Issuu on Google+

Enhancing Internet freedom and human rights through responsible business practices


Why we bother


Background – setting the scene


Paving the way ahead


Corporate responsibility – the ally of human rights and freedom of expression


Enhancing Internet freedom and human rights through responsible business practice


Challenges for the ICT sector


What guidance do businesses need and what has emerged?


What can States do to encourage businesses to operate within a human rights framework?


What can companies do to further the right of freedom of expression and transparency?


Key issues for collective action


Appendix I – quotations 29 Appendix II – human Key resources Produced by: Ministry for Foreign Affairs Design: Blomquist Cover photo: Gates Foundation Printed by: TMG Stockholm, April 2012 Article number: UD 12.015 ISBN: 978-91-7496-449-3

rights due diligence 30


Endnotes 33

WHY WE BOTHER The events in the Middle East and North Africa in 2011 demonstrated the important role of the Internet in mobilising people to demand justice, equality and human rights. The Arab Spring spread fast to Egypt, Libya, Yemen, Bahrain, Syria and other Arab countries. Within less than a month, Tunisia’s Ben Ali was forced to step down and flee, and in Egypt one month later, Hosni Mubarak was forced to resign. These developments instilled fear in the authoritarian leaders in the region, especially as the riots spread so quickly. What made this possible was access to information technology. One of the demonstrators in Cairo said: “We use Facebook to schedule the protests, Twitter to coordinate and YouTube to tell the world.” Social media and the Internet have not created the demonstrations, but they have played a key role in spreading protests and gathering the masses. This ultimately led to Mubarak’s decision to simply shut down the Internet in Egypt. But with the fixed telephone network up and running, people could use the old dial-up modems to communicate and organise protests. 3

The prerequisite for using social media was a functioning network. And for this we should thank industry technology providers. Internet freedom is crucial to the struggle for democracy and freedom, and therefore crucial to protect. The impact of the information and communications technology (ICT) industry on society is undeniable. Decisions are made every day by companies that have an impact at home and abroad. It is therefore crucial that companies are involved in the debate on how internet freedom can be achieved. The ICT sector is playing an increasingly important role in the international marketplace. Today multinational enterprises include a range of business arrangements and organisational forms. Boundaries are blurring. Strategic alliances and closer relations with suppliers, contractors and business partners are evidently also changing how businesses need to behave. At the same time there is a need for clear guidance on responsible business practices, i.e. on corporate social responsibility (CSR). This includes respect for human rights in general, and freedom of expression and the right to privacy, specifically. The goal of CSR is to encourage corporate selfregulation and monitoring to ensure that business are in active compliance with international norms, including respect for human rights, labour rights, and the environment and corruption prevention. In May 2011 the revised OECD Guidelines for Multinational Enterprises were adopted. Essentially, they are recommendations for companies to enhance competitiveness in areas such as environmental consideration, workers’ rights, human rights and anti-corruption. Together with the UN framework and guid­-­ ing principles for business and human rights, the Guidelines form the basis of CSR, and the update now includes new recommendations on Internet freedom. In my capacity as Swedish Minister for Trade, I have been driving this issue and working collaboratively with companies to increase freedom and openness on the Internet. In this way, Sweden has succeeded in strength­ening global CSR efforts to include Internet freedom, which was also highlighted by US Secretary of State Hillary Clinton at the 2011 OECD Ministerial Council Meeting. 4

Internet freedom is also important for competition and international trade. Openness promotes economic growth. An open trade agenda needs to be linked to the responsibility of corporations to act in ways that do not undermine or violate human rights such as freedom of expression or the right to privacy. Companies can have a positive impact on enhancing Internet freedom through responsible business practice. If we focus on making commitments and creating favourable conditions for trade, both bilaterally and multi足laterally, economic and competitive advantages are likely to follow. Internet freedom is a priority of the Swedish Government. Freedom is the mother of innovation and entrepreneurship. To promote innovation and communication, infrastructures should be interoperable and standards should be open. Overregulation in any area will hamper development. Online freedom that has so far been the standard has likely contributed to a dynamic and rap足 idly evolving economy. It is in our interest to ensure that efforts to promote Internet freedom do not lead to overregulation. Sweden will never stop fight足 ing for a free and more transparent and liberal world.

