Freedom of expression and privacy

Telecommunications enable the exchange of ideas and access to information in a way that supports openness and transparency. It is our duty to respect our customers’ and users’ freedom of expression and privacy.
Strategic objective

2018 Goals

2015 Outcome

• Enable, respect and support freedom of expression and privacy.

• We are regarded as the trusted ICT industry leader in human rights. 

• All markets covered in law enforcement disclosure with regards to statistics on government requests. 

• All markets covered in law enforcement disclosure with regards to information on local legislation. 

• All closed unconventional requests challenged. 

• Actively contribute to the work of the Telecommunications Industry Dialogue and its collaboration with the Global Network Initiative. 

• 9 countries covered in law enforcement disclosure with regards to statistics on government requests. 

• 5 countries covered in law enforcement disclosure with regards to information on local legislation. 

• Just above half of closed unconventional requests challenged. 

• Contributed to the ID and GNI joining forces. 

Context

Issues related to freedom of expression and privacy pose a high risk to users of telecom services globally. Such risks include mass surveillance, network shutdowns, localization of mobile devices and blocking or restriction of certain content. Through legislation and decisions from authorities, states define the scope of surveillance of communications and limitations to the free flow of information.

ICT and human rights in general, and freedom of expression and privacy in particular, have gained attention through developments in recent years, such as surveillance revelations and terrorist attacks. We foresee that our work will become increasingly important throughout all our markets as legislators seek additional surveillance measures to fight crime and terrorism.

The right to customer privacy is widely understood as an essential requirement for the right to freedom of expression. Therefore, we have direct commitments both as to surveillance privacy (when authorities require access to user data) and as to customer privacy (our processing of customer data for our own needs). See more about our customer privacy work in “Customer privacy.”

Governance

Respecting freedom of expression and privacy

By putting processes in place, we aim to fulfill our responsibility and commitments to respect freedom of expression and privacy as laid out in the UN Guiding Principles for Business and Human Rights. Our duty to respect and promote human rights is focused on the risks to our customers. We aim to limit potential harm to individuals by seeking active measures to support the rights of our customers where we believe that these are at risk.

Our freedom of expression and privacy work is guided by the UN Guiding Principles, the Telecommunications Industry Dialogue Principles on Freedom of Expression and Privacy and the group policy on freedom of expression in telecommunications.

The policy addresses our commitments in relation to requests or demands with potentially serious impacts on freedom of expression in telecommunications, such as mass surveillance where authorities demand unrestricted real-time network access, shutdown of all or parts of a network, blocking or restricting access to specific content, blocking or restricting access to services or networks and proposals for new laws or significant operational changes.

We have highlighted the importance of freedom of expression in our CEO’s statement, see www.teliasonera.com/en/sustainability/human-rights.

Assessment and escalation

A group instruction sets out practical steps regarding assessments and escalation that are instructed to be carried out whenever a local company receives a request or demand that may have potentially serious impacts on freedom of expression in telecommunications. Guidance is provided in a form for assessments and escalation, a tool that we have shared publicly.

Unconventional government requests are assessed by the local company and escalated within TeliaSonera for informed decision-making, including considerations from outside of the local context, on how to perform a point of challenge. This means adhering to the local law while at the same time seeking and performing measures to respect and support the rights of our users. We can request and remind that a decision be put in writing, postpone implementation to the greatest extent possible and/or seek to publicly share information about the request. While the process is intended to identify and mitigate potential violations to individuals’ freedom of expression and privacy, the actual outcome heavily depends on local laws, the security and capability of local employees.

Activities during the year

Stakeholder engagement

The Industry Dialogue (ID), which in December 2015 included nine international telecom companies, adds leverage to advocacy promoting freedom of expression and privacy in the telecommunications industry. Our active participation stimulates shared learning on how to best respect freedom of expression and privacy. A description of the ID’s activities during the year is available at www.telecomindustrydialogue.org. Our work with regard to the ID Principles is available in a document at www.teliasonera.com/sustainability/reports.

The ID has a formal collaboration with the multi-stakeholder Global Network Initiative (GNI). By working together, the two initiatives aim to advance freedom of expression and privacy rights in the ICT sector more effectively. The collaboration provides a common platform for shared learning and leverage. In January 2016 the ID and GNI agreed to combine. We have been active in promoting the collaboration, which will take full effect in 2017.

We have promoted the ID Principles at MegaFon and Turkcell. These dialogs will continue during 2016.

Law enforcement disclosure reporting

We believe that transparency on surveillance activities can contribute to a world where customer privacy and freedom of expression are more strongly enforced. Therefore we publish law enforcement disclosure reports twice per year. In 2015, we published such reports in January and October. The reports can be found at www.teliasonera.com/sustainability/reports.

