussion about how best to achieve respect for human rights in the private sector. By taking stock of progress made thus far and implementation gaps, this report concludes with recommendations intended to provide a roadmap to move ICT sector risks and opportunities to the centre of the business and human rights debate.