Dr Ewa Bj旦rling Swedish Minister for Trade


Background – setting the scene The events in the Middle East and North Africa region in 2011 demonstrated the important role the Internet has played in helping to mobilise people to demand justice, equality and human rights. Internet freedom requires taking steps both in terms of policy and action. An open and secure Internet offers 1 economic benefits ; governments are keen to benefit from it and businesses to profit from it. As US Secretary of State Hilary Clinton pointed out, the role of the Internet is broad in terms of the enjoyment of a range of fundamental freedoms and 2 rights . The businesses involved in information and communications technology (ICT) have a particular, specific, and important role to play in respecting human rights and encouraging governments to play their role responsibly.


Sweden, taking the lead to promote voluntary codes of conduct applicable to the whole ICT industry, held a first discussion on enhancing Internet freedom through responsible business practices in November 2011. Minister for Trade Ewa Björling hosted a roundtable to help companies explore the specific challenges the ICT sector faces in making informed decisions while recognising 3 the importance of human rights around the world and on the Internet : This roundtable was an outcome of the revision of the Global Guidelines for 4 Responsible Business Practice and brought together a select group of leaders of international companies and the technology community, including the Global Network Initiative. It explored the following questions: • What kind of guidance do companies need to respond to the difficulties they are exposed to when operating in difficult markets? • What can States do to support businesses to respect freedom of speech? • What can ICT companies themselves do to support transparency and freedom of expression? To protect a free and open Internet, including online freedom of expression, we need further clarification of some fundamental points. An outcome of the November 2011 roundtable was the need for continuous dialogue with companies on this emerging issue. The Swedish Government has been working with relevant organisations across a range of human rights issues, including the responsibilities of ICT companies. The Institute for Human Rights and Business is supported and makes a valuable contribution in this field of expertise. The Global Network Initiative (GNI) is a collaboration partner for enhancing ICT business practice to promote Internet freedom. Additional support is also given to other relevant NGOs working towards human rights principles for the business community.



Paving the way ahead This paper aims to stimulate collective action in relation to protecting and enhancing human rights, focusing on the freedom of expression on the Internet through responsible business practices. It lays out the challenges and opportunities involved in paving the way ahead. It draws on existing work, looks at some dilemmas the ICT sector faces and the guidance already available to businesses. This paper also feeds into the discussion begun at the first 5 Stockholm Internet Freedom Forum for Global Development .


Photo: Hossam el-Hamalawy

The paper concludes by presenting three main areas where continuous efforts in 2012 are essential, and what the respective roles of States and businesses could be.


Companies providing the technology that forms the backbone of the Internet


Corporate responsibility – the ally of human rights and freedom of expression The ICT sector has often been perceived as an ally of freedom of expression and human rights. Telephones and cellular technology connect people and businesses; the Internet opens up a new world of information, education and entertainment for people and businesses, enabling exchanges, debates, arguments, discussions, negotiations and resolutions. As the historic developments in the Middle East and North Africa region since the Arab Spring have shown, wireless technologies such as cellular telephones and the Internet itself have helped forge campaigns leading to political change6. At the same time, some companies providing the technology that forms the backbone of the Internet, some companies writing software that drives the tools, and some companies running the networks have provided tools and technologies to governments that can help establish surveillance, enabling governments to monitor dis7 sident activity in order to curb it . Some companies say they have been forced to be complicit, whereas others have actively marketed their products to governments that suppress freedom of expression. 10

