2017 Corporate Accountability Index Reveals Inadequate Company Disclosure

“There is tremendous room for improvement by all companies,” said Rebecca MacKinnon, director of the Ranking Digital Rights (RDR) project. MacKinnon was speaking at an event at New America’s Open Technology Institute on March 23 to launch the 2017 Corporate Accountability Index. There was a simultaneous event at CEU’s Center for Media, Data and Society during which RDR team members Amy Brouillette, Lisa Gutermuth, Ilana Ullman, and Nathalie Maréchal discussed the index’s methodology and key findings.

The Corporate Accountability Index ranks 22 telecommunications, internet, and mobile companies that were selected because, MacKinnon explained, “they collectively touch the lives of most internet users.” The companies were assessed according to their disclosed commitments and policies related to users’ freedom of expression and privacy.

There have been some significant changes since 2015 when RDR announced its first Corporate Accountability Index such as an increase in the number of companies that were reviewed (from 16 to 22); the addition of new indicators, focusing on company disclosures related to issues such as network shutdowns and data breaches; and the inclusion of “mobile ecosystems” (Apple’s iOS, Google Android, and Samsung Android).

The evaluation of companies’ policies is a complicated process that takes place over an extended period of time during which companies are given the opportunity to review and comment on RDR’s preliminary findings. Brouillette explained that some companies actively engage in the process providing detailed feedback and comments.

One of the challenges for RDR is the fact that companies operate in very different regulatory environments. Ullman noted that RDR measures all companies according to international human rights indices, but that it recognizes that companies have to abide by national regulations, which may not be consistent with these standards. She pointed out, however, that the 2017 Index includes two companies from both Russia and China and that there were significant differences between them in certain areas. She noted, for example, that they offer very different levels of disclosure indicating that companies can do more than they are currently doing – even in restrictive legal contexts.

Some of the more interesting findings relate to the fact that some companies do a better job of disclosing what they actually do than others. Apple, for example, ranked seventh among the 12 internet and mobile companies evaluated, despite the company’s strong public commitment to users’ privacy rights. “If Apple disclosed what its CEO and top executives do and say at conferences and other public events,” said Maréchal, “it would easily beat out Google on privacy.” Another surprise was how well Kakao ranked – coming ahead of companies such as Twitter, Apple, and Samsung. “Kakao has some very good practices and got some high scores,” noted MacKinnon. She pointed out that this demonstrated that “best practice is not necessarily found in the west.”

RDR issued a number of recommendations to both companies and governments to ensure that human rights are protected in the digital age. It stressed the importance of companies institutionalizing their commitments to users’ rights; of being transparent about the circumstances in which it would restrict access to information; and that they make a strong and credible public commitment to security.

“We assume that companies should contribute to building a sustainable physical environment,” said MacKinnon. “We want them also to contribute to a sustainable digital environment – one in which we want to live and in which our rights are respected.”