Technology ("tech") companies have a recurring tryst with human rights. Each new technology can be a disruption to the way we live. The impact of these disruptions on human rights is the question of our times.
Over the last decade, tech companies have been increasingly battling controversies on issues such as censorship, data protection, digital security, protection against surveillance amongst others. Connected to these are vital rights of privacy and freedom of expression, recognised by seminal human rights instruments such as the Universal Declaration of Human Rights1 (UDHR) and the International Covenant on Civil and Political Rights (ICCPR).2 Recently, WhatsApp found itself embroiled in a legal battle in Indian courts over its privacy policy. This was preceded by a public outcry that caused many of its users to switch over to its competitors, Signal and Telegram. A question of privacy resulted in business loss and legal costs for the tech company.
Human rights posit a business risk to tech companies. In this article we will understand how and why human rights are critical for tech companies, from a business point of view.
Business and human rights in international legal instruments
Tech's contribution to human lives and its impact on human rights is widespread. The realisation of digital rights like access to internet, freedom of speech and privacy is primarily experienced through tech platforms. It is generally understood that the duty to protect human rights falls squarely on the State's shoulders. But, to assume that platforms' obligations to respect human rights end at the obedience of State laws would be misconceived.
Human rights principles are universally agreed norms and values, inherent to human life. The UDHR requires "every individual and every organ of society" to promote and respect human rights.3 The ICCPR recognizes that civil and political rights are derived "from the inherent dignity of the human person".4 In 2011, the United Nations Human Rights Council (UNHRC) passed the Guiding Principles on Business and Human Rights (UNGPs). Dubbed "Ruggie principles", the UNGPs are a brainchild of Prof. John Ruggie who served as the UN Special Representative for Business and Human Rights from 2005-2011. A powerful and dynamic tool, UNGPs have found universal acceptance with a diverse range of supporters, including businesses.5 The UNGPs categorically state, "The responsibility to respect human rights is a global standard of conduct for all business enterprises wherever they operate."6 In fact, the UNGPs recognise the concomitant role of the State and businesses in safeguarding human rights.
Pillar II, 'Respect', of the UNGPs provides a blueprint to the tech industry on adopting a pro human rights stance into their business models. To help implement the UNGPs in tech ecosystems, the UN Human Rights, Office of the High Commissioner launched the B-Tech Project in 2019.7
The B-Tech Project observes that the UNGPs' power lies in their potential to incite new ways of thinking. The UNGPs make space for new and innovative forms of collective action for all stakeholders. The principles also recognize the complementary role between the State and companies for the effective implementation of human rights frameworks in today's highly networked world.8
With a view to embed corporate sustainability into businesses value systems, the UN formulated ten principles that guide company strategies and policies, called the UN Global Compact.9 Principles 110 and 211 of the UN Global Compact, derived from the UDHR, call upon companies to respect and protect human rights. Similar to the UNGPs, the UN Global Compact also requires a policy commitment and conducting human rights due diligence as an ongoing process. They caution against complicity in human rights violations by other actors in their business engagement.
The Organization for Economic Cooperation and Development (OECD) too has formulated guidelines for multinational enterprises on responsible conduct of businesses. These guidelines cover principles of human rights including consumer interests and responsible use of science and technology.12 Similarly, the World Economic Forum (WEF) in its white paper on the responsible use of technology underscores the foundational value these universal principles of human rights hold for implementation of disruptive technologies responsibly.13 Like the UNGPs, the OECD and the WEF underscore a synergistic relationship between the State and companies in evolving an effective human rights framework.
Implementing the UNGPs
In an attempt to implement the UNGPs, 29 States published their National Action Plans (NAPs) for businesses and human rights. 15 States address data protection and privacy under their NAPs while 14 identify the need for regulating technology to protect rights arising from the use of information and communication technology (ICT).14 Notably, Germany mentions neither data protection/privacy, nor ICT in its NAP. The UK NAP states that companies must "ensure respect for the privacy of individuals" under the Data Protection Act of 1998.15 In 2016, the UK updated its NAP to include efforts on strengthening international rules on digital surveillance and human rights risks in cyber security exports.16 The USA recognises the importance of responsible business conduct in the ICT sector and promotes State led efforts in developing a mechanism to document and publicise best corporate practices.17
Indian policy makers too have formulated guidelines to assist businesses in conducting their operations with human rights in mind. In February 2019, the Indian Ministry of Commerce and Industry published its zero NAP draft for comments from stakeholders, which made only passing references to the right to privacy and freedom of speech.18Commentators critique that India's NAP should address the impact of technology companies on human rights, especially in a gig economy.19 In 2011, the Ministry of Corporate Affairs released the 'National Voluntary Guidelines on Social, Environmental and Economic Responsibilities of Business'.20 A set of 9 principles, these guidelines promote inclusivity, transparency and accountability in business operations. Principle 5 of these guidelines mentions the need for businesses to respect human rights. These policies complement India's robust human rights regime incorporated in its Constitution and national laws.21
Tech companies and human rights
In an era of heightened public criticism and increased state intervention, tech companies walk a tight rope on balancing human rights and business interests. Cambridge Analytica dealt a severe blow to Facebook's reputation on privacy.22Not long ago, Yahoo was sued in a US federal court for complicity in persecution of Chinese human rights activists by sharing their data with the government.23 Social media companies often battle questions of censorship and free-speech over blocking user content.