Photo: Rouelshimi

Many companies have experienced incidents in foreign markets where governments have put strong pressure on them to cooperate with the State in order to silence political dissent. The ways in which they are forced to cooperate may not be permissible in their home States and may even conflict with international law. They may include instructions to provide access to individual users’ data, requests to censor content or to suspend services temporarily. The ICT sector has already started to respond to the challenge. Several Internet-based companies, civil society organisations, academic communities and other experts have come together to help companies understand their responsibilities and that complying with government requests can undermine human rights. Some individual companies have firmly defended their position in the face of what they consider to be unreasonable requests from the State. But many companies operate with only their own policy framework to guide them. 11

Our ambition is to strengthen the enjoyment of freedom of expression online

Enhancing Internet freedom and human rights through responsible business practice Governments and ICT companies need good guidance, based on interna­ tionally accepted standards, and some degree of political consensus to fashion responses to these challenges. Sweden has taken the lead in encouraging and facilitating cooperative efforts by the private sector to take action against illegal activity on the Internet. Sweden is committed to safeguarding human rights on the Internet and acts on this commitment. Our ambition is to strengthen the enjoyment of freedom of expression online. We believe that participation by companies is a prerequisite for making real progress on relevant global issues such as Internet freedom. In 2011 the UN Human Rights Council unanimously welcomed a policy frame­ work developed by the UN Secretary-General’s Special Representative on busi­ness and human rights, Professor John Ruggie. The UN framework Protect, Respect, Remedy sets out State duties and corporate responsibilities with regard to all internationally recognised human rights, applies to all enterprises, across 12

Photo: BEE FREE – PGrandicelli (the social bee)

company operations and through relationships with third parties. Sweden has been a supporter of the UN mandate and is now working to encourage the implementation of the guiding principles for human rights and business. Further, in the UN Human Rights Council in June 2011, forty States delivered a cross-regional statement on freedom of expression and the Internet. The statement welcomed a report by the UN Special Rapporteur on Freedom of Expression, Mr Frank La Rue, in which the applicability of human rights on 8 the Internet was explored . The ICT sector is extremely diverse. It comprises hardware – such as transmission towers, instruments and equipment, servers, cables and other infrastructure – as well as software, including technologies that build the architecture of the World Wide Web (and newer manifestations, e.g. networks and the ‘cloud’). This diversity makes it difficult to generalise about the sector and focus on a single set of issues. As with other industries, companies from all around the world are active in the ICT sector, making a geography-focused strategy less effective and a universal approach necessary. 13

Challenges for the ICT sector Technology’s multiple uses The use of technology can have positive and negative impacts. While it allows people to connect with one another at a speed and scale unimaginable a generation ago, and with a degree of anonymity, it also creates new possibilities to commit crimes. The private sector has played a significant role in creating the architecture of the Internet and, unlike other public goods, it ‘owns’ much of the Internet. Companies have created the technology: they run it, market it, 9 provide access to it, and to a great extent, regulate it . The sector sets its own rules about the volume and kind of traffic it permits within the infrastructure it owns. A product might be used in ways not intended by its creator or manufacturer. Companies have legitimate concerns and many have safeguards to prevent abuse. Due diligence can help mitigate risks. But governments have legitimate security needs, and technology developed to track consumer behavior can be used to track an individual’s movements. While human rights groups acknowledge the Internet’s positive role in promoting free speech and protecting human rights, and its instrumental role in enabling popular uprisings in many parts of the world, serious concerns remain.

Responding to governments’ requests Governments have taken steps to suppress political dissent by restricting access to the Internet, imposing censorship, prosecuting individuals, forcing 10 companies providing Internet access to intercept private communication , and requiring companies to censor content on the Internet on their behalf.


