For the fifth year in a row, UAE’s Etisalat and Qatar’s Ooerdoo have ranked in the bottom two places in Ranking Digital Rights’ (RDR) Telco Giants Scorecard. RDR evaluated 12 of the world’s most powerful telecommunications companies on their policies and practices affecting people’s rights to freedom of expression, privacy and other fundamental human rights.
Key Findings
The report shows that most companies have managed to improve their scores in at least one area, and many have made significant improvements in the past year. Yet companies still fall short when it comes to respecting human rights, responding to government interference and upholding users’ right to privacy and freedom of expression.
Spain’s Telefónica ranked first on the scorecard (57%) and implemented several recommendations made by RDR in previous years. It also vowed to assess the impact of targeted advertising on human rights.
Vodafone ranked second, with an overall score of 41%. Although it failed to provide information on its targeted advertising policies, Vodafone was the only company that published its data breach policy, including its commitment to notify authorities and affected users.
U.S. telecom company AT&T came in third place (40%). Notably, the company published a significant document entitled “Additional Information on AT&T’s Commitment to Digital Rights” which assesses the impact of its policies and commits to develop algorithms that ensure better respect of human rights.
Ranking of telecom companies based on their policies and practices affecting users’ freedom of expression and privacy.
Ooredoo
Despite minor improvements, Qatari Ooredoo remained in last place for the fifth consecutive time since 2017, with an overall score of 9%. Ooredoo began publishing Environment, Social Responsibility and Governance (ESG) reports in 2020 and declared its commitment to “safeguarding human rights.” However, the company still lacked general transparency about its policies and practices affecting users’ freedom of expression and privacy.
It should be noted, in this context, that Qatar was the host of the 2022 FIFA World Cup. The tournament featured a widespread use of multiple technologies, such as smart cities, drones and face recognition. Fans were also required to obtain a “Hayya ID” through the Hayya app to access the stadiums and other amenities.
This large-scale implementation of technologies raised major questions related to the digital security and the privacy of almost two and a half million spectators.
Key Takeaways
For the first time, Ooredoo committed to “safeguarding human rights” in its inaugural ESG report, but the company did not expand on what this commitment entails. Ooredoo did not make any commitment to net neutrality. The company also shared nothing about its process for responding to government shutdown orders or how many such orders it received or complied with.
Finally, Ooredoo failed to provide any information about how it handles government demands for content takedowns, account restrictions, or user information. It was also unclear whether the company responds to any private requests for such information.
Changes since 2020
Ooredoo published its first annual ESG report and identified “safeguarding human rights” as one aspect of its “sustainability framework.” Ooredoo also made it easy to access its “General Terms and Conditions” by adding it to the company’s homepage.
Ooredoo’s privacy policy, previously only available in English, has also been offered in Arabic, the official language of Qatar.
Graph showing the progression of Ooredoo’s score between 2017 and 2022.
Finally, Ooredoo improved its transparency with regard to security oversight: The company disclosed the existence of an internal team managing data security issues and conducting regular audits. The company also commissioned external audits, earning it ISO certificates.
Recommendations
Based on the abovementioned outcomes, RDR’s Telco Giants Scorecard offered the following recommendations:
- Detail a commitment to human rights. Ooredoo should commit explicitly to respecting users’ rights to privacy and freedom of expression, in accordance with international human rights standards.
- Be transparent about government censorship demands. Ooredoo should publish policies clearly outlining its processes for responding to government demands to block websites and restrict access to networks and services.
- Be transparent about the handling of user information. Ooredoo should describe which types of user information it shares and with whom as well as how long it retains this information.
Etisalat
Etisalat came in at the bottom of the ranking once again due to its “lack of transparency across all categories.” The “global technology and investment conglomerate’’ continued its expansion into new markets and services, including cloud storage, cybersecurity, and AI.
According to RDR’s Telco Giants Scorecard, this growing expansion is cause for concern, given the company’s history of putting business before human rights and the repressive regulatory environment of its home market. In addition, the company provided no information about its processes for handling government demands to block content and hand over user information either from UAE authorities or from the governments of the foreign countries in which it operates.
The company also continued to violate network neutrality principles by charging its users in the UAE an extra $14 monthly to access the voice and video calling features of VoIP apps approved by the country’s Telecommunications and Digital Government Regulatory Authority.
Key Takeaways
Etisalat received a score of 13% as it did not provide any evidence of engaging with multi-stakeholder initiatives regarding how its business operations and products may affect users’ freedom of expression and information and privacy rights, as well as their right to non-discrimination.
Moreover, the company did not disclose its process for handling government demands to remove content and accounts or to access user data. While it is a criminal offense in the UAE not to comply with government blocking orders, there is no law prohibiting the company from disclosing how it handles these demands or its compliance rates with either government or private content-blocking requests.
Finally, the report indicated that Etisalat lacked transparency about its security policies. It disclosed having a security team in place that conducts internal security audits as well as commissioning third-party audits, but it failed to share anything about its policies for addressing security vulnerabilities or handling data breaches.
Changes since 2020
The global technology and investment group disclosed management-level oversight over security and customer data for all services. Etisalat also disclosed that it engages in zero-rating practices (providing Internet access without financial cost under certain conditions, such as by permitting access to only certain websites), but it provided justifications for only some of the programs it offers. Finally, the company provided educational materials for users to protect themselves from scam and fraud.
Graph showing the progression of Etisalat’s score between 2017 and 2022.
Recommendations
Based on the above mentioned outcomes, RDR’s Telco Giants Scorecard offered the following recommendations:
- Conduct human rights due diligence. Etisalat should conduct robust assessments of the impact of its policies on human rights to mitigate the risks to users’ privacy, freedom of expression, and non-discrimination, especially as it develops new services and enters new markets. The scope of these assessments should include the company’s targeted advertising policies.
- Disclose processes for responding to government demands. The company should publish policies clearly outlining its processes for responding to government demands to block websites, restrict access to networks and services, and hand over user information.
- Improve security policies. The company should disclose policies for responding to data breaches and addressing security vulnerabilities. It should also provide users with better resources and information to protect themselves from cybersecurity risks.
Read the full report to learn more about the scores and the adopted research methodology.
