The ICT and electronics industry can contribute to realising several human rights and help achieve the vision laid out in the 2030 Agenda for Sustainable Development, as highlighted in a selection of projects from Global e-Sustainability Initiative (GeSI) member companies. The sector can create positive human rights impacts by offering solutions that, for example, enable remote access to learning, mobile banking and real-time information which can be crucial in emergency situations, including identifying the early onset of drought, enabling the mobilisation of response efforts before a situation reaches a crisis point. Social media platforms have contributed to greater transparency, participation, freedom of expression as well as the development and coordination of democratic movements worldwide. Indeed, the UN has produced a publication highlighting Why are ICTs important for Civil Society Organizations?
Over the last decade, the sector has come under increasing criticism for the production of short lifespan electronic goods with supply chains that are plagued by occupational safety and health concerns and other adverse labour-related impacts, including “an unsustainable cycle of low wages, human rights abuse, use of hazardous materials and ineffective and unsustainable recycling practices”. Moreover, certain applications of digital technologies have been shown to pose serious risks to human rights. For example, the activities of companies such as social media platforms, search engines and internet services providers have been linked to adverse impacts on the rights to privacy, freedom of expression, freedom of association, non-discrimination and even the right to life. The features of the large-scale use of digital technologies raise unique challenges for the protection and respect of human rights given the far-reaching scope of impacts and the relative lack of transparency in the development of certain technologies such as automated decision-making and artificial intelligence.
The UNGPs provide a strong normative basis to assess human rights impacts in this sector and develop concrete policy actions and measures to close protection gaps, as demonstrated in the Tech Sector and National Action Plans of Business and Human Rights developed by the Danish Institute for Human Rights and Global Partners Digital.
The rapid evolution of ICT technologies, supported by strong marketing and promotion campaigns linked to business strategies that aim to launch new high-end product every year, results in still fully functional products becoming prematurely obsolete, rapidly disposed of by consumers, and often subjected to informal recycling. New products demand more natural resources, many of which are “conflict minerals” sourced from conflict-affected areas, with revenues often fuelling armed conflict, as highlighted in Frank Poulsen’s documentary “Blood in your mobile”.
The high-tech electronics sector is characterised by a complex, non-transparent global value chain, which often begins in developing countries like the Democratic Republic of Congo, where raw materials are sourced. These are later processed in other developing countries, such as Malaysia [M. van der Velden, 2017]. The final products are then manufactured in countries like China and Vietnam, and subsequently sold across the globe. Recycling of products is also done in developing countries, such as Ghana or Nigeria (according to ILO, The global impact of e-waste: Addressing the challenge, 2012), 80% of e-waste ends up, often illegally, in developing countries), where unsustainable disposal and recycling of e-waste results in serious environmental, health and social impacts. [M. van der Velden, 2017].
According to the UN Guiding Principles, ICT companies have a responsibility to respect human rights by conducting human rights due diligence to ensure they do not cause, contribute or are linked to potential or actual adverse human rights impacts as articulated in the European Commission’s ICT Sector Guide on Implementing the UN Guiding Principles on Business and Human Rights.
Other adverse hu man rights impacts associated to ICT include threats against the right to privacy [e.g. Microsoft case] and freedom of expression, with some states imposing unjustified restrictions on the Internet or social media accounts. In certain extremes, states have been known to enforce network shutdowns during public protests, or track protesters based on their phones geolocations [see e.g. Ch. Williams, How Egypt shut down the Internet, The Telegraph, 28.1.2011]. There is a whole section of the industry linked to autocratic governments by making products that enable “the filtering and blocking of online content” and providing “tools that help governments spy on their citizens” [Human Rights and Technology Sales, p. 2].
Direct or indirect discrimination by algorithms using big data is increasingly considered as one of the most pressing challenges of the use of new technologies. In addition to the problematic use of data in reinforcing bias against groups, low quality data is leading to poor predictions and discrimination. [Privacy International]. Research shows Artificial Intelligence (AI) algorithms allegedly recreate racial & gender bias, and systems that are used for targeted online advertising often discriminate based on race and gender. [Business and Human Rights Resource Centre].
