Submission |

The Collaboration on International ICT Policy for East & Southern Africa (CIPESA) has made submissions to the Office of the United Nations High Commissioner for Human Rights (OHCHR) on how businesses in the technology sector can improve the observance of human rights. 

The submissions, made in February 2022 in response to a call for inputs on the application of the United Nations Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, will feed into a report the OHCHR will submit to the Human Rights Council in June 2022. 

Below is a summary of CIPESA’s submission.

Emerging Trends

The digital age presents new challenges and ways of working that necessitate a review of how the UNGPs can be applied in the technology sector. Increasingly, states have become purchasers of digital technologies from technology companies to facilitate the implementation of various national programmes which present previously unforeseen risks to privacy as they facilitate mass surveillance. Commonly implemented national programmes posing threats to individual privacy include national digital identification systems, voter registration using digital biometric systems, mandatory SIM card registration, smart cities programmes, and installation of national video surveillance (CCTV) programmes integrating facial recognition systems.

Furthermore, digital technologies have fallen prey to retrogressive legal measures undertaken by states. Across Africa, countries have enacted legislation which compel telecommunications service providers to embed capability within their systems to facilitate the interception of communications by state security agencies, and the state acquisition of software and hardware equipment to facilitate surveillance and interception. 

In addition, some states have taken advantage of digital tools to carry out cyber attacks, censor online content, disseminate propaganda and disinformation. Moreover, many African governments have adopted laws limiting anonymity and the use of encryption.

Pressure on tech companies

Some governments continue to apply undue pressure on technology companies including social media platforms to provide personal information, take down content, and shut down the internet. Others have adopted repressive legislation to control the spread of information on social media, or to regulate internet intermediaries by placing undue liability on them for content on their platforms. During the Covid-19 pandemic, states developed various contact tracing systems and applications without adequate legal frameworks, or an assessment of the human rights impact of the applications. Also, state responses to hold companies accountable remain ad hoc, fragmented and not aligned with international standards.

Questionable company practices
Across the continent, social media, online search, fintech and advertising companies have adopted business models that are based on surveillance capitalism and thus continue to threaten the privacy of users, in some cases without users’ explicit knowledge or consent. Further, social media platforms have also contributed to the spread of harmful content online, which companies have failed to take effective measures to address. Also, social media content policies do not always adopt definitions of content that are rights-respecting, and their practices around content moderation are problematic. Content is often moderated using automated systems which lack local context, are discriminatory and embed bias.

Moreover, some platforms’ practices around content takedowns remain inaccessible, their content policies are not uniformly applied, and redress mechanisms do not always apply the rules of natural justice. In addition, some companies have continued to develop and sell surveillance technology to autocratic governments on the continent, which is subsequently used against human rights activists, government critics, and opposition leaders, which further exacerbates risks to human rights.

Trade of privacy for business continuity

The total sum of the government measures coupled with the pressure imposed on tech sector players is continent-wide trade of privacy for business continuity by technology companies. This is commonly seen in state surveillance through electronic technologies, including interception of communications, hacking of information of target persons especially political dissidents, activists and human rights defenders. The tech sector has, however, not done enough to ensure that individual privacy is guaranteed for their customers. 

In a continent where strong privacy laws remain scanty, the increased usage of online platforms and social media in the absence of adequate safeguards and oversight over companies remains a critical risk for privacy rights. The enjoyment of human rights and freedoms, especially freedom of expression and  access to information, association, assembly and movement have sharply declined.

Recommendations

Addressing human rights risks in business models:

  • The commitment to respect human rights as envisaged by the UNGPs  should be integrated at all levels in the company hierarchy and embedded across all its functions and processes.
  • Companies should take steps to mitigate risks within their existing business models, and continuously innovate new business models that are rights-respecting.
  • There is a need for continued research to promote greater understanding of the human rights risks in technology business models on the continent. 
  • Multistakeholder engagement should be promoted as it is a critical avenue to promote shared understanding of the human rights risks and impacts of technology in Africa.

Human Rights Due Diligence and end-use

Companies should do the following:

  • Conduct due diligence to identify, prevent or mitigate risks of harmful impact on their business. The due diligence should be conducted from project design and development phase of new products, services and solutions, and thereafter periodically through the lifecycle including promotion, deployment, sale and use.
  • Assess and monitor the effectiveness of their responses to human rights risks, with results of

such assessments guiding decision-making.

  • Review their state clients’ human rights records and ensure they do not develop, sell or offer

them technology products, services or solutions that contribute to or result in adverse human

rights impacts.

Accountability and remedy 

  • Companies should be transparent and accountable in how they address their human rights impact. Such transparency and accountability can be enhanced through periodic reporting to external stakeholders including through public reports.
  • Create platforms and avenues for engagement, information sharing and feedback between technology companies and various stakeholders.  
  • Implement credible and effective complaints reporting and handling mechanisms.
  • Companies should put in place measures to monitor and promote rights-respecting and responsible business practices and culture, and to remedy and mitigate adverse impacts caused by their actions.

The State’s duty to protect

  • Put in place administrative, policy, legislative, institutions to hold technology companies accountable for human rights violations, provide effective remedies for victims of rights violations related to technology, require companies to conduct due diligence and to have proper safeguards to protect the public from harm.
  • Develop laws, policies, regulations, standards, and guidance, including at the regional level to embed and ensure responsible business practices by technology companies and greater respect for human rights in the digital context.
  • Take measures to promote the use and adoption of digital technologies and address the growing digital divide, including by removing barriers to internet access and digital technologies.

See the full submission here.