MPs recently had their first chance to debate The Investigatory Powers bill, legislation that will force internet companies to store records of our online activity and – it is claimed – enshrine mass surveillance into law. The bill has raised a number of questions, not least about the need for targeted rather than mass surveillance, robust oversight mechanisms, and proportionality.
Opponents are particularly concerned that the bill is incompatible with the 1998 Human Rights Act because it violates our right to privacy. Meanwhile, it also has big implications for businesses which are concerned about increasing data storage costs, product and infrastructure redesigns, and the impact on consumer trust.
The debate not only raises questions about the extent to which national security trumps both civil liberties and business interests. It also raises big questions about the role and responsibilities of social media and internet companies in respecting human rights.
The bill actually reflects a seismic shift in the relationship between business, government and society. Milton Friedman, the American Nobel prize-winning economist who advised both Ronald Reagan and Margaret Thatcher on the virtues of the free market, once said that the social responsibility of business was to make money, a view based on the property rights of shareholders.
But the bill more than implies that the social responsibility of corporations isn’t only to hand over the personal data of millions of customers at the request of the government. It is, to put it crudely, to plug a gap in national security. Indeed part of the rationale for the bill, according to the government, is to address the capability gap that exists in security agencies that inhibits their ability to fight terrorism.
This is another example of the blurring of the roles of the state and the corporation. As the recent dispute between Apple and the FBI has perfectly shown, it is the CEOs of companies like Apple (a company that co-incidentally is economically bigger than the likes of Denmark and Norway) that are trying to balance the right to security, the right to privacy and the right to property.
But the bill also marks a shift in our tendency to talk about corporate social responsibility in terms of stakeholders, by underlining the fact that corporate activity impacts rights.
This framing of the impact of corporate behaviour as a violation of individual rights may well push us beyond what has proved to be a helpful but broadly impotent stakeholder view of the corporation, to a rights-holder view.
The bill raises questions about exactly what a corporation’s responsibilities to respect human rights are. This is actually part of a related shift we are already seeing at the United Nations away from a focus on nation states towards corporations as the most effective vehicle for promoting rights.
Back in 2011 the UN endorsed the Guiding Principles on Business and Human Rights (The Guiding Principles) which argue that corporations have a responsibility for rights that exists “independently of states’ abilities and/or willingness to fulfil their own human rights obligations”. In other words, ICT companies have a responsibility to respect human rights even when the state fails to do so, and this responsibility exists above national laws.
The shift towards thinking about the role of corporations in both realising and violating rights creates a whole new set of questions about corporate governance mechanisms, company reporting and corporate accountability. It emphasises that different groups have a right to different kinds of information from corporations, and this fundamentally affects the way we normally condense corporate reporting down to a crude set of financial measurements.
The EU currently has an open call for discussion around non-financial reporting. Corporate disclosure on human rights needs to be a fundamental part of that discussion.