Coupled with automated decision-making, profiling is being used to make or inform on decisions involving credit scoring, hiring, policing and national security. In 2016, IBM launched a tool that would help governments separate “real asylum seekers” from potential terrorists by assigning each refugee a score that would assess their likelihood to be an imposter. Through profiling, highly sensitive details can be inferred or predicted from seemingly uninteresting data, leading to detailed and comprehensive profiles that may or may not be accurate or fair. [Data is Power: Profiling and Automated Decision-Making in GDPR, pp.3-4].
Governments have also been accused of using malware to spy on journalists and human rights defenders. In 2017, the New York Times reported that some of Mexico’s most prominent human rights defenders, journalists and anti-corruption activists were targeted by spyware created by the Israeli cyber arms dealer, NSO Group. The Pegasus software sold to the Mexican government is capable of infiltrating smartphones to monitor calls, texts, email, contacts and calendars. The use of this spyware has also been reportedly used to advance business interests in Mexico, where vocal proponents of Mexico’s 2014 soda tax were also targeted.
A more recent phenomenon is the use of psychometrics to analyse big data collected through various media platforms, including Facebook and Twitter, to influence the behaviour of voters and the outcome of elections. For example, the mission of the Strategic Communication Laboratories (SCL) company is to influence elections by providing marketing based on psychological modelling. In 2013, SCL created a new company, Cambridge Analytica, to influence the Brexit vote and US elections. The misuse of big data to shape the outcome of elections not only has adverse impacts on civil and political rights, but also on a broad range of economic, social and cultural rights, which may be affected by the decisions of elected officials.
To address some of these issues, ICT companies have joined efforts within initiatives like the Global Network Initiative, Responsible Business Alliance and Global e-Sustainability Initiative to develop common approaches, tools and standards and share good practices and lessons. Given the pressure from consumers, NGOs and investors [See e.g. SMART Project that looks into supply chain of mobiles], various initiatives and organizations, e.g. European Association of Electrical and Electronic Waste Take Back Systems (WEEE Forum) or Electronics Watch, now support companies in tackling various aspects of their supply and value chains. KnowTheChain has benchmarked 20 ICT companies on their efforts to eradicate forced labour from their global supply chains.
Governments are also undertaking efforts that aim to improve sustainability and transparency of the ICT and electronics value chains and prevent human rights abuses. Very noticeable is the trend to regulate this sphere, with some of the best known regulatory efforts including the 2010 US Dodd-Frank Act, Section 1502, “which aims to disrupt the trade in conflict minerals from Congo with a law that requires companies publicly listed in US to determine whether their purchases of 3TGs were inadvertently funding armed groups in the DRC” [Ethical Consumer, Conflict Minerals, October 2016], and the Regulation 2017/821 of the European Parliament and of the Council of 17 May 2017 laying down supply chain due diligence obligations for Union importers of tin, tantalum and tungsten, their ores, and gold originating from conflict-affected and high-risk areas. The Freedom Online Coalition is a partnership of 30 governments working to advance Internet freedom including through coordination of diplomatic efforts and engaging with civil society and the private sector to support Internet freedom – free expression, association, assembly, and privacy online – worldwide.
According to the Addis Ababa Agenda for Action (AAAA), the creation, development and diffusion of new innovations and technologies and associated know-how, including the transfer of technology on mutually agreed terms, are powerful drivers of economic growth and sustainable development (para. 114). Technology thus constitutes one of the major pillars of the Means of Implementation of the 2030 Agenda. SDG 17 contains three Targets ( SDG 17.6, 17.7 and 17.8) outlining a number of key means of developing, transferring and disseminating technology, and technological innovation, as well as enhancing international cooperation on STI for the achievement of the SDGs. ICT specifically is also referred to in additional SDG targets spanning across SDGs 4, 5 and 9 among others.
