On July 16, 2019, the UN open-ended intergovernmental working group on transnational corporations and other business enterprises with respect to human rights (the “Working Group”) published a revised draft of a binding treaty on business and human rights. This latest version is based on recommendations from the 4^th session of the Working Group and consultations with relevant stakeholders. It has been praised for its clearer language and stronger provisions, giving it a better chance of success. I completely agree with this suggestion, especially when you compare it with the Zero Draft (which I have analyzed here); yet, from a digital environment perspective, there is still room for improvement.

Why is a digital environment perspective needed, though? First, because since 2012, the UN Human Rights Council has regularly affirmed that “the same human rights that people have offline must be protected online,” an approach that was most recently reaffirmed in its 2018 resolution on “the promotion, protection and enjoyment of human rights on the Internet” (A/HRC/RES/38/7). Secondly, because digital/tech companies are leading the global market value rankings. According to Forbes, 7 of the 10 largest companies by market value are companies working in the digital environment.[1] And thirdly, because even those businesses that are not “digital” per se, are for the most part using digital tools and larger amounts of data within their operations, leading to some arguing that  all companies are tech companies now.

Despite the obvious importance of tech companies for the exercise of human rights, civil society organisations working on digital policy have (with a few exceptions) been notably absent from discussions around the draft treaty – with the vast majority of engagement with the Working Group coming from groups working in the extractive and garment industries. This reflects a broader lack of attention to the tech sector (particularly online platforms) within business and human rights discussions.

The result is that a number of specific issues related to tech companies are not currently being considered in discussions around a treaty. Let’s take a look.

Scope and definitions

As has already been said in other blogs, the broader scope developed in the new draft, which applies “to all business activities” (Article 3) is definitely progress when compared to the Zero Draft. This is certainly the case when analyzed through the digital environment lens. As we have previously analyzed, the Zero Draft excluded companies such as Cambridge Analytica which, despite its small size, has had an enormous impact on privacy and democratic systems. It also excluded companies such as NSO Group which usually worked in tandem with governments. Moreover, the EU delegation’s main criticism of the Zero Draft was that it only applied to businesses of transnational character. This new draft’s wider scope improves the treaty’s chances of success, as it is aligned with EU delegation’s position.

Despite this improvement in the treaty’s scope, there are still some issues that need to be clarified in the definitions. Article 1(3), for example, defines “business activities” as “any economic activity of transnational corporations and other business enterprises, including but not limited to productive or commercial activity, undertaken by a natural or legal person, including activities undertaken by electronic means.” It is not entirely clear how “electronic means” should be understood in this context. While its inclusion can be seen as an acknowledgement of the importance of “electronic means” as part of the commercial activities of natural or legal persons, it also poses the risk of implying that these activities are separate or different from those that are not done by “electronic means,” If so, the differences and the way the human rights framework applies in each of these situations should be well-defined. This point should be clarified during the next session of the Working Group.

Jurisdiction

Article 7 states that jurisdiction with respect to claims brought by victims “[…] shall vest in the courts of the State where: (a) such acts or omissions occurred; (b) the victims are domiciled; or (c) the natural or legal persons alleged to have committed such acts or omissions in the context of business activities, including those of a transnational character, are domiciled.” General rules of adjudicative jurisdiction such as these have been proven to be problematic in the digital environment.

For example, what if the business in question is a multinational, like Facebook or Twitter –which might have collected data in one country, stored it in another, and processed it in a third? In such cases, it is often not possible to determine the relevant jurisdiction, as the acts and omissions may have occurred in three different countries and the victims may also be in different jurisdictions.

The jurisdictional challenges presented by the borderless digital environment are well documented and constantly evolving. According to the Internet & Jurisdiction Global Status Report (2019) the regulatory environment online is “characterized by potentially competing or conflicting policies and court decisions in the absence of clear-cut standards.” A binding treaty on business and human rights should be seen as an opportunity to generate policy coherence and cooperation between multiple regimes. Yet, in its current state, the new draft does not go in such direction.

