Next week I’ll be in Paris for the Internet Governance Forum (IGF). The event, which is now in its 13th year, is held under the auspices of the United Nations, with this year’s edition being held in the UNESCO buildings in central Paris.
The IGF tends to attract a varied group of people from government, civil society, business and the technical community. I’ve attended the IGF a couple of times in the past and have found it to be an interesting forum where a very diverse set of people discuss the internet and “digital” in very broad terms. As a European business we might have our frustrations and challenges dealing with infrastructure, government and the day to day business, but when you listen to some of the stories from other parts of the world it helps to bring some extra perspective.
Earlier this year we engaged with Article 19 and the Danish Institute for Human Rights on conducting a human rights impact assessment (HRIA) for the company. So I’ll be speaking at IGF about how the experience of doing a HRIA was for us as a company and what we learnt from the process.
Why did we do this?
We felt that putting our operations under a bit of scrutiny like this would be a good exercise.
What are other technology companies doing?
Other companies in the technology space have human rights policies which cover three broad areas:
- internal policies and processes – essentially how a company interacts with its own staff and ensures that their rights are respected
- relations with suppliers and vendors – who you do business with has an impact.
- relations with customers / clients
Taking Nokia’s human rights policy as an example they start off with a very telling statement:
Nokia recognizes that there is a tension in today’s world between privacy and security; between legitimate actions to ensure that citizens are protected from the threat of terrorism and other crime while maintaining their fundamental human rights, including the right to privacy and freedom of expression and assembly. (source)
Getting that balance right is not easy and we are not a huge corporation with the kind of resources at our disposal that a multi-billion Euro company would have.
I’ve written at length on both security and privacy and how we try to get the balance right over the years. It’s not simple. And we are not the internet police, however we also have to abide by the law, so while we might unknowingly allow people and organisations to signup to use our services that’s very different to actively targeting certain groups. Bottom line: if you want to use the services we provide to cause harm and we find out we will probably terminate your account. I don’t want our platform to be abused by anyone and while we welcome clients from the four corners of the globe scam artists and criminals will never be welcome.
But I digress.
Over the course of several weeks my team and I worked very closely with Article 19 and the Danish Institute of Human Rights on reviewing all of our internal and external policies and contracts. We then had a face to face meeting here in our Carlow offices where we went through the very detailed questionnaire. As we were the first company of our type to embark on the exercise with them not all of the questions were really pertinent to us, while others could have been seen as being relevant, yet impractical.
I’ll freely admit that we still haven’t finished implementing all of the recommendations from the report. However I’d hope we’ll have most, if not all, of the changes in place within the next couple of months.
Some of the changes are subtle and really involve either clarifying or documenting things that we were already doing. Others, however, require us to update policies and documents and getting sign off from our legal counsel or HR firm. Not impossible, but not something that you can do overnight either!
I hope to be able to share our experiences during what promises to be an interesting session at IGF next week.