Global Network Initiative

From P2P Foundation
Jump to: navigation, search



Rebecca McKinnon:

"On that website you'll be able to read the full text of the Principles on free expression and privacy. A group of companies, human rights organizations, socially responsible investment funds, academics, and free speech groups spent the last two-plus years reaching agreement on what should go into that document. There will also be a Governance Charter and a set of Implementation Guidelines giving more detail on how companies should adhere to the core principles. There will be an FAQ, list of participants, and contact people for the organizations that have joined the Global Network Initiative so far. The hope is that many more companies, NGOs, investment funds, and academic institutions around the world will join in the coming months."


Commentary and analysis by privacy expert Michael Zimmer:


The list of participants includes the usual suspects in initiatives like these, including Google, Microsoft, Yahoo!, Berkman Center for Internet & Society, Center for Democracy & Technology, Electronic Frontier Foundation, Human Rights Watch, etc. It also includes a variety of (sociall-minded) investment firms, like Domini Social Investments, F&C Asset Management, and Trillium Asset Management, perhaps indicating a new focus on brining the financial sector of the ICT industry into the fold on these vital issues.

Noticeably absent from the list of partners are other major tech companies who commonly confront issues of privacy and freedom of expression, such as Facebook (ahem), AT&T (ahem), Cisco (ahem), or Skype (ahem). Also absent are other major advocacy groups like EPIC or Amnesty International. It is unkown whether these groups we asked to join and declined, or haven’t been approached to contribute to these efforts.


The GNI’s Principles outline its commitment to the protection and advancement of freedom of expression and privacy online, largely based on international human rights laws and standards including the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and the International Covenant on Economic, Social and Cultural Rights.

The Principles statement opens with a strong endorsement of protecting human rights:

- All human rights are indivisible, interdependent, and interrelated: the improvement of one right facilitates advancement of the others; the deprivation of one right adversely affects others. Freedom of expression and privacy are an explicit part of this international framework of human rights and are enabling rights that facilitate the meaningful realization of other human rights.

And then continues to outline how freedom of expression and privacy fit into that human rights perspective. Notably, it defines “privacy” as:

- Privacy is a human right and guarantor of human dignity. Privacy is important to maintaining personal security, protecting identity and promoting freedom of expression in the digital age.

Right on. Unfortunately, however, it frames the threat to privacy solely in terms of government interference:

- The right to privacy should not be restricted by governments, except in narrowly defined circumstances based on internationally recognized laws and standards. Participating companies will respect and protect the privacy rights of users when confronted with government demands, laws or regulations that compromise privacy in a manner inconsistent with internationally recognized laws and standards.

Given this language, it appears these principles are meant to provide guidelines to prevent unwarranted government access to personal information, but does little to address how the companies themselves might be impacting users’ privacy rights through their own collection and use of personal information.

Implementation Guidelines

The Implementation Guidelines provide more details on how the partners plan to put the Principles into practice. Notably, it calls for the boards of the participating companies to “incorporate the impact of company operations on freedom of expression and privacy into the Board’s review of the business”, as well as “employ human rights impact assessments to identify circumstances when freedom of expression and privacy may be jeopardized or advanced, and develop appropriate risk mitigation strategies”. This is to be achieved through the “creation of a senior-directed human rights team, including the active participation of senior management, to design, coordinate and lead the implementation of the Principles.”

This is incredibly similar to a recent shareholder proposal that Google’s board rejected (twice). What made them change their mind? Perhaps they wanted to make it appear as an inernal & altruistic move, rather than “giving in” to shareholder demands? One wonders…

With regard to privacy, the Implementation Guidelines outlines numerous steps for the Partners to follow, including some key items related to transparency:

- Participating companies will seek to operate in a transparent manner when required to provide personal information to governments. To achieve this, participating companies will:

  • Disclose to users in clear language what generally applicable government laws and policies require the participating company to provide personal information to government authorities, unless such disclosure is unlawful.
  • Disclose to users in clear language what personal information the participating company collects, and the participating company’s policies and procedures for responding to government demands for personal information.
  • Assess on an ongoing basis measures to support user transparency, in an effective manner, regarding the company’s data collection, storage, and retention practices.

Many of the partner companies have been working hard to make their data collection practices more transparent, and this is good stop towards codifying these efforts. In particular, I hope the first point above means that privacy policies will be more explicit when they state a company will disclose personal information to “satisfy any applicable law, regulation, legal process or enforceable governmental request.”

Finally, the Guidelines also call for the creation of a “confidential multi-stakeholder Advisory Forum [to] provide guidance to participating companies on emerging challenges and opportunities for the advancement of freedom of expression and privacy.” Why must this be confidential? I have no idea, and contradicts the efforts towards transparency stressed above.

Governance, Accountability & Learning Framework

The Governance, Accountability & Learning Framework outlines a multi-stakeholder governance structure, goals for collaboration and a system of company accountability to support the Principles, maximize opportunities for learning and ensure the integrity and efficacy of the Initiative.

Essentially, each of the Partners will contribute to the formation of an Organization to oversee the Initiative, “with equal representation from company and non-company participants that will strive to operate on a consensus basis.” A key task of this Organization will be to conduct “independent assessments” of the participating companies to ensure compliance with the Principles. Note, however, that the companies get to choose their independent assessor (”in close consultation with the Organization”). Hopefully the independence criteria to become an accredited assessor are sufficient to ensure fair assessments of the companies’ actions.


To summarize, this is an important (perhaps unprecedented?) step by members of the tech industry to recognize how their products and actions impact human rights, and I am thrilled that they are willing to sign on to such an initiative. I know many of the people who have been working on this (I’ve been hearing rumors of its creation), and I know they are committed to protecting both freedom of expression and privacy rights across the globe.

While there are gaps, this is an important step, and I hope momentum builds and real action emerges as a result." (