For tech companies, human rights harms can be a business risk, and conversely, a good record on human rights can also be a competitive advantage. Any accusation of a violation of rights is seen as a breach of trust and erodes user confidence in the company. Research conducted by B-Team, an organisation that works on accountability in business, shows that limits on important civic freedoms are linked to negative economic outcomes. It strongly advises companies to "develop, implement and monitor corporate policies that factor in civic freedoms as a core company value".24
Tech companies are held accountable by the State, company stakeholders such as investors , digital rights organisations and the society/community. Companies must be cautious and diligent while entering business arrangements, with both private and State parties. Principle 2 of the UN Global Compact advises companies of alertness to complicity in violation of human rights.25 For instance, not only should tech companies ensure best efforts on data protection and privacy in their use of collected data, but they must also be vigilant on its use by other business partners when the data is shared with them.[Ikigai4]
The internalisation of a human rights framework in a company's business process will also reflect in the way it approaches product or service development. Privacy rights and the freedom of expression can be reflected in the design of digital products. The UN Special Rapporteur for the Right to Privacy advocates the embodiment of "effective technical safeguards" in the form of encryption to protect privacy, thereby ensuring privacy by design.26 In fact, the European Union's General Data Protection Regulation, under Article 25, talks about data protection by design and by default. This goes with the belief that data is best protected when the safety is integrated into the technology from the very beginning.27 Similarly, India's Personal Data Protection Bill 2019 requires to publish a policy on privacy by design.28
Rikke Frank Jørgensen, a senior researcher on tech and human rights, observes that companies often view their human rights obligations as safeguarding their users from government overreach.29 Thus, they often overlook their own impact on human rights. For example, social media companies have been accused of censorship when taking down content on their own or on the State's request. In a 2011 report, the then UN Special Rapporteur on the Freedom of Expression said, "given that intermediaries may still be held financially or in some cases criminally liable if they do not remove content upon receipt of notification by users regarding unlawful content, they are inclined to err on the side of safety by over censoring potentially illegal content."30
Companies often walk a tight rope when it comes to protecting human rights. It is an obligation to be exercised with due care and caution. This requires a well-informed company policy and motto. Given the changing socio-political circumstances, a smooth response to emerging scenarios is only possible through a robust company policy on human rights.
What will a human rights framework look like?
A robust policy on human rights is key to conducting an effective and responsive human rights due diligence exercise. To users and other stakeholders, it reflects a company's business ethics and goes to the very core of the company's identity. A company's policy has a direct impact on its engineering culture and approach to algorithmic governance. This ensures securing human rights compliance throughout the lifecycle of the product.
In the event of any controversy, policies strongly supporting human rights will help a company gain legitimacy in the public eye and develop a foothold to mitigate any human rights risk. Thus, in terms of public relations, a human rights policy acts as a preventive mechanism against potential media backlash. It reflects the bona fide intentions of a company and informs all stakeholders of its business and ethical values. For instance, after the backlash against WhatsApp's changes to its privacy policy, the company had to release explainers and advertisements to reassure its users on privacy. Continuous engagement with users and stakeholders through transparent mechanisms will build trust, resulting in sustainable value creation. Conducting human rights due diligence exercises is critical to building and maintaining stakeholder trust.
There may be occasions when the company stands at the crossroad of risks of action and inaction. Such circumstances warrant responsible examination of the risks. However, short-sighted cost benefit analyses should not deter companies from standing on the right side of history, advises the World Economic Forum. It is in every company's best interest to ensure the protection of the shared digital space and to foster a healthy digital environment for business. [31]Companies should take all reasonable measures to prevent and address human rights harms, starting with securing a human rights policy in place. Since there is no one-size-fits-all solution for response actions, international law principles or national laws serve as a guiding light to resolve complex situations.
In the next article in this series, we will discuss how companies can incorporate human rights as a part of their corporate governance mechanisms. Future articles will look into the intricacies of human rights due diligence exercises and understand grievance redressal by companies.
Footnotes
1 Article 12 of the UDHR recognises the right to privacy and Article 19 speaks about freedom of expression; <https://www.un.org/en/about-us/universal-declaration-of-human-rights> accessed 29 June 2021.
2 ICCPR protects right to privacy under Article 17 and freedom of speech under Article 19; <https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx> accessed 29 June 2021.
3 Preamble of Universal Declaration of Human Rights <https://www.un.org/en/about-us/universal-declaration-of-human-rights > accessed 29 June 2021.
4 International Covenant on Civil and Political Rights, "Preamble", < https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx> accessed 19 July 2021.
5 B Tech, "The UN Guiding Principles in the Age of Technology" (2020) <https://www.ohchr.org/Documents/Issues/Business/B-Tech/introduction-ungp-age-technology.pdf> accessed 29 June 2021.