Some companies now publicly report the requests they receive from governments to remove content and the steps they have taken in response; others have complied, often without any transparency. In many instances, users do not even know that governments are monitoring such activities. Some compa11 nies have their own policies about what can be said on their services. Companies have exposed themselves to the risk of being complicit with au­ thoritarian governments that have enabled unjustified surveillance, censorship, monitoring, trials, and arrests. New software programs empower security services with tools that allow them to monitor people who might be forming a group to demand social or political change. This has a direct impact on the human right to participate in political processes. Companies might respond to such demands from governments in an ad hoc manner. Some companies do not have policies in place for dealing with unreasonable requests from governments, but usually seek legal advice. While lawyers may be good at assessing legal implications, civil society groups argue that they do not always take sufficient account of the human rights impact of their actions. Sometimes companies are forced to hand over data in a way that violates human rights, which may have serious consequences for the individuals involved. Companies need to be transparent about their activities. All governments, including democratic ones, request companies to hand over data. However, this might in certain cases reach such a level that the question arises whether companies should leave the country. From a company’s perspective, this is never easy. In many cases companies have responsibility, or the duty of care, for their own staff located in that country. Some companies operate in their own country and are not multinationals that can pack up and leave. Company executives have the fiduciary responsibility to protect their assets.


Information and communication technologies (ICT) are in­creasingly essential for the realisation of many human rights. But the dilemmas for the industry include: • Supply chain issues: ‘conflict minerals’ and labour conditions • Revealing the identity of users • Censoring content governments deem unlawful • Switching off the network during an emergency • Cooperating with lawful intercepts • Enabling the transmission of unlawful incitement to violence and other inflammatory messages • Breaching privacy • Aiding and abetting the State in abusing rights • Succumbing to state pressure • Cutting off support to whistle-blowing websites • Restricting freedom of expression


Conflicting jurisdictions pose a challenge The global business environment has changed. There is increased pressure on companies to ensure that they maintain control over their operations so that their conduct or practices do not infringe on the human rights of others. Companies, particularly multinationals operating in other jurisdictions, need to interpret government requests – disclosure of anonymous data, lawful intercepts, removing data, and so on – to minimize negative impact. They should respect human rights and might therefore need to resist efforts to shut down services or to block access. The lack of agreement and, in some cases, an outright clash of laws – local, national, and international – can pose a real problem for businesses. Some industries that have experienced this have developed mechanisms to deal with it through other multi-stakeholder initiatives. Companies should be reminded of their responsibilities and should not use regulations as an excuse to comply with requests that violate human rights. Uncertainty increases when a company tailors its products for providers of services and goods that have end-users in another country. Some companies openly offer surveillance tools. Others provide electronic equipment to cell phone and Internet service providers that can have dual use. Clearly, there is a business risk for companies. If a company refuses to comply with unreasonable requests, it may face financial consequences. It is therefore important that intermediaries such as Internet Service Providers are not held liable for infor12 mation passing through their networks or services without their knowledge .

Intermediaries should not be held liable for information

” 17

What guidance do businesses need and what has emerged? Clearly, there is no silver bullet; collective action is the way forward.

The Global Network Initiative The Global Network Initiative (GNI) is one example of collective action, draw­ing on the advantage multi-stakeholder alliances offer. GNI has created a publicly available set of Principles and Implementation Guidelines based on international human rights standards to guide company decision-making on issues related to freedom of expression and privacy. The Principles and Guide­ lines were developed by companies, civil society organisations (including human rights groups), investors and academics. Professor John Ruggie’s team at the UN who led the development of the Guiding Principles were observers during the development of GNI’s Principles and Guidelines. Companies that join GNI commit to a process of independent assessment on their implementation of the Principles to assure stakeholders of the steps they are taking. GNI also engages on policy issues relating to freedom of expression and privacy around the world. 18

GNI provides a forum for its members to understand the human rights implications of their actions, analyse the context in which they operate, and harness individual and collective strength to push for greater protection of human rights online. Such efforts need greater support, and the principles deserve wider dissemination by companies from all parts of the world.

