The rights approach: Pushing back against opaque public-private partnerships

Private-public partnerships

Public-private partnerships (PPPs) across a range of sectors, including digital and information and communications technology (ICT), offered important solutions to an impossible situation created by the COVID-19 pandemic. PPPs were lauded for playing a pioneering role in combating the coronavirus.[1] States were swift to adopt digital solutions to support lives and for governance during this period, as well as to help ease challenges created by prolonged lockdowns. As a result, there was significant demand for ICT infrastructure in these fields.[2]

Typically, PPPs offering digital-based solutions and support during the pandemic included the development and deployment of contact tracing apps, vaccine enrolment and management platforms, and health information dissemination partnerships. While the benefits of such partnerships seemed obvious, several civil society actors warned of pitfalls.

Concerns centred around privacy, data protection and security measures that govern digital platforms, particularly for those who communicate with the expectation that their data be held securely from third parties.[3] We also witnessed the large-scale spread of misinformation on social media platforms and messaging applications.[4] Coordinated campaigns were carried out on these platforms to push harmful narratives targeting racial groups[5] and minority communities for spreading the virus.[6] While platforms stated that they were putting in place policies to take down content or harmful “fake news” about coronavirus and vaccines,[7] implementation varied depending on the context. Above all else, the aggressive use of digital technologies to manage the pandemic further widened the digital divide, impacting the lives of millions of people who either do not have any access to the internet or do not have proper access that is affordable and accessible.[8] Enshrining platforms and technology-driven “solutions” at the centre of our pandemic response ceded authority to define the values at stake, and deepened pre-existing patterns of inequality in society.[9]

Despite these challenges, governments invested large amounts of money in procuring private sector technology and building PPPs to deliver digital solutions to the pandemic.[10] The allocation of budgets relating to digital transformation has since risen in many countries.

Information pertaining to PPPs and processes governing them is often hard to find since they typically require exclusive contracts. Even prior to the pandemic, civil society groups and digital rights defenders had to grapple with the “black box” phenomenon where public knowledge about the ways in which technologies or tech-based companies function act as a barrier to mitigating or addressing human rights violations.[11] Another point to note about the state-company nexus is that there is often a lack of clarity regarding the types of data that governments and the companies they work with have access to, along with a lack of transparency of ongoing impact assessments, including those for data protection.[12] The Global Network Initiative has also reported government efforts to acquire “direct access” to user data in ways that remove intermediaries’ awareness of and opportunities to object to or be transparent about this access.[13]

Looking to the UNGPs

Given that regulatory systems governing these partnerships and the ICT sector are vastly different across jurisdictions, the UN Guiding Principles on Business and Human Rights[14] (UNGPs) offer a principled and pragmatic approach for ensuring that technological advances are grounded in respect and dignity for all and that their governance is rooted in rights. The UNGPs mandate that the state has the responsibility to protect our rights, that companies have a responsibility to respect our rights, and that we must have access to remedy.

Principles four to six of the UNGPs cover a range of policy areas relating to the “state-business nexus”. This includes financial and other support provided by states to companies, the privatisation of services that may impact human rights enjoyment, and public procurement. Irrespective of the kinds of contracts that states may hold with private actors, they cannot outsource the responsibility to protect human rights. Therefore, states must put in place adequate oversight mechanisms and policies or regulations for accountability. Where states financially support, contract with or procure from technology companies, they should actively use that opportunity to ensure that the companies they work with respect human rights.[15]

Another key recommendation in the UNGPs relates to due diligence. While the conduct of human rights and environmental due diligence (HREDD) in itself may not remedy harms caused by technology, it is critical in understanding risks and devising mitigation strategies or solutions. Given the close relationship that states have developed with technology-based companies and the ever-growing procurement of technology, states must conduct proper assessments before formalising partnerships and require companies to conduct thorough HREDD as a prerequisite for contracts.

PPPs with tech-based companies are fast evolving into opaque bilateral relationships. Even in instances where tech-based companies are willing to use HREDD, ongoing challenges, including confidentiality, hinder the development of best practices around HREDD when it comes to sensitive business decisions that involve states as customers or partners.[16] The public – and more specifically digital rights defenders – are left out of these discussions and, as a result, important perspectives are lost.

States using technology and tech-based companies have lost significant public trust in the face of never-ending rights violations. To regain some social licence to operate, companies must engage with civil society actors and affected communities in the HREDD process and states must ensure that an inclusive environment is fostered.

Way forward

The pandemic and the immeasurable loss we suffered have taught us critical lessons for the future. For civil society, the agenda for accountability hinges on eroding the opacity of PPPs and ensuring that our voices are heard. States and the private sector need to know and show that they are committed to processes and safeguards against digital authoritarianism and abuse.

States should commit to guaranteeing access and accessibility to all people, and this promise must be accompanied by sufficient allocation of resources to build the necessary infrastructure and promote community-led solutions to access. This is the stepping stone for a people-centred digital transformation, one that will pave the way for meaningful and rights-based PPPs.

The primary responsibility for protecting our rights rests with the state, and this means that PPPs that the state wishes to enter into need analysis, consultation and oversight. Adequate and predictable accountability mechanisms stemming from regulation and policy, especially in areas relating to data protection and intermediary liability, are necessary for accountability.

PPPs using digital technologies must begin with thorough HREDD and be subjected to audits as needed. Grievance mechanisms in companies that are a part of these undertakings are critical for the relationship they have with the community. Periodic assessments and adjustments are possible only if communities impacted by these operations and civil society have a seat at the table. Stakeholder engagement in PPPs across their life cycle should be mandatory.

For meaningful engagement to take place, information and data about these PPPs and operations are central. The state and companies involved would need to proactively make information available, including information relating to the contracts that bound the parties together.

We are witnessing ongoing efforts from Europe[17] to Japan[18] in the enactment of policies and regulations on HREDD. For civil society and internet users, this is a critical moment to ensure that these policies meet our aspirations and pave the way for an era of accountability in the tech sector.