6 Principle 11 of Pillar II <https://www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf> accessed 29 June 2021.
7 B-Tech Project <https://www.ohchr.org/EN/Issues/Business/Pages/B-TechProject.aspx> accessed 29 June 2021
8 B Tech, "The UN Guiding Principles in the Age of Technology" (2020) <https://www.ohchr.org/Documents/Issues/Business/B-Tech/introduction-ungp-age-technology.pdf> accessed 29 June 2021.
9 UN Global Compact, "The Ten Principle of the UN Global Compact" < https://www.unglobalcompact.org/what-is-gc/mission/principles> accessed 29 June 2021.
10 Principle 1 of UN Global Compact states "Businesses should support and respect the protection of internationally proclaimed human rights" <https://www.unglobalcompact.org/what-is-gc/mission/principles/principle-1> accessed 29 June 2021.
11 Principle 2 of UN Global Compact states "Businesses should make sure that they are not complicit in human rights abuses" < https://www.unglobalcompact.org/what-is-gc/mission/principles/principle-1> accessed 29 June 2021.
12 OECD, "Guidelines for Multinational Enterprises" (2011) <https://www.oecd.org/daf/inv/mne/48004323.pdf> accessed 29 June 2021.
13 WEF and BSR, " Responsible Use of Technology" (White Paper, Aug 2019) <http://www3.weforum.org/docs/WEF_Responsible_Use_of_Technology.pdf> accessed 29 June 2021.
14 https://globalnaps.org/country/
15 United Kingdom, "National Action Plan" (2011) <https://globalnaps.org/wp-content/uploads/2017/11/uk-2013-nap-bhr.pdf> accessed 29 June 2021.
16 United Kingdom, "National Action Plan" (2016) <https://globalnaps.org/wp-content/uploads/2017/11/uk-2016.pdf> accessed 29 June 2021.
17 https://2009-2017.state.gov/e/eb/eppd/csr/naprbc/265706.htm
18 Ministry of Commerce, "National Action Plan" (Zero Draft, 2019) < https://mca.gov.in/Ministry/pdf/ZeroDraft_11032020.pdf> accessed 29 June 2021.
19 N Agarwal, "India's Business and Human Rights National Action Plan" (Institute of Human Rights and Business, 14 April 2020) <https://www.ihrb.org/other/governments-role/commentary-indias-national-action-plan> accessed 29 June 2021.
20 Ministry of Commerce, "National Voluntary Guidelines on Social Environmental and Economic Responsibilities of Business" (2011)
<https://www.mca.gov.in/Ministry/latestnews/National_Voluntary_Guidelines_2011_12jul2011.pdf> accessed 29 June 2021.
21 With respect to ICT, refer Article 19 and Article 21 of Indian Constitution. Also refer to Information Technology Act 2000, Personal Data Protection Bill 2019, Labour Codes 2020.
22 Meredith, "Here's everything you need to know about the Cambridge Analytica scandal" (CNBC, 21 March 2018) < https://www.cnbc.com/2018/03/21/facebook-cambridge-analytica-scandal-everything-you-need-to-know.html> accessed 19 July 2021.
23 Business and Human Rights Resources, "Yahoo! Lawsuit (re China)" (1 April 2007) < https://www.business-humanrights.org/en/latest-news/yahoo-lawsuit-re-china/>accessed 19 July 2021.
24 Hogg and Hodess, The Business Case for Protecting Civic Rights" (B-Team, October 2018) <https://bteam.org/assets/reports/The-Business-Case-for-Protecting-Civic-Rights.pdf> accessed 29 June 2021.
25 UN Global Compact, "Principle 2" < https://www.unglobalcompact.org/what-is-gc/mission/principles/principle-1> accessed 29 June 2021.
26 J A Cannataci, "Report of Special Rapporteur on the right to privacy" (HRC, 8 March 2016) <https://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session31/_layouts/15/WopiFrame.aspx?sourcedoc=/EN/HRBodies/HRC/RegularSessions/Session31/Documents/A-HRC-31-64.doc&action=default&DefaultItemOpen=1> accessed 29 June 2021.
27 General Data Protection Bill. "Privacy by Design" < https://gdpr-info.eu/issues/privacy-by-design/> accessed 15 July 2021.
28 Section 22, Personal Data Protection Bill 2019 < http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf>
29 R F Jørgensen, "Right Talk: In the Kingdom of Online Giants", in R F Jørgensen (eds), Human Rights in the Age of Platforms (MIT Press, 2019) < https://direct.mit.edu/books/book/4531/Human-Rights-in-the-Age-of-Platforms> accessed 29 June 2021.
30 F L Rue, " Report of Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression" (HRC, 16 May 2011) <https://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf> accessed 29 June 2021.
31 WEF, " 5 Ways Businesses Can Backup Human Rigjts Defenders" (WEF, 16 Jan 2019) <https://www.weforum.org/agenda/2019/01/5-ways-businesses-can-back-up-human-rights-defenders/> accessed 29 June 2021.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
