laidlaw.eu

This week the European Commission’s Directorate-General for Enterprise and Industry announced that the ICT sector would be one of three business sectors that would be the focus of a year-long project to develop sector-specific guidance on corporate responsibility and human rights. In case anyone is curious the other two are employment and recruitment, and oil and gas.

The selection of the ICT sector comes as no surprise given the events of the last few years. Technology and its capacity to be a tool of democratisation and repression , and the role and responsibility of businesses to take a stand (or not) has dominated the news and policy debates. To me as the CSR/HR/ICT person, this is all fascinating and more than anything, welcome attention to an issue I was yammering on about five years ago to a sea of largely uninterested faces.  It is also a natural extension of the European Commission’s recent commitment to develop sector-specific guidance in its communication on corporate social responsibility.

The project seeks to take the former UN Special Representative John Ruggie’s Protect, Respect and Remedy Framework and his Guiding Principles on its implementation and figure out how it should work in the ICT sector. For more on these documents see here. What, for example, should Vodafone have done when the Egyptian Government ordered it to turn off mobile phone networks? Resist the order? Immediately cease work in Egypt? Comply? In the end Vodafone did comply.  For more on this see Salil Tripathi’s excellent commentary. But the next question is whether a corporate governance framework would have helped Vodafone navigate these issues. Vodafone had been one of the key drafters of the Global Network Initiative, one of the leading CSR frameworks for technology companies concerning human rights, but it pulled out at the last minute. Would being a member of the GNI have made a difference? As we go forward with this project to provide guidance to the ICT sector, we should remember this scenario and ask – what guidance would help a company in the position of Vodafone? If it has not provided any, then this will have all been a theoretical exercise. More fundamental, we need to ask: when is guidance not enough? When do we need the rule of law?

Over the next year I suspect I will talk quite a bit about this project, but let me offer some preliminary thoughts. We need to be clear about what we are asking of this guidance. One of the most difficult issues here is teasing out what the difference is between what I call pure-CSR, or voluntary responsibilities undertaken by businesses, and legal obligation, and when the two overlap. The waters are far from clear here. For example, when a business voluntarily commits to human rights responsibility (in whatever form), this can eventually take the form of legal obligation by actions for breach of contract (i.e. employment situation) or tort (i.e. falling below a standard of care undertaken by the company). Further voluntary principles can sometimes inform legislation (in Canada a voluntary code on hockey helmets later became the basis of legislation on same).  Putting all of that aside, much work is needed to determine what we are asking of the ICT sector – voluntary commitment, regulation, legal obligation.

The second issue, is whose responsibility is this? This is a critical issue to human rights law, which is only binding on states. Where the line between voluntariness and the law is so hazy, we must be even more mindful on whom we are imposing obligations. Are we asking the ICT sector to commit to human rights codes (not necessarily as a matter of law)? If not, and we want something more, which I suspect is the case, then this is a government responsibility. It might be that the rules are developed and debated in a multi-stakeholder form, but in the end this is a duty of the state to ensure that the human rights of its citizens are protected. The role of businesses here are the institutions through which the state’s human rights duties are realised, and since businesses are private, profit-making institutions it is no small matter to go this route. Businesses are not supposed to be moral arbiters of the world’s problems, but in the ICT sector the fact is they are forced to make moral decisions every day. This doe not necessitate top-down laws (though it might). It can also take quasi-regulatory form aka OFCOM (but let’s not go down that road of discussion for now shall we…). The important thing to take away, for the moment, is on whom the responsibility lies matters because that determines the enforceability of the rules.

One of the questions coming out of the phone hacking scandal and the announcement that News of the World will be shutting its offices following its final publication this Sunday is the sufficiency of the Press Complaints Commission as the industry’s self-regulator. The PCC did very little when the first hacking allegations came to light. When Clive Goodman was imprisoned for hacking in 2006 the PCC announced it was launching an investigation and concluding later that it was an isolated incident. The PCC it can be said has had nothing to do with bringing to light what has happened here. Rather, the outrage of the public and dogged pursuit of certain MPs and competing papers and the plans for public inquiries caused NoW’s fall. This highlights that more regulates the behaviour of the press than a formal regulator. Bringing to mind regulatory theorists for the Internet environment, such as Lawrence Lessig, Colin Scott and Andrew Murray, this incident reminds us that the public has a role to play in regulating behaviour, that naming and shaming indeed can at times be quite effective. But that is cold comfort to the family of Milly Dowler and any of the other victims of NoW hacking, and it is only effective after the fact in penalising behaviour. What the hacking scandal also highlights is the weaknesses of the PCC as a regulatory body, in terms of its accountability, independence from industry, and fundamental role in maintaining a standard of conduct for the press.