The UN Framework for Business and Human Rights It is in this context that the new UN framework for business and human rights is crucial. The ‘Protect, Respect, Remedy’ Framework on Business and Human Rights and its Guiding Principles for States and businesses were unanimously endorsed by all members of the Human Rights Council in June 2011. It pro­ vides the basis for how ICT companies should proceed and global standards for preventing and addressing the risk of adverse impacts on human rights linked to business activity. It sets out where States have the duty to protect rights and where businesses have the responsibility to respect rights; where protection 13 gaps exist, there is a need to remedy . Companies should also demonstrate how they respect human rights through a thorough process of due diligence.

Global guidelines for responsible business practice The newly revised OECD Guidelines on Multinational Enterprises incorpo­ rates this same ‘Protect, Respect, Remedy’ framework and especially encourages all business enterprises to “support, as appropriate to their circumstances, cooperative efforts in the appropriate fora to promote Internet Freedom through respect 14 of freedom of expression, assembly and association online” . This heralds a new frontier in the respect of human rights: Internet freedom can be seen as an essential technology for facilitating a number of ‘enabling’ rights which in turn allow a broad range of human rights to be enjoyed. Important work lies ahead to develop concrete recommendations on how these Guidelines should serve as a tool – not only for the ICT sector but for businesses in general – to enhance responsible business practice. This work needs to be carried out in a multi-stakeholder manner including dissemination and practical implementation of the Guidelines. 19

Forthcoming guidance initiated by the European Commission A multi-stakeholder process will be led by the European Commission to develop human rights guidance for the ICT sector to be published by the end of 15 2012 . This will make a valuable contribution to clarifying the responsibilities of ICT companies not just within the European Union but also worldwide. The work will build on the progress made by all existing initiatives, in particular GNI. The forthcoming guidance on human rights due diligence will need to be linked to the OECD Guidelines for Multinational Enterprises. In particular, further work is needed on how to guide States, businesses and other stakeholders in promoting Internet freedom. The work initiated by the European Commission is therefore both timely and resource-efficient.

� 20

Important work lies ahead to develop concrete recommendations


Photo: Wayne Marshall


What can States do to encourage businesses to operate within a human rights framework? States have the legal obligation to respect, protect and fulfill the human rights set out in the international human rights conventions they ratify. Similar responsibilities, though usually not legally binding, result from human rights declarations and other similar political commitments States make. The obligation of States to respect human rights also includes an obligation to protect individuals and groups of individuals against human rights abuses by third parties, including business enterprises. Their obligation to fulfill human rights means that States must take positive action to facilitate the enjoyment 16 of basic human rights . The possibility of a gap between users’ and civil society’s expectations and business’s understanding of its responsibilities will always remain. There is a need for greater consensus politically and within the industry to work on this agenda. Multi-stakeholder initiatives are one way forward. States should implement the UN Framework on Human Rights and Business unanimously endorsed by the UN Council in June, 2011. Further work is needed towards capacity building and dissemination on a global scale. Furthermore, 22

Photo: United Nations Development Programme

the OECD Guidelines provide concrete recommendations to companies on a wider scale of responsible business practice. States adhering to the Guidelines make a binding commitment to implement them. If disseminated globally, the Guidelines have great potential to level the playing field and put pressure on States and businesses to work towards implementation of the Guidelines. The Guidelines also have a unique mechanism for implementation, i.e. the National Contact Points (NCP). This mechanism should be further leveraged for collaboration between all relevant stakeholders including States and businesses. 23

What can companies do to further the right of freedom of expression and transparency? The responsibility to respect human rights exists over and above legal compliance, constituting a global standard of expected conduct applicable to all businesses in all situations. It therefore also exists independently of the enterprise’s 17 own commitments with regard to human rights . Governments committed to protecting freedom of expression would benefit from working together and approaching problematic contexts jointly. Likewise, companies in a similar situation would benefit from working together and making joint representations to governments. These initiatives should be universal and include companies and governments from all regions of the world. Working in partnership with relevant NGOs could add valuable input. Companies are encouraged to stay in touch with their own governments and make joint representations to host governments when “unreasonable� requests are made. 24