In particular, the restrictions on extraterritorial jurisdiction posed in the current draft are problematic. Article 12 states that “nothing in this (Legally Binding Instrument) entitles a State Party to undertake in the territory of another State the exercise of jurisdiction and performance of functions that are reserved exclusively for the authorities of that other state by its domestic law.” As we have seen in the previous blog, the use of extraterritorial jurisdiction by home states is crucial to ensuring that companies cannot avoid accountability. This is especially urgent in the tech sector, where – as already noted – data can be collected, stored and used in different jurisdictions.

Remedies and rights of victims

The digital environment operates globally and has global impacts thus, the sector requires global and comprehensive grievance mechanisms. Organizations working in the field have proposed various forms of global mechanisms, especially when it comes to content moderation online.

Yet, all the grievance mechanisms in the new draft which are available for victims seem to undertake an operational character.[2] This is in line with human rights violations that occur in other sectors, such as the extractive and garment industries, where the impact is usually local. But, the operational focus is not necessarily efficient in the digital environment, where victims tend to be globally widespread.

Moreover, most of the “rights of the victims,” as stated in Article 4 of the new draft, are conceived from a “state-based grievance mechanism” perspective. That’s not necessarily bad: state-based judicial mechanisms are the primary remedial option even in the UN Guiding Principles on business and human rights, yet they are meant to be complemented by state-based non-judicial mechanisms (developed in Article 4(8) of the new draft) and non-state-based mechanisms, which are not mentioned in the new draft at all.

Non-state-based grievance mechanisms are critical in the digital environment. Examples of non-state-based grievance mechanisms include those administered by a business enterprise alone or with stakeholders, by an industry association or a multi-stakeholder group. Companies and multi-stakeholder initiatives can support the identification of adverse human rights impacts as a part of an enterprise’s ongoing human rights due diligence. They can provide a channel for those directly impacted by the enterprise’s operations to raise concerns. They also make it possible for grievances, once identified, to be addressed and for adverse impacts to be remediated early and directly by the business enterprise, thereby preventing harms from compounding and grievances from escalating.

There are a number of grievance mechanisms offered by tech companies such as, online platforms providing users the opportunity to challenge removals, Facebook’s proposed Oversight Board to independently review content moderation decisions and opportunities for users to discover what personal data about them has been collected, for what purposes, and to have it corrected or deleted. One focus of the binding treaty should be put in reinforcing these initiatives, rather than neglecting them.

Conclusions

As we’ve seen above, when analysed under a digital environment scope, the current Draft could be improved in at least three different ways:

1. More clarity and precision in the language. In particular, when it comes to an analysis under the digital environment there are some concepts such as “electronic means” that need clarification.
2. Better definitions of jurisdiction. In particular, the restrictions on extraterritorial jurisdiction posed in the current draft are problematic.
3. Considering non-state based grievance mechanisms. These are critical in the digital environment where victims tend to be globally widespread.

It’s important to emphasize that the treaty is not locked down. It can still be improved, and its deficiencies addressed. But the only way this will happen is if human rights organisations take part in these debates. A binding treaty, if approved, would likely have significant effects on the regulation and operation of the digital environment. Given the role that tech companies play in the exercise of human rights, particularly privacy and free expression, it is crucial that civil society, companies and states that are currently thinking about these issues engage with the treaty.

[1] Apple, Microsoft, Amazon, Alphabet, Facebook, Alibaba, and Tencent Holdings.

[2] The exception, which undertakes a global perspective is made not for victims but for settlement disputes by states. In particular, Article 16(2) poses the following solutions: (a) submissions of the dispute to the International Court of Justice or (b) arbitration in accordance with the procedure and organisation mutually agreed by both state parties.

Sebastian Smart holds a PhD on human rights and Latin American studies and a MA in Human Rights from University College of London (UCL). Prior to this, he completed a law degree at Universidad Catolica de Chile and has a specialisation in human rights and local development from CLACSO and Universidad Alberto Hurtado. Read more from Business and Human Rights Journal with the latest issue.