Human Rights, Big Data and Technology

Corporate Responsibility

Blurred image of people walking in a corporate environment

Investigating how effective remedies can be accessed for human rights harms resulting from business practices.

Businesses have a corporate responsibility to respect human rights under the United Nations Guiding Principles on Business and Human Rights.  Our research aims to assess current gaps in practice and accountability and ensure that  individuals have access to effective remedies for human rights harms resulting from business practices.

 

Watch our videos from the HRBDT project

 

What are the responsibilities of businesses in regard to protecting and respecting human rights?

Businesses hold much of our personal data  and innovation in technology is growing exponentially.  Analysis of corporate responsibility in regard to the United Nations Guiding Principles on Business and Human Rights (UNGPs) has been lacking. Any company that employ new technologies and is a data controllers needs to be assessed against the UNGPs. Understanding what the UNGPs mean in regard to these companies leads to greater understanding of the gaps that need to be addressed and of the methods to bridge those gaps.

Human Rights impacts

ICT companies can have both positive and negative impacts on human rights. Companies can enhance and promote human rights, for example in the humanitarian and development sectors. Innovation can support progressive realisation of rights, but it can also undermine these efforts and cause harms to individuals. The rights implications of certain technologies and uses of data can range from infringements on privacy and freedom of expression to access to health and education. The Human Rights Council has endorsed the approach that “the same rights that people have offline must also be protected online”. It is important to note  that harms  can have physical offline impacts as well.

Some companies have acknowledged risks and address them through voluntary measures, adopting a Corporate Social Responsibility (CSR) model with their own terms and conditions. This  can be problematic when they are not regulated by the government or by public international law. This is where the UNGPs could provide guidance but unfortunately they have not been utilized sufficiently.

When considering the case of governments pressuring companies to censor particular content or to provide access to certain data, what is the role of businesses in these cases? Should they be responsible for these activities or is it the role of government? Our research looks specifically at these issues and what the UNGPs can teach us about the role of businesses in the ICT sector.

UN Guiding Principles on Business and Human Rights

The United Nations Guiding Principles on Business and Human Rights (UNGPs) are the only official guidance the United Nations Human Rights Council have endorsed for states and business enterprises on their respective obligations in regard to business and human rights.  The UNGP are not legally binding, but through their endorsement by states as well as businesses they carry significant weight. Elements of the UNGPs have been adopted in national binding regulation and law.

The UNGPs  explain how existing human rights standards can be upheld but they don’t create new rights.  The UNGPs  are applied at three different levels with  three different target groups in each of the three pillars. Each of the three pillars is divided into foundational and operational principles.

The three pillars are as follows:
  1. States have a duty to protect against human rights abuses by third parties
  2. Businesses have an independent responsibility to respect human rights
  3. Where a human right harm has occurred, an individual must be given access to effective remedy by both states and enterprises.

The corporate responsibility to respect Human Rights

The second pillar of the UNGPs is concerned with the corporate responsibility to respect human rights. Unlike the State obligation to protect human rights, the word “respect” is specifically chosen to make clear that they do not hold the same obligations as States. There is a very important distinction between saying there is an obligation and a responsibility.

Starting with the foundational principles, businesses should respect human rights, which means they should avoid infringing on the human rights of others and address adverse human rights impacts they are involved in. The responsibility to protect also requires that businesses seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products, or services by their business relationships even if they have not contributed to those impacts. While the UNGPs apply to all businesses the means through which a business meets its responsibility will be proportional to, among other factors, its size. Finally businesses should have in place appropriate policies and processes to their size and circumstance including: (1)a policy commitment to meet their responsibility to human rights, (2) a human rights due diligence process, and (3) process to enable the remediation of any adverse human rights impacts they cause or contribute to.

Our research

HRBDT uses the UNGP framework to assess current gaps in practice and accountability to ensure that states protect individual human rights against third party abuses, that businesses respect human rights through their practices and that individuals have access to effective remedies for human rights harms resulting from business practices.

Our research areas