Is the PCC enough? Well certainly not in its current form. But before we go gallivanting off arguing for stricter regulation of the press we must be mindful of the critical role the press plays in pursuing the public interest and the consequential need to give due attention to independence of the press and freedom of expression in this environment. More regulation might hamper their ability to carry out this role. Sure the PCC has utterly failed as a self-regulatory body and needs to be reformed, but the answer is not necessarily to reconstitute the body as something akin to OFCOM with greater government oversight. What has happened here is as much a cultural problem as well as a legal one – the culture in the offices of NoW, but also the public culture in consuming the paper every week. NoW had a weekly circulation of 2.7 million. Our appetite fed the practices and while the blame no doubt falls on Rupert Murdoch’s empire for engaging in such criminal practices, we should take a moment to consider whether we need to change our own practices as consumers.

Last week, I had a thoroughly enjoyable experience presenting on a panel with Andrew Murray of the LSE, Dr. Daithi Mac Sithigh of UEA, and solicitor Stratos Camatsos, under the chairmanship of Ben Allgrove from Baker & McKenzie.  It was put together by the UCL Student Human Rights Program to discuss “Internet & E-Rights: Challenges and Perspectives”.  The questions from the audience were thoughtful and engaging. If anyone is interested in seeing the slides from my presentation here they are:

I presented last week in the Cyberlaw section at the Society of Legal Scholars Annual Conference on the human rights compliance of the Internet Watch Foundation’s regulatory structure.  It was an enjoyable time and nicely low-key and informal.  If you are interested in seeing the slides of my presentation, here they are:

I wanted to take a moment to recognise a legal giant and a great man, Alan Hunter, who passed away earlier this week.  I worked for him at Code Hunter in Calgary, Alberta way back when before I got it into my head that I should do a PhD.  It was an honour to work with him, and I can thank him for having a significant influence on the lawyer that I am today.  My thoughts are with his family and friends.

The Register today reports on outgoing US FTC Commissioner Pamela Jones Harbour’s comments, directed at Google, that it ‘pushes the privacy envelope’.  When Google launched Google Buzz, its contribution to the social-networking frenzy, it was immediately met with a firestorm of criticism.  Raising the well-trod ‘opt-in’ or ‘opt-out’ debate, its default settings identified the Gmail contacts you, well, contacted most, and publicized this to the world.  To make matters worse, the checkbox to hide the list was accused of being difficult to find. Google fixed this, amongst other things, but Ms Harbour’s comments raise a more subtle issue with how Buzz was launched: by launching Buzz with the least privacy-concerned-settings, it was testing the public’s privacy threshold – pushing the privacy envelope – and creating a benchmark of acceptability for future activities.

While a complaint has been launched with the FTC, this raises a greater issue concerning the general lack of regulatory oversight of the activities of such private bodies and an accounting of their human rights implications. Google is a key participant in the development of the Global Network Initiative (GNI), but there is no indication that GNI privacy principles were sufficiently, if at all, taken into account. Even the GNI provisions on privacy, though as a whole promising, focus more on guiding companies conduct in countries with laws inconsistent with the Universal Declaration of Human Rights (aka Google in China), than on companies responsibilities in the face of an absence of law. Without clear guidance on the nature and extent of their human rights responsibilities, the envelope can be pushed and we entirely depend on consumer backlash to delineate our human rights.

While Google’s stand in China has been praised in western democracies (see for example, the Global Network Initiative’s discussion, as well as Rebecca MacKinnon‘s), it is now facing criticism from advertising businesses in China.  Google’s Ad partners have written a letter to Google urging them to let them into the loop on Google’s plans for China.  With Google’s future in China unclear, these advertisers have seen their business volume plummet. See the BBC or Guardian discussions about the controversy.