The Ranking Digital Rights’ report, 2015 Corporate Accountability Index, find that the world’s leading technology companies deserve a failing grade for their privacy policies and the level of protection they offer their users. Some of the companies have also been found lacking for their freedom of expression practices.
Among the companies surveyed were U.S. giants Facebook, Google, and Microsoft, Europe’s top mobile companies Vodafone and Orange, China’s Tencent, and South Korea’s Daum Kakao (which makes the 140 million-user-strong KakaoTalk).
RDR says that its research found that many of the world’s most powerful Internet and telecommunications companies fail to disclose key information about practices affecting users’ rights.
“Even the companies that ranked highest are missing the mark in some ways, and improvements are needed across the board to demonstrate a greater commitment to users’ freedom of expression and privacy,”RDR says.
“There are no ‘winners’,” says the report’s executive summary. “Even companies in the lead are falling short.”
For the inaugural Index, Ranking Digital Rights analyzed a representative group of sixteen companies which collectively have the power to shape the digital lives of billions of people. Leading global ESG Research and ratings provider Sustainalytics co-developed the methodology.
Eight publicly listed Internet companies and eight publicly listed telecommunications companies were selected based on factors including geographic reach and diversity, user base, company size, and market share. These companies were assessed on thirty-one indicators across three categories — commitment, freedom of expression, and privacy — drawn from international human rights frameworks, as well as emerging and established global principles for privacy and freedom of expression.
Among the report’s findings:
- Only six companies scored at least 50 percent of the total possible points
- The overall highest score was only 65 percent
- Seven companies — nearly half of the companies surveyed — scored less than 22 percent, demonstrating “a serious deficit of respect for users’ freedom of expression and privacy,” the report found
- Tech firms universally failed to disclose internal censorship. If Google decides to edit or remove someone’s content, the report found, it does not feel the need to publicly disclose either that it has done so or why.
- When it came to whether Web-based companies allowed encryption of private content and control access, the average score across all eight was 6 percent
- Transparency varies greatly within a single company: Facebook owns WhatsApp and Instagram, but disclosures at its flagship product and Instagram were far better than those at WhatsApp, which sometimes did not even publish privacy agreements in the correct language.
- While local laws block companies from disclosing national security-related government requests in some countries, in every case the survey identified ways that the companies could improve their standing even without changes to extant laws.
- Despite the revelations about their cooperation with the National Security Agency (NSA), U.S. companies were far from the worst offenders. European companies, notably Orange, had serious cooperation issues as well.
The fact that the highest aggregate score on privacy, freedom of expression, and companies’ commitment to those values as evidenced by the companies’ practices and user agreements was only 65 percent out of 100 percent, can be read in two ways. “On the one hand, it’s not like nobody’s trying at all, but the best-scoring company got a D,” Rebecca MacKinnon, who runs the ranking project, told the Gurdian.
Overall, Google ranked highest among Internet companies, while the U.K.-based Vodafone ranked highest among telecommunications companies, despite significant deficiencies.
The lowest was Mail.ru, the Russian email service often used to create spam accounts, which had a score of 13 percent.
“The picture is quite remedial,” said MacKinnon. “Part of the problem is that this is a new world with the internet, and we are so dependent on these companies that we really need them to get it right. And they have a lot of work to do.”
MacKinnon said clarity for users was vital and a lack of it could have serious consequences.
“About a year and a half ago, Syrian opposition groups started getting locked out of Facebook and having photos taken down because they were ‘against terms of service’,” she told the Guardian. “There was no clarity about why or how those terms of service are being enforced. And a lot of activists that depend on Facebook feel like the opacity, given how dependent people are on the platform, is not socially responsible.”
MacKinnon said the indicators would need to improve if the companies were going to succeed in multiple regions.
“If they don’t earn the trust of the user, it’s going to be much harder to succeed as a multinational company and earn the trust of users across borders,” she said. “A French user might trust the French government, but they don’t trust the NSA. These companies have to prove that they’re doing everything they can in this imperfect world where you have governments everywhere that at least someone thinks is infringing on their rights.”
MacKinnon noted that she remained optimistic that over time, the industry would improve its privacy efforts. “This is the test you take at the beginning of the class where everybody fails, and then you get to work, and then everybody’s going to improve,” she said.