Scaling research and impacting change
How do the world’s most powerful internet, mobile, and telecommunications companies treat their users’ freedom of expression and privacy? On 2 May 2018, the Ranking Digital Rights 2018 Corporate Accountability Index European launch event was held at Humboldt Institute for Internet and Society (HIIG). Kirsten Gollatz, PhD candidate at University of Zurich and Project Manager at HIIG gave the introduction. The main presentation by Ranking Digital Rights director Rebecca MacKinnon was followed by a panel discussion led by Nani Jansen Reventlow, founder and director of the Digital Freedom Fund, with Solana Larsen, Editor of the Internet Health Report. As a reflection on the discussion, Lisa Gutermuth highlights main findings of the 2018 Index and describes features of the project design that have led to impact.
The 2018 Corporate Accountability Index ranked 22 of the world’s most powerful internet, mobile, and telecommunications companies on their disclosed commitments and practices affecting users’ freedom of expression and privacy. The 2018 Index used the same 35 indicators as the 2017 Index to evaluate the same 22 companies’ disclosures across three categories: Governance, Freedom of Expression, and Privacy enabling the project to track changes in companies’ policies over time.
The findings were sobering: There is inadequate disclosure across the board, and although more than half of the companies evaluated have made meaningful improvements since the 2017 Index, they still fall short in disclosing basic information to users about the design, management, and governance of digital platforms and services that affect human rights.
The aim of the Corporate Accountability Index, however, is not only to identify poor disclosure. The methodology and indicators provide a clear roadmap for companies to improve their commitments to privacy and freedom of expression. Furthermore, the openly published methodology enables other researchers to use it to evaluate more companies, beyond the 22 ranked by the Ranking Digital Rights (RDR) Index. Now in its third iteration, the impact of the Index is clear: between 2017 and 2018, we documented meaningful improvements by 17 of the 22 companies ranked in both years.
By evaluating 22 of the world’s most influential internet, mobile, and telecommunications companies over time, RDR identifies gaps in disclosure and trends that otherwise are hard to surface. For example, as MacKinnon explained in the launch presentation, “Data breaches are a huge concern. And yet Apple was the only internet and mobile company evaluated to disclose any information about how it responds to data breaches. AT&T, Vodafone, and Telefónica were the only telcos to do so.” At the same time, RDR has seen improvements in company disclosure on this issue since last year’s Index. In 2017, Apple disclosed no information about its policies for responding to data breaches. In addition, Vodafone significantly improved its disclosure to become the only company that receives full credit for transparency on this indicator.
As Solana Larsen, editor of the Internet Health Report at the Mozilla Foundation pointed out, “it’s important to show not just that things are going badly on the internet, but also in what areas they’re getting better.” To that end, one of the most clear examples of an area where several companies made improvements is the disclosure of options users have to control their own information (P7). Seven companies—Apple, Baidu, Google, Kakao, Samsung, Tencent, and Oath—showed improvements on this indicator, although disclosure of these options still remains low.
Another example of things moving in the right direction: while most companies provide some disclosure about their process of terms of service enforcement (F3), until recently companies have made little effort to reveal any data about the volume and nature of content and accounts they restrict for violating the company’s rules (F4). In 2015, no companies had any disclosure on this indicator. By the time the 2017 Index research cycle was complete, three companies had started to make some disclosure, and by the 2018 Index, four companies. Up until research was completed for the 2018 Index, however, companies’ disclosure was isolated. Just days before the 2018 Index was published, however, YouTube released a transparency report on Community Guidelines enforcement that represents a significant step forward, both for the company and for the effort to get other companies to see the value in disclosing this type of data. At the same time Facebook also released further insight into their interpretation of their Terms of Service and Community Guidelines. While these recent changes aren’t reflected in the 2018 Index scores because they happened after the research cut-off date for this cycle, these improvements could signal a shift to more and more companies publishing terms of service enforcement data, which we expect to be able to reflect in the 2019 Index.
RDR’s findings highlight areas where companies are improving disclosure, as well as areas where disclosure is severely lacking. By conducting and presenting the research in this way, researchers, the public, and the companies themselves see how they stack up compared to each other, as well as where they can improve, creating competition to be the most transparent about their policies. For an example of how this plays out, South Korean internet company Kakao’s blog post about the 2018 Index features the company’s leading performance on several indicators relating to handling user data. Further, with a transparent methodology and company-specific recommendations, companies have a roadmap for what changes they need to make to improve their respect for privacy and freedom of expression.
“We seek to engage with all companies before, during, and after the Index is published. Our objective is to get companies to improve.” – Rebecca MacKinnon
Conducting quality research and making it clear and accessible is often not enough. Company outreach has been an integral part of the methodology development and research, and ultimately has been critical to RDR’s impact thus far. As part of the Index research cycle, RDR shares each companies’ preliminary results with them, allowing them to provide feedback and ask questions. While the Index is based entirely on publicly disclosed information, this process allows companies to identify policies that they can easily disclose or improve upon.
RDR is just one initiative in the ecosystem of digital rights research and advocacy. By building this recognition into the design of the project from the outset, RDR has enabled collaboration and research that expand far beyond the limits of its own capacity. By publishing the methodology and making it available to the public under a Creative Commons license, making the raw data available for others to adapt or present in different ways, and being transparent and inclusive around the methodology development and research processes, RDR has built in both greater opportunities for supporting a much broader ecosystem of research and data on corporate disclosures related to digital rights.
Localized research projects that sprouted up in different countries and regions as a result of this approach include a study assessing the privacy policies of telecommunications companies in Pakistan by the Digital Rights Foundation, an evaluation of the privacy and freedom of expression disclosures of mobile operators in the Arab region by Social Media Exchange (SMEX), and a ranking of New York City internet service providers (ISPs) on their respect for privacy by the New School Digital Equity Lab. Plans are underway at HIIG to rank Berlin public wifi hotspots, also by adapting the RDR methodology.
RDR’s research reveals gaps in disclosure and tracks changes in companies’ respect for privacy and freedom of expression over time. Taking this evidence forward, in several cases where RDR and advocacy partners have pushed for greater transparency, companies have made notable improvements. RDR’s unique approach to research allows for scaling beyond the limited resources of the project, and enables advocates and researchers throughout the global digital rights network to build upon this work in order to highlight localized corporate accountability issues and push for greater transparency in their own contexts. To this end, researchers, technologists, journalists, and digital rights advocates are encouraged to draw on the research and findings, and build out what RDR has started as a basis for greater corporate accountability and respect for digital rights online.
This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact email@example.com.
Sign up for HIIG's Monthly Digest
and receive our latest blog articles.
Whether civil society, politics or science – everyone seems to agree that the New Twenties will be characterised by digitalisation. But what about the tension of digital ethics? How do we create a digital transformation involving society as a whole, including people who either do not have the financial means or the necessary know-how to benefit from digitalisation? And what do these comprehensive changes in our actions mean for democracy? In this dossier we want to address these questions and offer food for thought on how we can use digitalisation for the common good.
Personal data is particularly sensitive and worthy of protection in the health and care sector. What could good data governance look like here?
Considering the dynamics and processes related to the digitalization of the strategy making process results in a shift from digital strategy to digital strategizing. What's behind the concept?