ICT companies need to take human rights seriously

In June, Apple, AOL, Dropbox, Facebook, Google, Microsoft, PalTalk, Skype (Microsoft), Twitter, Yahoo! And YouTube (Google) were accused of allowing intelligence services to access their servers to retrieve data about users, through the monitoring programme (PRISM) endorsed by the Obama administration.

All over the world, companies in the Information & Communications Technology (ICT) sector face increasing government pressure to comply with domestic laws and policies in ways that may conflict with the internationally recognized human rights of freedom of expression and data privacy. In the last decade, ICTs, have opened new channels for the free flow of ideas and opinions, thereby promoting democracy and human rights. Companies’involvement in ensuring the respect of these rights is crucial.

The UN Guiding principles on Business and Human Rights do not leave this in any doubt: under the “Protect, respect and Remedy” Framework, it is not only States have the obligation to protect the human rights of their citizens, but also companies that have the responsibility to respect these rights.

The PRISM case shows that the extent to which a company protects customers’ private data (‘data privacy’), in addition to informing them of their rights and the companies’ own legal obligations in terms of providing information to legal authorities is becoming increasingly important. It is one of the main responsibilities for companies to ensure that the privacy of data exchanged in their networks is ensured.

Human rights violations, including violations of privacy of data, represent a reputation risk, given the strong media attention. Privacy breach cases can also expose the company to legal action, damage claims and fines. On the other hand, companies that adopt explicit and appropriate human rights principles and goals along with mechanisms for their implementation and reporting might be better prepared to prevent human rights abuses and to deal effectively with allegations of wrongdoing that may arise.

Awareness within ICT companies has grown, and interesting initiatives undertaken. The Global Network Initiative (GNI) has created a collaborative approach to protect and advance freedom of expression and privacy in the ICT sector. By signing the GNI’s principles, companies commit to respecting the human rights of freedom of expression and privacy.

The PRISM case shows that the corporate responsibility of preventing the violation of human rights and the privacy rights of company’s customers does not arise only in authoritarian regimes, but also in democratic countries. Companies must respect ‘the right to know’ of their customers and at least inform them in a clear and intelligible way that their communications can be observed and monitored by public authorities.

Fouad Benseddik, director of methodology & institutional relationships, Vigeo