Human Rights Due Diligence (HRDD) is emerging as a key practice in tech company conduct, civil society guidance, and government regulation. Having contributed to this trend over the last 15 years through its guidance and company assessments, the Global Network Initiative (GNI) focused its Annual Learning Forum in Brussels, on October 25, 2023, on how emerging HRDD approaches can build on and be synchronized around lessons learned under existing business and human rights frameworks. The Forum brought together leading experts from academia, civil society, the tech industry, and governments. It provided an opportunity for GNI to share insights into its approach to HRDD and tech company assessment.
The Forum began with introductory remarks by the GNI’s Independent Chair, David Kaye, former UN Special Rapporteur on freedom of opinion and expression, who stressed that when governments place demands on companies, they ultimately place demands upon users and their freedom of expression and privacy. He spoke of GNI’s commitment to protecting the rights of those users by guiding and reviewing company conduct, building trust across stakeholders, and engaging in advocacy with governments.
GNI’s Senior Operations and Policy Associate, Idan Ben Yakir, continued this introduction with a participatory demonstration involving a fictitious government pressuring an imaginary telecommunications company in a civil unrest scenario. The exercise highlighted how the GNI Principles on Freedom of Expression and Privacy, together with the more detailed Implementation Guidelines, guide member companies in responding to government demands, pressures, and restrictions. These principles, drawn from international human rights law and grounded in the UN Guiding Principles on Business and Human Rights, include concrete guidance on methods for protecting freedom of expression and privacy through responsible company decision-making supported by multi-stakeholder collaboration.
Panel 1: Lessons from GNI Assessments for Emerging Regulatory Developments Around Mandatory Due Diligence and Corporate Accountability
Following this exercise, GNI Executive Director, Jason Pielemeier, moderated a discussion about mandatory due diligence and corporate accountability. Panelists for this discussion included Thierry Taboy, a GNI Board member and Head of Human Rights at French Telecom company Orange; Annette Fergusson, founder and Co-Director at Threefold Sustainability, a corporate social responsibility consultancy and accredited GNI assessor; Usama Khilji, a GNI Board alternate and Executive Director at Bolo Bhi, a Pakistani digital rights organization; Cathrine Bloch-Veiberg, Chief Adviser, Human Rights, Tech and Business at the Danish Institute for Human Rights; and Mathias Vermeulen, Public Policy Director at the law firm AWO.
The panel explored how mandatory corporate accountability and due diligence requirements can build on and support existing good practices and how different actors are approaching challenges and opportunities related to compliance.
Cathrine began by describing the progression of corporate responsibility since the 1970s. Over this period, there has been a shift toward more globalization and regulation in the ICT sector. She spoke about the role of the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights (UNGPs), Catherine noted challenges related to the failure to clearly cross-reference these frameworks, the inconsistent use of relevant language, and the lack of clarity regarding application and enforcement.
Jason turned next to Mathias and asked for his thoughts on the use of “risk assessments” under the Digital Services Act (DSA) and how it relates to related transparency, audit, and remedy provisions. Mathias gave a short primer on risk assessments as described in the DSA, commending its focus on the concept of “systemic risks.” Once risk assessment is completed, covered companies will be required to develop risk-mitigating measures, which together with other obligations in the DSA, will then need to be audited by independent auditors. Overall, Mathias expressed his optimism about the DSA and the future landscape of human rights frameworks in the tech sector.
Given her experience in a large ICT company as well as being an accredited GNI assessor, Jason asked Annette to shed light on challenges and opportunities that could emerge as we move from a voluntary to a mandatory approach to HRDD. Annette explained that given the similarities between the DSA and the CSDDD and the responsibilities articulated in the OECD Guidelines and UNGPs, companies who have already been voluntarily complying with human rights due diligence recommendations will be well-positioned to demonstrate compliance and continue leading in this new legal landscape. She also expressed her hope that the DSA will also bring up the floor for companies that have not implemented due diligence practices in the past. Annette noted that going forward, human rights due diligence in this sector will need to be dynamic and able to respond quickly to new complications related to technological change.
Given Orange’s experience going through multiple GNI assessments, Jason asked Thierry to talk about how those assessments helped position the company to comply with the French Corporate Duty of Vigilance Law (HRDD) and vice-versa. Thierry provided background on the involvement of French apparel companies in the infamous Rana Plaza factory fire, which helped lead to the Loi de Vigilance in 2017. He spoke about how the law has made France a leader in the mandatory due diligence space while noting that this is a foundation that can be built upon further. With respect to Orange’s experience, Thierry noted that the company’s participation in and assessment through GNI helped them prepare for complying with the Duty of Vigilance law and that compliance, in turn, reinforced relevant aspects of the company’s implementation of the GNI framework. He stressed that it is important for companies to not see HRDD simply as a matter of legal compliance, but rather as part of broader efforts to build trust and confidence with users and governments around the world.
Finally, Usama was asked to elaborate on what opportunities and challenges large, global tech companies face in majority world contexts when they are required to comply with these new legal frameworks. He began by sharing his thoughts on how instrumental the GNI assessment process has been in the tech sector, as well as some of the risks that regulatory proposals in Europe pose to the rest of the world. One risk is that companies will focus too much on their actions in Europe, which could lead to a lack of focus in other jurisdictions. Another concern is the way other countries may attempt to replicate European approaches without sufficient resources or safeguards, or – more cynically – to diminish freedom of expression and privacy in their own countries.
