Engaging the ICT sector on human rights: Privacy and data protection
This report provides sector-wide risk assessment on privacy and data protection in the Information and Communications Technology (ICT) industry. It includes international standards and salient issues to consider when engaging with ICT companies, the “business case” for privacy and data protection, and investor guidance for engaging ICT companies.
Please login or join for free to read more.
OVERVIEW
This report provides a detailed analysis of privacy and data protection in the Information and Communications Technology (ICT) industry. The authors state that the digital collection of personal data can generate significant economic and social benefits, but warns of its detrimental impact on fundamental rights like the right to privacy. The report discusses the various international instruments that refer to privacy and data protection that companies must consider when conducting human rights due diligence.
The report highlights negative impact to privacy that ICT companies can have, including: failing to protect personal data of users and customers, inappropriate use of individual’s personal data, and selling personal data without their knowledge or consent. The report suggests that companies should carefully consider these risks in order to protect their users and customers.
Privacy and data protection have become increasingly important for businesses. Companies that fail to protect privacy risks potential legal, reputational, and financial risks by breaching data handling practices. Recent studies have shown that high-profile data breaches have negatively impacted consumer trust in major brands.
This report also provides investor guidance aimed at mitigating risks associated with human rights and material risks. It suggests investors focus their attention on the following questions:
- Does the company’s board exercise direct oversight over risks related to privacy?
- Does the company disclose clear policies and practices regarding data privacy?
- Does the company guarantee users’ access to appropriate public and/or private remedies, including effective and accessible grievance mechanisms?
Based on the findings in this report, the following recommendations are suggested:
- Companies operating in the ICT industry should prioritise user data protection and privacy and actively communicate their policies and practices regarding data privacy.
- Companies should engage experts with expertise in privacy and data protection rights and implement policies to safeguard privacy and data protection.
- Companies should assess the risk of adverse impacts associated with their operations and develop policies and due diligence procedures to mitigate them.
- The Investor Alliance for Human Rights is a collective action platform for responsible investment and an essential focus for investors to ensure they are protecting their holdings.
Overall, this report stresses the importance of data privacy and the risks associated with inadequate protection of user data. Businesses operating in the ICT industry must protect user data and ensure they have policies and procedures in place to address risks associated with privacy and data protection. Investors should prioritise companies that put policies in place to protect user data and engage in proper oversight to ensure the protection of human rights regarding privacy and data protection.