Several telecom companies have come together to develop a framework drawn from the UN Guiding Principles, namely the “Telecommunications Industry Dialogue on Freedom of Expression and Privacy�18. This implies dialogue with all external stakeholders, including governments, NGOs and other companies in the telecom sector. The Industry Dialogue has been developed based on the UN framework efforts to respect human rights, including the freedom of expression and right to privacy. Together, these companies are to develop common principles to be supportive when a regime makes unreasonable demands to intercept or track subscribers – or even close the door to the Internet. These companies are also collaborating to identify how they can respond to and respect freedom of expression and privacy, even in countries where democracy has not yet been established. This Industry Dialogue has had a hands-on exchange of information with GNI ( formed by Internet companies to benefit each other. Telecom companies believe that the realities they face are different from the operational realities of Internet companies. Telecom companies, for example, have significant staff presence and physical assets on the ground, unlike Internet companies. The experience of telecom companies shows how requests from law enforcement officials can pose real challenges. Telecom companies are now exploring the UN Framework and intend to develop due diligence measures that support the right to privacy and freedom of expression in line with UN guidelines. They hope to strengthen policies and practices, address privacy and other challenges, and work on a common platform.


From the corporate perspective, it is understandable that companies within a sector wish to group together. For the user, all companies – telecom, Internet service providers, software developers, providers of surveillance technology – are the same when it comes to infringement of users’ rights. This underscores the need for a common framework drawn from the UN Guiding Principles. Companies face several questions: • When a particular technology can have dual or multiple uses, to what extent can the company be aware of these various uses? • Can companies include human rights clauses in their maintenance and service agreements? Can they exercise some control over product use after the sale? • How transparent should companies be? • How inclusive should companies be when they develop multistakeholder frameworks? Can companies refuse to comply with domestic laws that run counter to international human rights standards? That question is not unique to the ICT sector. Many others have dealt with it: apparel manufacturers who have to deal with concerns about child labour, oil and gas companies with regard to their relationship with security forces, countries where bribery is an accepted business practice, and so on. Companies should adhere to standards and principles rooted in internationally recognised human right norms such as the UN Framework on Human Rights and Business and the OECD Guidelines for Multinational Enterprises. They should also create their own human rights based framework and due diligence process for assessing the impact on human rights that their business decisions may have (see Appendix II for human rights due diligence questions to be asked).


Multi-stakeholder engagement in these issues is important and companies should seek to engage both governments and civil society in dialogue. At the same time, companies also need to consider the potential impact of their business on human rights other than freedom of expression. In order to meet their responsibility to respect human rights, business enterprises should have in place policies and processes appropriate to their size and 19 circumstances, including : a. A policy commitment to meet their responsibility to respect human rights; b. A human rights due diligence process to identify, prevent, mitigate and account for how they address their impacts on human rights; c. Processes to enable the remediation of any adverse human rights impacts they cause or contribute to.

As the basis for embedding their responsibility to respect human rights, business enterprises should express their commitment to meet this responsibility through a statement of policy that20: a. Is approved at the most senior level of the business enterprise; b. Is informed by relevant internal and/or external expertise; c. Stipulates the enterprise’s human rights expectations of personnel, business partners and other parties directly linked to its operations, products or services; d. Is publicly available and communicated internally and externally to all personnel, business partners and other relevant parties; e. Is reflected in operational policies and procedures necessary to embed it throughout the business enterprise.


Key issues for collective action To support cooperative efforts between all relevant stakeholders to promote Internet freedom through respect for freedom of expression and privacy the following three tasks are essential for the work ahead: 1 Identifying areas where human rights face the greatest risks; understanding how different technologies and business practices impact human rights; and developing steps to eliminate or minimise negative impacts. 2 In parallel with promoting responsible business practice for human rights, state-to-state dialogue on the responsibility to protect human rights through respect for freedom of expression and right to privacy should be stepped up. 3 Establishing multi-stakeholder fora on the ground (e.g. MENA region) to address regional and sector-specific key questions. Disseminating and capacity building around existing frameworks and principles. Work towards linking initiatives and actors for a joint effort in enhancing Internet freedom through responsible business practices.

