Last week, a UN intergovernmental working group discussed a proposed treaty to regulate the activities of transnational corporations under international human rights law, including “activities undertaken by electronic means.” The applicability of international human rights law to business enterprises has long been controversial, and the proposed treaty brings corporate digital activities into this controversy.
Under international law, governments must protect people under their jurisdiction from the actions of third parties, including businesses, that harm human rights. However, for human rights advocates, such indirect corporate accountability is inadequate because governments frequently do not protect human rights from corporate behavior. Attempts to apply human rights law directly against corporations have generated heated arguments, produced non-binding guidelines, sparked litigation in national courts, and stimulated initiatives to improve corporate compliance with human rights.
In 2011, the UN Human Rights Council endorsed the Guiding Principles on Business and Human Rights [PDF]. These principles reinforced the legal obligations of states to protect against corporate human rights abuses and emphasized the ethical responsibility of businesses to avoid infringing on human rights. In 2014, the Human Rights Council tasked an intergovernmental working group (IGWG) “to elaborate an international legally binding instrument to regulate, in international human rights law, the activities of transnational corporations and other business enterprises.” In July 2018, the IGWG tabled a “zero draft” [PDF] of the treaty for consideration at its fourth session (held October 15-19). For commentaries on the zero draft, see here [PDF].
The proposed treaty seeks to regulate transnational business activities by requiring states parties to establish means for individuals to access criminal, civil, or administrative remedies against corporate human rights violations. The treaty covers “all international human rights.” Jurisdiction for claims by victims is broad, vesting in the courts of states where the harmful acts occurred or where the corporation does substantial business or has a subsidiary, branch, or office. Liability arises not only for activities under direct corporate control but also where companies should have foreseen the risk of human rights violations. The IGWG also produced an optional protocol [PDF] under which a committee can receive claims of corporate human rights violations. The proposed treaty also requires states parties to ensure that corporations engage in “due diligence” by monitoring the human rights impact of their activities, identifying actual and potential human rights violations, and preventing violations.
Controversies about human rights and corporations have not, historically, focused much on how businesses collect and use information. The Chair-Rapporteur of the fourth session called out the zero draft’s reference to “activities undertaken by electronic means” in the definition of “business activities of a transnational character.” This emphasis illustrates the rise of human rights concerns about corporate digital behavior. These concerns include corporate respect for privacy and freedom of expression and failures to prevent services, such as social media, from being used to facilitate human rights abuses. The proposed treaty’s scope, jurisdictional, liability, and due diligence provisions touch important aspects of how companies use information technologies and/or provide digital services.
Under the zero draft, a customer could argue that a corporation violated the right to privacy in how it handled the customer’s information and, utilizing the provisions on extraterritorial jurisdiction, bring a claim in any state party where the corporation does business. Similarly, victims of atrocities facilitated by exploitation of digital services could attempt to hold corporate providers liable for not addressing this foreseeable risk by litigating in a jurisdiction different from where the atrocities happened or where the companies are incorporated. A state party could require a company to engage in due diligence on all its digital activities, including contractual relationships and operations outside that country.
The proposed treaty’s implications for corporate digital activities connect with concerns about the zero draft. Political support for the treaty is badly fragmented, business associations are opposed [PDF], and problems with the zero draft have been identified. The first, second, and third IGWG sessions revealed disagreements about, among other things, the treaty’s scope, standards of corporate liability, and provisions on extraterritorial jurisdiction. The draft report of the fourth session indicates that these and other disagreements continue. Given such disagreements, John Ruggie, former UN special representative on business and human rights, urged the IGWG to concentrate on corporate behavior involving “the most severe human rights abuses, such as crimes against humanity, forced labor, sexual violence, and the worst forms of child labor.”
Despite these problems, the revised draft of the proposed treaty, scheduled for release in June 2019, bears watching in the digital policy space because controversies related to privacy and the use of social media to facilitate human rights abuses continue to arise. In the past month alone, Facebook has been under privacy scrutiny after a large data breach and under human-rights pressure for not detecting that Myanmar’s military used the social network as “a tool for ethnic cleansing” against the Rohingya. The proposed treaty might die a slow death, but the demand for human rights accountability for corporate digital behavior will not.