In order to facilitate the achievement of the SDG Targets that relate to ICT, and more broadly STI, and to ensure its development, use and application where necessary in the achievement of the Agenda as a whole, the 2030 Agenda for Sustainable Development and the AAAA establish the basis for a “Technology Facilitation Mechanism” (TFM) in order to support the implementation of the Sustainable Development Goals (SDGs) (AAAA, para. 123) The TFM facilitates multi-stakeholder collaboration and partnerships through the sharing of information, experiences, best practices and policy advice among Member States, civil society, the private sector, the scientific community, United Nations entities and other stakeholders.
4) Quality Education
5) Gender Equality
9) Industry, Innovation and Infrastructure
17) Partnerships For The Goals
What National Action Plans say on ICT & electronics sector
The Belgian NAP does not contain a direct reference to ICT & electronics sector.
Chile’s NAP makes no reference to the ICT and electronics sector.
VIII. FUNDAMENTAL PILLARS
i. Fundamental Pillar 2: The duty of business to respect human rights
Strand 1[Eje nº 1]: Provide companies with the tools to fulfil their responsibility to respect human rights
- The Ministry of Telecommunications [Mintic] will elaborate the “Guide on Human Rights and Business: A document on the application of human rights and business principles” for the specific context of the Information and Telecommunications Technologies (ICT) sector.
iii. Fundamental Pillar 3: Access to remedy mechanisms
Strand 2 [Eje nº 2]: Access to non-judicial remedy mechanisms
- The SIC [Superintendencia de Industria y Comercio] will identify in telecommunications companies in Colombia which mechanisms are in place to guarantee due process in relation to the rights of petition presented by customers or citizens, within the operational framework.
- The SIC [Superintendencia de Industria y Comercio] will identify the actions or strategies of telecommunications companies in Colombia to address or remedy the actual and potential negative consequences of their operation.
Accessibility of the courts [page 48-49]
“Sensitively and coherently used technology could play a major role in freeing the hands of the courts. Just like any other area of human activity, the judiciary could benefit from the advantages delivered by advanced technology. Numerous countries around the world are conducting studies and drawing up strategies on how to use such technology efficiently in the work of the judiciary. [For example, in 2017 the UK Ministry of Justice organised a competition for innovators and programmers to develop tools that would support the online judiciary.] These are tools that could be put to good use in the process of adjudication on the one hand (facilitating the taking of evidence, enabling hearings to be held without the physical presence of all persons) and in the paperwork and state administration of the courts on the other (file computerisation and automation). The technology must be used in such a way that it does not place an extra burden on the courts, and must be accompanied by the thorough induction training of court staff. Likewise, it must not reduce in any way the availability of or access to the courts and judicial protection.”
The Danish NAP makes no explicit reference to ICT.
2 The state and companies
2.2 The State and the protection of privacy [page 23]
“As a follow-up measure, the working group proposes that
- a roundtable discussion be organised on how to ensure the protection of privacy in Finland with the authorities, ICT companies and the civil society.
Principal responsible party: Ministry of Transport and Communications, autumn 2014.”
I- The State’s Obligation to Protect Human Rights
Examples of Responsible Practices Abroad [page 36]
- The Swiss Federal Council has introduced a major amendment to its export licensing legislation in order to ensure surveillance technologies that might be used for human rights abuses are not exported from Switzerland. Following this amendment, Swiss authorities must reject companies’ requests to export surveillance technologies if there “are reasonable grounds to believe” that the items could be used for repression in the country of destination: https://www.privacyinternational.org/node/589
II- Businesses’ Responsibility to Respect Human Rights
3. Risk Analysis and Impact Assessment
Practical Tools Addressing Specific Issues
At the European Level [page 42]
- The European Commission’s guides for three economic activities: … information and communications technologies.
There is no mention of information and communications technology (ICT) and the electronics sector in the Business and Human Rights Chapter of the Georgian Human Rights NAP.
The German NAP makes no reference to ICT.
The Irish NAP makes no direct reference to the ICT sector.