� 28

Cooperative efforts between all relevant stakeholders to promote Internet freedom


Appendix I – quotations What we do today to preserve fundamental freedoms online will have a profound effect on the next generation of users. More than two billion people are now connected to the internet, but in the next 20 years, that number will more than double. And we are quickly approaching the day when more than a billion people are using the internet in repressive countries. The pledges we make and the actions we take today can help us determine whether that number grows or shrinks, or whether the meaning of being on the internet is 21 totally distorted . Human rights are universal. Cultural differences are not an excuse to water down human rights, nor can the exploitation of digital networks by a minority of criminals or terrorists be a justification for states to censor their citizens. We reject the view that government suppression of the internet, phone networks and social media at times of unrest is unacceptable. In fact, we would go further and boil this concept down to a single proposition: that behaviour that is unacceptable offline is unacceptable online, whether it is carried out by 22 individuals or by governments . Technology companies play an increasingly important role in enabling and supporting the end user’s capacity to exercise his or her rights to freedom of speech, access to information, and freedom of association. ICT companies should respect those rights in their operations and also encourage governments to protect human rights through appropriate policies, practices, legal protections, and judicial oversight23. The internet has become a key means by which individuals can exercise their right to freedom of opinion and expression, as guaranteed by article 19 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. [But] in many instances, States restrict, control,


manipulate and censor content disseminated via the internet without any legal basis, or on the basis of broad and ambiguous laws, without justifying the purpose of such actions; and/or in a manner that is clearly unnecessary and/or disproportionate to achieving the intended aim, as explored in the following sections. Such actions are clearly incompatible with States’ obligations under international human rights law, and often create a broader ‘chilling effect’ on 24 the right to freedom of opinion and expression .

Appendix II – human

rights due diligence

UN Framework on Human Rights and Business, Guiding Principle 17 In order to identify, prevent, mitigate and account for how they address their adverse human rights impacts, business enterprises should carry out human rights due diligence. The process should include assessing actual and potential human rights impacts, integrating and acting upon the findings, tracking responses, and communicating how impacts are addressed. Human rights due diligence: a. Should cover adverse human rights impacts that the business enterprise may cause or contribute to through its own activities, or which may be directly linked to its operations, products or services by its business re­lationships; b. Will vary in complexity with the size of the business enterprise, the risk of severe human rights impacts, and the nature and context of its operations; c. Should be ongoing, recognizing that the human rights risks may change over time as the business enterprise’s operations and operating context evolve.


Questions to ask when undertaking human rights due diligence: • What existing systems do we have that provide models on which me might build as we develop our human rights due diligence process? • Are these systems effective and fit for the purpose of addressing human rights risks? What changes may be needed to make them fit for this purpose? • Are there circumstances in which we will need separate processes for human rights? • Who should lead on human rights due diligence? Who needs to have oversight? • What departments will most likely need to be involved in aspects of human rights due diligence? How might we involve them in the development of the process? How might we structure and motivate collaboration? • What external expertise are we likely to need? Where we use external experts, how can we ensure that this supports, rather than detracts from, the embedding of respect for human rights in our internal values and practices? • How and at what points in the human rights due diligence process should we be seeking to engage with our directly affected stakeholders or their representatives? If we cannot do so, how else can we gain an understand­ ing of their likely concerns and perspectives? • How will we make sure that we keep our human rights due diligence up to date, recognizing when changes occur that may require renewed assessments of and responses to our impacts?


