The European Commission has published guidance for companies in the information and communications technologies (ICT) sector on meeting the corporate responsibility to respect human rights under the UN Guiding Principles on Business and Human Rights (UNGPs).
The sector guide will be particularly relevant for personnel engaged in corporate governance and ethics and compliance functions as well as those whose role includes managing business relationships with suppliers, contractors and governments. It is also intended to be helpful to groups who are interested in promoting respect for human rights in this business sector, including governments, industry associations, trade unions and consumer organisations.
The guidance sets out the steps required under the UNGPs to "know and show" a respect for human rights and translates this into the particular context of the ICT sector. Probably the most unique feature of this sector from a human rights perspective is that collectively it constitutes the "communications pipeline". This affords opportunities both for individual self-expression, e.g. social media, as well as government and commercial monitoring and control, e.g. internet filters or the suspension of a telecommunications network at politically turbulent times.
Other human rights will of course also be relevant to players within the ICT sector. These include human rights relating to the proper treatment of the workforce (such as health, protection from forced or child labour and just conditions of work) and communities (including health, sanitation and cultural property rights). To take a practical example, server farms use large amounts of energy and water for cooling; depending on their location, this could have an adverse effect on local communities' access to resources.
The guidance is of relevance to all companies, globally, who are engaged in the ICT sector. This "ICT ecosystem" is extensive: fixed and mobile telecommunications services providers, wireless and internet service providers (ISPs), search engine providers, social media companies, cloud computing service providers, manufacturers of smartphones, mobiles, digital cameras, gaming consoles, chip and other component manufacturers as well as app and other software developers.
Although not legally binding, the European Union is committed to the implementation of the UNGPs and the European Commission's guidance for the ICT sector is a step towards this.
1. Background: understanding the framework of human rights protection in business
The corporate responsibility to respect human rights is one of the "three pillars" of the UN "Protect, Respect and Remedy" Framework on business and human rights.
Under the UNGPs, businesses have a responsibility to respect human rights wherever they operate in the world. This means that businesses should have in place policies, procedures and mechanisms to avoid infringing on the human rights of individuals and address negative human rights impacts with which they are involved.
The UNGPs also set out the duty of states to protect against human rights abuses by businesses through policies, legislation, regulations and adjudication and the need for greater access to effective remedy for victims of business-related human rights abuses. International frameworks such as the OECD Guidelines for Multinational Enterprises, ISO 26000 and the Global Reporting Initiative have been updated to reflect the UNGPs, therefore convergence around the UNGPs should lead to fewer conflicting standards and more consistent expectations.
The European Commission has also published guidance for oil and gas companies, employment and recruitment agencies and small and medium-sized enterprises. For further information on the guidance for the oil and gas, and employment and recruitment sectors, please refer to our e-bulletins here and here.
2. ICT: risk factors
A wide range of internationally identified human rights are engaged in the ICT context due to potential use of the technology and the supply and production of components and devices. These include the rights of users of technology, supply chain workers and local communities impacted by a company's operations. The guidance recognises that the risks to human rights will depend on the activities of the company, the operating context and the practices of a company's business partners.
The guidance identifies a number of human rights risk areas in the ICT sector. These include:
- the challenges of responding to government requests for information about customers and users which are not in line with international human rights law;
- the difficulty of identifying potential human rights breaches in a company's extensive supply chain, particularly where manufacturing of components takes place in a domestic context where labour laws are weak or unenforced in practice; and
- the challenges that arise from regulations which lag behind technological developments which, if misused could have negative human rights impacts.
3. Addressing risk: putting business responsibility for human rights into practice
The guidance identifies six core elements of the responsibility to respect human rights under the UNGPs and explains how each applies to the operations of a company in the ICT sector. The core elements are:
- having a publicly available human rights policy commitment to respect human rights and having processes for embedding that commitment into the company's culture;
- assessing actual and potential human rights impacts by understanding the operating context, drawing on expertise and consulting with affected stakeholders;
- integrating the findings and acting to prevent or mitigate the impacts;
- tracking how effectively impacts are addressed by developing indicators and incorporating stakeholder perspectives;
- communicating how impacts are addressed; and
- remediating negative impacts the company has identified it has caused or has contributed to, including by establishing or participating in effective operational-level grievance mechanisms.
The guidance explains that assessing, integrating, tracking and communicating (which together are what the UNGPs refer to as “human rights due diligence”) should start at the earliest stages of product, service or technology design or market entry, and at the pre-contract stages of business relationships and should be on-going.
4. Practical steps for managing human rights risks in business relationships
Under the six core elements, some key practical considerations for companies stand out.
Review your current policies: Companies need to commit to, develop and review policies which explain their expectations of staff, business partners and others in the value chain regarding respect for human rights. Companies should therefore review existing policies to ensure that they meet the requirements of the UNGPs and consider implementing further policies and procedures, as necessary to ensure compliance.
Review your business partners' (and targets') policies and practices: The commitment to its human rights policies should be embedded into a company's relationships with its business partners from the outset and should not be seen as a "negotiable extra". As well as integrating the management of human rights risks into new contracts, companies should review existing contracts with business partners throughout the supply chain, assess the risks of negative human rights impacts in those relationships and use leverage to address any human rights impacts identified. The guidance also recommends that human rights risks should be assessed prior to acquiring or investing in an asset or business.
Public reporting: The guidance also recommends that companies consider formal reporting on human rights performance (e.g. in annual reports or investor updates), even if this goes further than the minimum requirements of national state law. There has already been a move by some legislatures to require some companies to report on their human rights policies (see for example, the UK Companies Act 2006 (Strategic Report and Directors' Report) Regulation 2013, expected to be in force from 1 October 2013). For further information on human rights in narrative reporting please see item 2 of our corporate e-bulletin here.
5. The future of human rights in business
The European Commission guidance reflects the increasing importance for companies to address human rights risks linked to their business activities and the growing financial, legal, reputation and operational cost of failing to do so (including the risk of claims being brought by NGOs under the complaints mechanism of the OECD Guidelines for Multinationals).
The UN, European Union and a number of national governments, including the US and the UK, have committed to the implementation of the UNGPs and the UK national action plan on business and human rights is expected to be published shortly.
Financial institutions providing funding to businesses will put greater emphasis on human rights considerations in the future, as a consequence of aligning their own policies and procedures to meet their responsibilities under the UNGPs. Shareholders and business partners will also increasingly require companies to demonstrate a respect for human rights as they take steps to limit their exposure to human rights risks.
It is clear that business and human rights is an evolving area of risk and compliance for companies and that complying with national law may not sufficiently demonstrate a respect for human rights if the applicable local laws relating to labour rights, environmental protection and affected communities are absent, weak or unenforced. Telecommunications service providers, in particular, increasingly find themselves walking a difficult tightrope, trying to balance their own responsibilities for respecting human rights with government mandated interventions, such as mass surveillance. The guide provides a welcome framework for working through the issues, even if it cannot provide the answers.
The European Commission's ICT sector guide on implementing the UN Guiding Principles on Business and Human Rights can be found here.