Section 2: Current legislative and Regulatory Framework
Data Protection [page 14]
“Owing to the significant number of multinational tech companies based in Ireland, Ireland’s Data Protection Commissioner has responsibility for oversight of a large amount of data and has been involved in some high profile cases. The Government is committed to supporting the Data Commissioner in their role and, over recent years, has provided a fourfold increase in the funding for the work of the Commission.”
I. Guidelines and general principles
“(…) the second Italian NAP-BHR intends to strengthen the application of the UNGPs through a series of complementary measures, referring in particular to the following guidelines:
– the need to study in depth innovative issues related to technological development and artificial intelligence – also in relation to the Declaration of Rights in the Internet adopted by the Italian Parliament on 31 July 2015, in order to highlight their possible impact on the enjoyment of human rights, as well as an adequate action of corporate Due Diligence, and further innovative issues related to activities promoted by cultural companies with an important impact on the promotion of human rights” (p. 7)
c) National Priorities
“4. A collective awareness of the impact that new technologies, especially artificial intelligence, could have on the enjoyment of human rights, while paying attention to the promotion of corporate due diligence processes on human rights within the activities of those companies involved in research and development of new technologies” (p. 11)
IV. Italian ongoing activities and future commitments
“Regarding gender leadership issues, the Task Force “Women for a New Renaissance”, established by the Ministry of Equal Opportunities and Family in 2020 to address the impact of Covid-19 on gender issues has produced a Final Report, based on quantitative data and qualitative scientific information on the impact of the pandemic in different sectors. Among the Task Force’s multiple proposals there are those ones targeted to:
– overcoming barriers to advancement in career paths, particularly in the fastest growing fields (STEM, computer science, cloud computing, data and artificial intelligence)” (p. 29)
ANNEX 1 – Accountability Grid and Assessment Tools for the Implementation of the NAP
“23. Monitor the application of artificial intelligence in the workplace (e.g. recruitment mechanisms) for the purpose of assessing impact on human rights in terms of inclusion and non-discrimination.” (p. 65)
“48. Disseminate principles adopted in relation to emerging technologies such as artificial intelligence for human rights compliance with a Due Diligence approach.” (p. 68)
Chapter 2. Action Plan
2. Areas of the NAP
(1) Cross-Cutting Areas
C. Human Rights Associated with the Development of New Technologies
(Existing framework/Measures taken ）
In terms of the development of artificial intelligence (AI), a Council for Social Principles of Human-centric AI was established for the purpose of considering the basic principles for implementing and sharing AI in society in a better way under the AI Strategy Expert Meeting for Strength and Promotion of Innovation. As a result of the review by the Council, the Social Principles of Human-centric AI, which comprise three basic values and seven principles were established in March 2019.
(Future measures planned）
(a）Address online defamation and privacy infringement, including hate speech
- Continue efforts such as requesting providers to delete abusive information in case human rights violations, including defamation and privacy infringement on the Internet, are observed. [Ministry of Internal Affairs and Communications, Ministry of Justice]
(b） Promote discussion on the use of AI from the perspective of protection of human rights
- Continue efforts to promote establishment of the Social Principles of Human-centric AI, including the perspective of respecting human rights, to ensure acceptance and appropriate use of AI in society. [All Ministries]
(c）Promote discussion on the use of AI from the perspective of protection of privacy
- Continue efforts to promote discussion regarding the use of AI and privacy protection at international conferences and other occasions. [Personal Information Protection Commission; Ministry of Economy, Trade and Industry]
The Kenya NAP makes no reference to Information and communications technology (ICT) and electronics sector.
Objective 2: promoting corporate responsibility and respect in the field of business and human rights
A. Implemented and on-going measures for the development of CSR in Lithuania [page 6]
3. “The application of CRS principles to the state-owned enterprises … To this end, since 2010, actions were taken to restructure SOEs with a particular focus on corporate transparency and social responsibility. SOEs provide important public services as regards energy, water supply, public transport, electronic communications, health, education, social services and others.”