Key resources: European Union Global Network Initiative (The) Industry Dialogue on Telecommunications and Human Rights Institute for Human Rights and Business OECD Guidelines on Multinational Enterprises,3355,en_2649_34889_1_1_1_1_1,00.html Silicon Valley Human Rights Conference United Nations Guiding Principles on Business and Human Rights 32

Endnotes 1 The Connected World: The Digital Manifesto: How Companies and Countries Can Win in the Digital Economy (Boston Consulting Group, 2012) file96476.pdf. 2 US Secretary of State Hilary Clinton, Freedom Online Conference, The Hague, 8 Dec 2011. 3 On 18 November 2011, the Swedish Government held a one-day seminar on freedom of expression and the Internet, attended by representatives of business, civil society, the investment community and governments. 4 OECD Guidelines for Multinational Enterprises. 5 6 For a detailed discussion, see Ghonim, Wael Revolution 2.0 (Fourth Estate, 2012) and Souief, Ahdaf Cairo: My City, Our Revolution (Bloomsbury, 2012). 7 West Censoring East: The Use of Western Technology by Middle East Censors, 2010-2011 (Open Net Initiative): Since the publication of the report, there have been many reports in the media, including in Business Week, the Wall Street Journal, and elsewhere, showing how widespread such practices are. 8 Frank La Rue, the UN Special Rapporteur for the Right of Freedom of Expression and Opinion has said: “facilitating access to the Internet for all individuals, with as little restriction to online content as possible, should be a priority for all States. 9 This creates complications because companies lack the mandate, capacity, authority, expertise or ability to protect human rights in every instance. Moreover, protection of rights is a state responsibility. See, e.g McKinnon, Rebecca Consent of the Networked: The Worldwide Struggle for Internet Freedom (Basic Books, 2012) for a detailed discussion of the consequence of freedom on the Internet being entrusted to states or large companies. 10 See Mackinnon, Rebecca Shi Tao, Yahoo!, and the Lessons for Corporate Social Responsibility (University of Hong Kong, 2007). 11 Apple and Amazon, for example, have their own ‘community standards’ by which they decide if a particular product or service is suitable for their marketplace. 12 See e.g. La Rue, Frank, Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression (A/HRC/17/27). 33

13 Under the ‘State Duty to Protect’, the Guiding Principles recommend how governments should provide greater clarity of expectations and consistency of rule for business in re­ lation to human rights. The ‘Corporate Responsibility to Respect’ principles provide a blueprint for companies on how to know and show that they are respecting human rights. The ‘Access to Remedy’ principles focus on ensuring that where people are harmed by business activities, there is both adequate accountability and effective redress, judicial and non-judicial. 14 General Policy B1 of the 2011 Edition of the OECD Guidelines for Multinational Enterprises adopted by the OECD Investment Committee with the addition of eight non-OECD members: Argentina, Brazil, Egypt, Latvia, Lithuania, Morocco, Peru and Romania. 15 Announced on 14 February 2012 cfm?item_id=5752&lang=en 16 UN Guiding Principles on Human Rights and Business, principle 1. 17 UN Framework on Human Rights and Business, principle 11. 18 The following companies participate in the Industry Dialogue; Alcatel-Lucent, AT&T, BT, Deutsche Telekom, France Telecom/Orange, Millicom, Nokia Siemens Networks, Tele2, Telefonica, Telenor, TeliaSonera and Vodafone Group. 19 UN Framework on Human Rights and Business, principle 15. 20 UN Framework on Human Rights and Business, principle 16. 21 US Secretary of State, Hilary Clinton, Freedom On-line Conference, The Hague, 8 December 2011. 22 UK Foreign Secretary, William Hague, London Conference on Cyber Freedom on Nov 1, 2011; see report in the Wall Street Journal: cultural-differences-no-excuse-to-dilute-on-line-rights/. 23 Silicon Valley Standard, Principle 1. 24 Frank La Rue, Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression (A/HRC/17/27).


Enhancing Internet freedom and human rights through responsible business practices