The most recent report, released alongside this Annual and Sustainability Report, includes statistics covering requests from the police and other authorities in nine countries. The statistics, as presented in the table below, show the number of authority requests in each country based on a court order or other legal demand by the police or other authority. The statistics are subject to limited assurance by Deloitte.

Authority requests* 2015

Country

Lawful interception

Historical data

Subscription data

Challenged/
rejected requests

Denmark

5,825

1,368

9,672

38

Estonia

3,4541

2,226

288,4232

4,7483

Finland

4,394

2,078

7,867

26

Georgia

Not available

281

1,303

876

Moldova

Not available

10,348

5,530

235

Nepal

Not available

38,935

37,022

0

Norway

2,384

5,234

9,173

127

Spain

20,413

35,079

43,989

776

Sweden

2,950

1,850

4,017

236

* As explained in the text, direct access is not included in the statistics.

1 In Estonia, a direct access system is used. We keep a log of these requests.

2 This figure includes all requests for Subscription data. For other countries the corresponding figure only covers requests that are handled by authorized personnel, and automated requests that refer to a criminal case.

3 This figure includes all requests to which we were not able to answer, most often because the requested information was about a customer of another operator.

Differences in market share as well as working methods, both by authorities and within TeliaSonera, make it difficult to compare statistics between countries. For definitions of the categories, see the Law Enforcement Disclosure Report at www.teliasonera.com/sustainability/reports.

Our reporting of country legal frameworks pertaining to freedom of expression and privacy in telecommunications is performed through contribution to the ID database on country legal frameworks. Our law enforcement disclosure report includes links to national laws that provide governments with direct access to information about our customers and their communication, without having to request information from TeliaSonera.

Regarding governments’ such direct access, i.e. signals intelligence (intelligence gathering through analysis and processing of communication signals) and real-time access without requests (technical systems for more extensive monitoring of telecommunications), TeliaSonera has no insight into the extent of such surveillance (when, who and what) and cannot provide any statistics beyond those provided within this report.

Unconventional requests

In addition to reporting statistics, we publish information on unconventional requests or demands from governments (“major events”).

During 2015, we closed some 15 such unconventional requests or demands from governments across our operations. To support the decision making process and ensure a consistent view on freedom of expression throughout the group, we facilitated local company risk assessments and escalations. Points of challenge, where possible, were defined jointly by local, regional and group management.

Main challenges to reporting

We seek to be as transparent as possible, but there are challenges. Local laws that may sometimes lack full clarity determine what we can and cannot publish. As to unconventional requests, there may be either confidentiality provisions or constraints based on our duty to protect the safety of our personnel. Also, issues regarding direct access are closely related to national security and therefore challenging to share and communicate.

Counting the number of unconventional requests is difficult and subjective as such requests can range from a demand to block one or several websites, shutting down of a network locally to requests regarding direct access.

Planned activities in 2016

We will continue our work regarding law enforcement disclosure reporting. We aim to find ways to standardize such reporting within the ID and GNI.

TeliaSonera will continue to respect and promote human rights in general. This includes further elaboration of assessment processes, training, compliance, monitoring and review. The aim is for this work to benefit from the shared learning and leverage within the context of the ID and GNI. Specific gaps in our work include:

  • Shared learning and implementation in remedy and grievance mechanisms.
  • Local stakeholder dialog and engagement.
  • Governance and training to make the process of assessments and escalations swifter, especially when it comes to requests and demands for direct access to our networks and systems

CASE:

Information on unconventional requests

TeliaSonera aims to publish information about every unconventional request or demand from governments (“major events”). Below is a list of articles from July through December 2015 on such major events. A list of major events in January through June 2015 can be found in the Sustainability Update at www.teliasonera.com/sustainability/reports.

Several updates on service limitations in Tajikistan, the latest from 19 November

www.teliasonera.com/en/newsroom/news/2015/update-16-november-freedom-of-expression-major-event-as-to-service-limitations-in-tajikistan-9-october-2014/

Mandatory distribution of SMS in Nepal

www.teliasonera.com/en/newsroom/news/2015/foenepal/

Direct access in Tajikistan

www.teliasonera.com/en/newsroom/news/2015/freedom-of-expression-major-event-as-direct-access-in-tajikistan-june-2015/

Blocking of a website in Nepal

www.teliasonera.com/en/newsroom/news/2015/freedom-of-expression-unconventional-request-as-to-blocking-of-a-website-in-nepal/

© TeliaSonera 2015
In the event of any differences between this online version of the Annual and sustainability report and the printed version, the printed version shall prevail.