Part II: Specific objectives of the National Action Plan 2020-2022
1. The state duty to protect human rights
1.15. Protection of human rights in business in the context of new information and communication technologies (ICT), including artificial intelligence (AI)
One of the risk sectors recognised in the NAP2 is the new information and communication technologies, including artificial intelligence. This sector is developing very rapidly worldwide in the context of increasing digitalisation.
In his report to the UN General Assembly in 2018, Mr David Kaye, UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, analysed the topic of artificial intelligence (AI) in more detail. Within this framework, each State is obliged to uphold human rights, including the right to freedom of opinion, freedom of expression and access to information, the right to privacy, the obligation of non-discrimination and the right to an effective remedy.
In Europe, the General Data Protection Regulation (GDPR) has been the main legal instrument regulating the collection and use of data since its introduction in 2018. In Luxembourg, the supervisory authority is the Data Protection National Commission (CNPD) [Commission nationale pour la protection des données].
|Objectively verifiable indicators||× GDPR|
|Verification sources||× European legislation and institutions
× CNPD [Commission nationale pour la protection des données] – UEL [Union des Entreprises Luxembourgeoises] / INDR [Institut National pour le Développement durat et la Responsabilité sociale des entreprises]
|Expected results||× Regular consultations with the CNPD [Commission nationale pour la protection des données]
× Increased understanding and awareness of the link between human rights and ICT, including AI
|Implementation timeline||Duration of NAP 2|
|Means of implementation||× CNPD [Commission nationale pour la protection des données]
× UEL [Union des Entreprises Luxembourgeoises] / INDR [Institut National pour le Développement durat et la Responsabilité sociale des entreprises]
× Civil Society, including ALNU [Association Luxembourgeoise Pour les Nations Unies]
The 2020-22 NAP states the second edition of the National Action Plan complements the first NAP. Additional information about the first NAP can be found here.
‘The Mexico NAP does not explicitly address this issue’
The Dutch NAP makes a very brief reference to the ICT and electronics sector.
3.3 Clarifying due diligence
Raising companies’ awareness [page 22]
“It is essential for companies to have access to all available information on due diligence. The European Commission has published human rights guidance for three business sectors: ICT companies, oil and gas companies and employment and recruitment agencies.”
The Norwegian NAP makes no explicit reference to ICT.
Pakistan’s NAP does not explicitly address this issue.
2017-2020 NATIONAL ACTION PLAN
Pillar I: The state’s duty to protect human rights
5. Planned changes in national legislation
Rules governing the liability of Internet intermediaries for hate speech and violation of freedom of speech [page 26]:
The Ministry of Digital Affairs plans to draft a regulation to counteract restrictions on the freedom of speech, on the one hand, and to block illegal content on the Internet, on the other. Legislative work is being carried out that clarifies the procedure for notice and takedown of the illegal content online, as well as strengthens legal safeguards for freedom of speech in the activities of electronic service providers. These efforts address i.a. issues related to hate speech or incitement to violence, as well as the use of unauthorised technical restrictions on freedom of speech in social media.
2021-2024 NATIONAL ACTION PLAN
7. Ministry of the Interior and Administration
Improving the effectiveness of combating cybercrime, including hate speech or incitement to violence on the Internet
The Slovenian NAP makes no reference to the ICT sector.
South Korea’s NAP makes no reference to information and communications technology (ICT) and electronics.
Spain’s NAP makes no reference to the ICT and electronics sector.
