Application of the UN Guiding Principles in the Tech Sector
In response to the need for specific guidelines for the implementation of the UN Guiding Principles by technology companies, the B-tech project provides guidance to states and technology companies how to implement the principles. The project is the result of collaboration and consultation of various states, technology companies, non-governmental organizations, the academic community, national human rights protection organizations, as well as other actors so that the raised questions and problems related to the respect for human rights in the tech sector can be addressed in a better way.
Pillar 1: State obligations to protect human rights
The main recommendations to the states are:
- States are urged to adopt a smart mix of voluntary and mandatory measures to require companies, including those in the tech sector, to respect human rights. Due to the dynamic development of the sector, states must periodically assess the adequacy of such laws and remove any gaps.
- When states involve technology companies in the provision of public services and goods, they must exercise adequate oversight to ensure that these companies respect human rights and that cooperation with these companies does not adversely affect the exercise of human rights.
- Example: algorithmic decision-making in public infrastructure management in the context of smart cities.
Pillar 2: Corporate responsibility to respect human rights
For technology companies, the protection of human rights is about preventing, mitigating and addressing violations related to the use of their products and services, commonly referred to as “end-use”. The other basic requirements are:
- The declaration of public commitment to respect human rights to be approved by the governing bodies of the enterprise, formed by internal and external expertise, and communicated to all parties related to the business activities of the enterprise.
- The requirement for regular due diligence applies to the company’s products and services and the recommendations are that it be carried out during the initial design of the product or service, its development and use.
- Examples of infringement:
- an employer using social media as a tool to monitor or intimidate employees;
- state using technology for warrantless surveillance.
Due diligence here includes the following steps that require high stakeholder engagement:
Step 1. Identification and assessment of the impact to define the nature and extent of the risk for human rights protection.
Step 2. Taking action to prevent and mitigate risks to people, including integrating due diligence into internal functions and processes.
Step 3. Tracking the effectiveness of risk reduction actions.
Step 4. Communicating the actions.
In establishing the impact that technology companies can have on human rights, one must trace whether there is a direct link between relationships with business partners or through their “own activities” – including design, development, marketing, sale or licensing and implementation of products, services and solutions.
Pillar 3: Ensuring effective protection
The states
Judicial mechanisms
- Effective judicial mechanisms are essential guarantees of access to legal protection, but there are constitutional limits on the extent to which they can correct and fill gaps in legislative regimes.
- Power and information imbalances can act as a significant barrier to access to protection – for example, where human rights abuses have occurred as a result of algorithmic decision-making or because of the level of technical expertise required to identify and analyze uses, for which different technologies have been implemented.
- When taking a legislative initiative, states must consider the scale of the negative impact, the identification of rights holders, what the infringement of rights is and the global reach of the technology so that the right holders can be adequately compensated.
Non-judicial mechanisms:
- State non-judicial mechanisms are of particular importance to the tech sector. These may include product standardization bodies, licensing bodies, data protection regulatory bodies, ombudsman offices, public health and safety bodies, and professional standards bodies.
The OECD mechanisms offer specific procedures: online platforms and the use of algorithms that remove potentially harmful content; online marketplaces listing dangerous products for sale.
Businesses and complaint mechanisms
- Most complaints and redress are made at the company level according to internal rules.
- There is cooperation at the sectoral level between business enterprises, facilitating access to effective protection by creating a basis for the development of more equal competition conditions between companies or for better allocation of responsibilities.