Panel 2: Contextualizing and Understanding the Impacts of European Regulation on the Rest of the World
The Secretary-General and Director of CDT Europe, Iverna McGowan, moderated the Forum’s second panel, which discussed the impact that European legislation in the tech sector has on the rest of the world. Panelists for this discussion included Gabrielle Guillemin, Human Rights Policy Manager at Meta; Owen Bennett, International Online Safety Principal at UK regulator, Ofcom; Eduardo Bertoni, Independent Academic member of the GNI Board and former Argentine Data Protection Authority; GNI Board member, Lillian Nalwoga, from Collaboration on International ICT Policy for East and Southern Africa (CIPESA), an ICT-focused non-profit from Uganda; and Konstantinos Komitis, a non-resident fellow at the Atlantic Council’s DFRLab and Senior Policy Adviser to GNI.
Iverna started by asking Gabrielle how companies like Meta are approaching compliance with laws like the DSA. Gabrielle highlighted how Meta is adapting to the implementation. She described implementing the DSA as a learning experience for companies, as they try to unpack and figure out how to comply with legal obligations while ensuring the protection of the human rights of users. She went on to note her hope to see guidance from DSA regulators on critical topics like HRDD and risk assessments.
Given that the discussion had focused until this point mostly on EU legislation, Iverna asked Owen to bring the audience up to speed on the UK Online Safety Bill (UKOSB) and Ofcom’s approach to regulatory compliance as a regulator. Owen began by prefacing the UKOSB, its purpose, and where it stands. He then went on to highlight Ofcom’s regulatory strategy, which consists of four steps: providing resources for compliance, driving improvement, assuring compliance, and providing trust and transparency. He also underscored the utility of the GNI framework in understanding and implementing risk assessment processes.
Given his breadth of experience in a variety of roles, Iverna turned to Eduardo and asked him about the opportunities and challenges that emerge in global majority contexts as a result of regulations emerging from the EU and other countries. Eduardo presented the lessons he learned during his time as Director of the Argentine Data Protection Authority, at a time when the EU’s General Data Protection Regulation began influencing global debates around the regulation of data. He noted that the Brussels effect not only occurs through the transposition of views but also contributes to political pressure to regulate in other countries. He further stressed that the global impact of EU regulations will depend on the extent to which they are seen as legitimate and useful to a broad range of actors.
Iverna then asked Lillian to chime in on how the move to regulate ICTs using such “global laws” is resonating in Africa. Lillian also noted that the Brussels effect of the GDPR has had some positive impacts in African countries while pointing out that some countries have also used it to expand surveillance and mandate data localization. She closed by cautioning against the potential impacts that copying and pasting what European countries are doing into countries with less independent regulators and judiciaries.
Finally, to tie up the panel, Iverna asked Konstantinos to give an overarching picture of what is happening right now in global internet governance and what’s shaping the landscape. Konstantinos explained how Europe is seen as the leader of global regulatory efforts in the ICT sector, and how the international community is increasingly not in a place where it can collaborate to fix issues with the Internet. He stressed that Europe, the United States, and China will all have different approaches to regulating the Internet, as they all attempt to legitimize their visions of the Internet and its regulation.
Fireside Chat
This Forum concluded with a discussion between GNI Board Vice Chair Agustina Del Campo, the Executive Director of the Center for Free Expression Studies at the University of Palermo in Argentina, and Menno Cox, Head of Sector for the global aspects of digital services at the Directorate General for Communications Networks, Content and Technology (DG CNECT) of the European Commission. Agustina asked Menno to give the audience some context on the Commission’s ongoing efforts toward implementation of the DSA. Menno emphasized the importance of getting the regulatory framework for digital services right not just within the European Union, but also around the world given that the DSA is a global regulation.
Menno spoke about transparency mandates under the DSA, which are leading to the standardization of reporting and creating insights into company practice that can be useful to all stakeholders. He also touched upon the dual role of the Commission in both operationalizing the DSA in terms of procedures and playing the very nuanced role of a regulator. He acknowledged that the implementation is going to be cyclical, noting that it will take time and iteration to get to a place where the effectiveness of the DSA’s many measures are truly realized.
Agustina then asked Menno to speak a bit about disclosure requirements. Menno spoke about the importance of making sure companies know what to do, and to appropriately judge the mitigation measures to protect societal risks from issues like disinformation with an expectation of compliance and improvements over time. Upon being asked about the implications of the DSA outside of Europe, Menno explained how collective resilience can be built using the audit requirements and provisions for researcher access to data. He mentioned that the Commission is building capacity to handle researcher access requests and that they hope to benefit from inputs from researchers from around the world. Responding to Agustina’s question on where existing conventions and systems fit in the landscape, Menno affirmed that international human rights principles and the GNI framework are all helpful in building a coherent ecosystem that raises the bar of accountability. He urged global stakeholders and users to engage and keep companies accountable by supporting these frameworks and realizing the potential of the DSA.
Watch the event recording: