Cybersecurity & Standards, Free Expression, Government Surveillance, Privacy & Data
GNI Finds Member Companies In Compliance with Obligations
Yesterday, the Global Network Initiative (GNI) released a report on the independent assessments of its member companies, Facebook, Google, LinkedIn, Microsoft and Yahoo!, finding each company in compliance with the GNI Principles and Implementation Guidelines. GNI is a multi-stakeholder initiative consisting of four constituencies – companies, academics, investors, and civil society groups – who come together with the goal of protecting the rights of free expression and privacy. CDT is a founding member of the GNI; I represent CDT on the GNI Board of Directors as a member of the civil society constituency.
As is indicated in this semi-annual report, the finding of “compliance” is made by the GNI Board based on its consideration of reports it receives from independent assessors accredited by GNI. The individual company assessments amount to a demanding inquiry into company practices and processes as they relate to decision making about free expression and privacy. Each assessment report is prepared according to a detailed Reporting Framework, based on Assessment Guidance given to the accredited assessors, and on advice from non-company GNI members, like CDT, about the types of cases the assessors should consider as they assess compliance.
The GNI Board’s finding of “compliance” with respect to each member company means that based on the information provided through this process, Facebook, Google, LinkedIn, Microsoft and Yahoo! have made a good faith effort to implement the GNI Principles and Implementation Guidelines, with improvement over time. This does not mean that each member company made a rights-respecting decision each time it faced a demand from a government for disclosure of an internet users’ communications content, or that it made the rights-respecting decision when faced with a government demand to remove content from its service. Rather, it means that the company has put in place processes, practices and procedures designed to achieve the results that are called for in the Implementation Guidelines, and is improving over time. These procedures include conducting human rights impact assessments, integrating privacy and free expression considerations into company decision-making structures, and having mechanisms to elevate to the company’s board of directors important decisions about these issues.
The report identifies three areas of progress. First, member companies are using the GNI Principles to push back on inappropriate government requests. Second, member companies are increasingly adopting and implementing human rights impact assessments. Third, member companies are increasing their participation in the public debates around privacy and free expression.
The report also flags two areas of concern, where companies are facing increased pressure from governments that could adversely impact free expression and privacy. The first is increased pressure from governments outside the United States to compel disclosure of communications content from providers inside the US. Second is increased pressure from governmental entities to restrict content or block search results associated with “extremist” content online. These are two areas worth watching in the coming years. A company’s responses to these pressures could have a significant impact on user privacy and free expression rights.