Annex: Measures taken [page 22]
The State as actor
- “Internet freedom and privacy are among the great global issues of the future. It is fundamental for Sweden that the human rights that apply offline also apply online. Sweden has taken initiatives to strengthen the dialogue with business on internet freedom. As a result of a Swedish initiative, the OECD Guidelines for Multinational Enterprises now call on companies to support human rights on the internet. In addition, Sweden was part of the group of countries that tabled resolutions on internet freedom in the UN Human Rights Council in 2012 and 2014. These resolutions were adopted unanimously. The Stockholm Internet Forum organised by Sweden in 2012, 2013 and 2014 has focused entirely on issues of internet freedom”
Annex: Links [page 30]
“The European Commission has produced a guide to human rights for small and mediumsized enterprises in Swedish, based on the UN Guiding Principles for Business and Human Rights. The Commission has also developed industry-specific guides for extractive industries (oil and gas), temporary-work agencies and the ICT sector. These are available on the Commission website: www.ec.europa.eu”
2 National Action Plan on Business and Human Rights 2020-23
2.1 Pillar 1: state duty to protect
2.1.2 Operational principles: legislative and information policy measures
Guiding Principles 1 to 3
Measure 1: Rules on the export of war material and technologies for internet surveillance
The export or brokerage of technologies for internet and mobile communication surveillance is governed by the Ordonnance sur l’exportation et le courtage de biens destinés à la surveillance d’Internet et des communications mobiles (Ordinance on the export and brokerage of technologies for internet and mobile communications surveillance). A licence to export or to broker such goods must be refused if there is reason to believe that the exported or brokered good will be used by the final recipient as a means of repression.
|Implement legal provisions on the transfer of controlled goods with a view to ensuring that international law and, in particular, human rights are respected.||
Report on Federal Council activities to the parliamentary Control Committees detailing exports of war material, and the foreign economic policy report that includes an appendix listing all goods exported under the Goods Control Act.
|EAER [Federal Department of Economic Affairs, Education and Research]|
Guiding Principle 10
Measure 21: Support for UN bodies in charge of promoting the UN Guiding Principles
The federal government will continue to lend political and financial support to the UN Working Group, the Office of the UN High Commissioner for Human Rights and the annual UN Forum on Business and Human Rights in Geneva. It will work with these bodies on several projects that:
– establish authoritative guidelines on the application of UN Guiding Principles to fundamental issues in connection with the development, use and governance of digital technologies;
III. The State duty to protect human rights
C. Actions planned
- Continue promoting international human rights dialogue and cooperation (page 9)
‘In the area of digital human rights, as talks with the European Union regarding a GDPR adequacy decision for Taiwan move forward, we will move methodically toward the establishment of an agency tasked with responsibility for promoting the protection of personal information.’
This information is also covered under Appendix 4: Overview of the implementation of the state duty to protect and the access to remedy, The state duty to protect, UNGP9, Actions planned (page 49-50).
Appendix 2: Concrete actions taken by Taiwan to ensure respect by businesses for human right
- In order to strengthen enterprises’ CSR implementation and enhance human rights awareness, the Taiwanese government and civil society have implemented a number of support measures, including the following:
‘The Secure Online Shopping Association put forward a “Good 34 E-Commerce Code of Conduct.” The code’s purpose is to establish a self-regulated, orderly, fair, efficient, clear, and safe e-commerce environment that will ensure consumer rights and interests and build consumer confidence in e-commerce. The effort is also designed to promote the sound development of e-commerce, and seeks to optimize the welfare of both e-commerce operators and consumers.
Taiwan’s Asustek Computer, Acer Corporation, Hon Hai Technology, HTC, and TSMC are all members of the Responsible Business Alliance and follow the “Responsible Business Alliance Code of Conduct” to strengthen the management of supply chains.
Asustek, Acer, HTC, and TSMC are also members of the Responsible Minerals Initiative, which helps firms manage issues related to conflict minerals. This includes assistance in due diligence efforts.’
This information is also covered under Appendix 4: Overview of the implementation of the state duty to protect and the access to remedy, The state duty to protect, UNGP7, Actions taken (page 46).
The Thai NAP does not make an explicit reference to information and communications technology (ICT) & electronics sector.
CHAPTER THREE: SITUATIONAL ANALYSIS
3.6 Consumer Protection
The current policy, legal and regulatory framework related to promo on of fair competition and consumer protection is fragmented. A number of sub-sectors have policies and laws that govern the promo on of competition and consumer protection. These include; … telecommunications; electricity generation and distribution; petroleum extraction, development and distribution; Information and Communications Technology.
It is important to note that a Consumer protection and Competition Act was submitted to parliament in 2015, however, it has not yet been passed. In a number of major sub-sectors of the economy, it is evident that there is need for improved consumer protection. The areas include;
- The Information and technology sub-sector; aggrieved consumers have to follow a court procedure which is a lengthy process in addressing consumer complaints. Moreover, the laws do not provide for a clear consumer rights and awareness mechanism.
The UK 2013 NAP provides in relation to New Actions planned [page 11]:
“The Government will do the following to reinforce its implementation of its commitments under Pillar 1 of the UNGPs:
(v) In line with the UK Cyber Exports Strategy, develop guidance to address the risks posed by exports of information and communications technology that are not subject to export control but which might have impacts on human rights including freedom of expression on line.”
The UK 2013 NAP states in relation to Further actions planned that [page 15]:
(ii) encourage trade associations/sector groupings of companies to develop guidance relevant to their members’ sector of activity on developing human rights policies and processes, including due diligence. There is generic guidance online about doing this e.g. at the Business & Human Rights Resource Centre. Some sector-specific guidance also exists, for example the International Council on Mining and Metals has produced a guide for mining companies on human rights due diligence. The European Commission has created guidance on the information communications technology (ICT), oil and gas and employment and recruitment sectors; http://ec.europa.eu/enterprise/policies/sustainable-business/corporate-social-responsibility/human-rights/index”
The UK 2016 Updated NAP also makes a reference to ICT in the section discussing Actions taken [page 9]:
“To give effect to the UN Guiding Principles, the Government has: (…) strengthened international rules relating to digital surveillance, including leading work in the Wassenaar Arrangement to adopt new controls on specific technologies of concern. Specifically, new controls were agreed on: – equipment and software for creating and delivering “intrusion software” designed to be covertly installed on devices to extract data. – “internet surveillance systems” which can monitor and analyse internet traffic and extract information about individuals and their communications.”
The UK 2016 Updated NAP refers to ICT in the section Cyber Export Guidance [page 18]:
“The expansion of ‘cyber space’ has brought huge economic and social benefits. However, it also poses risks and new opportunities for hackers, criminals and terrorists. To help mitigate these risks, companies have developed security products and services which defend networks from malicious activity. In many countries, such as the UK, these products are used legitimately, including by law enforcement authorities, in accordance with domestic and international law obligations. However, in some countries which do not adhere to their international human rights obligations, there is a risk that the same products are used in ways that could breach state’s legal obligations, e.g. to restrict freedom of expression or to contribute to internal repression. Normally, exports that could cause harm, such as arms, are covered by the export licensing regime. However, many cyber capabilities, products and services are not listed. This problem was recognized by the Cyber Growth Partnership a joint body representing industry, academia and government. The FCO worked with techUK, a technology trade association, and the Institute for Human Rights and Business to produce practical guidance for companies on managing human rights risks. “Assessing Cyber Security Export Risks: Human Rights and National Security” was published in November 2014. It is the first guidance for this sector in the world, and sets out:
- the different sorts of potential harm associated with particular cyber capabilities;
- a process to help companies assess country specific risks and to evaluate business partners and re-sellers; and
- potential mitigation options for avoiding or reducing risks.”
Outcome 4.1: Recognize RBC Best Practices
New Actions [page 22]
“Modernize the Secretary of State’s Award for Corporate Excellence (ACE): For 17 years the ACE has recognized the best of U.S. business conduct abroad. Until recently, the ACE focused principally on corporate philanthropy rather than a company’s efforts to ensure that its core business is conducted responsibly. In 2015, the ACE was given out in distinct categories for the first time, designed to align with RBC international best practices. Partly as a result of these updates, the ACE ceremony received unprecedented global participation, with a 470 percent increase in Twitter activity, articles in Voice of America and the Huffington Post, and a 100 percent increase in ceremony viewership online. For 2016, the ACE will continue its focus on highlighting RBC best practices, and will be awarded for transparent operations, inclusive hiring, sustainable oceans management, and small or medium enterprises.” – Implementing Department or Agency: State