Business and human rights in the tech sector is attracting ever-increasing attention from investors, lenders, governments, NGOs and the public. Tech and digital companies have the ability to impact all human rights, facilitating access to information, skills, employment and connecting people around the world. However, technology may also pose risks to human rights. It is therefore vital for these companies to place the respect for human rights at the heart of their operations and to create a safe and ethical online environment for their consumers.
Regulation of technology is intended to provide a framework to enable users enjoyment and the fulfilment of fundamental freedoms whilst protecting from misuse to cause adverse human rights impact. However, whilst there is increasing legislation around the world aimed at improving corporate human rights performance (as well as increasing legal and other risks associated with poor performance), in the absence of a clear and coherent global regulatory environment, much of the onus currently lies on the tech and digital companies themselves to consider their human rights responsibilities and the appropriate steps that they should take in response.
SETTING THE STANDARD
Many tech companies are signatories to (or have made a public commitment to adhere to) voluntary international human rights standards (such as the UN Guiding Principles on Business and Human Rights (UNGPs) and/or the UN Global Compact). The UNGPs are the leading global standard, endorsed by the UN Human Rights Council in 2011, to prevent and address the negative human rights impacts of business activities. The UNGPs are divided into three broad pillars:
A company's responsibility to respect human rights means that it should make policy commitments to respect human rights, undertake ongoing human rights due diligence, and establish processes to enable effective remediation of any adverse impacts caused by the company or to which the company contributes. A company should also use any leverage that it has over third parties to seek to cease any human rights abuses that they are causing.
Whilst the UNGPs are a "soft law" instrument that do not themselves create binding obligations on companies, they have precipitated an increasing range of hard law instruments (such as the proposed EU Directive on Corporate Due Diligence and Corporate Accountability) and hard law consequences through contractualisation of human rights standards, increased human rights conditions to investment and lending and heightened awareness by consumers of human rights issues (fuelled, of course, by the easier forums of discourse that technology enables).
THE CONSEQUENCES OF POOR PERFORMANCE
The risks of poor corporate human rights performance could be considered in four different categories:
- Reputational: Many of the risks to which a tech company is exposed in relation to human rights remain reputational. Poor human rights performance can impact a company's brand, share price, value in the eyes of consumers and/or attractiveness as an investment/partner for banks or shareholders.
- Financial: Indeed, banks and investors are increasingly conditioning their financing on human rights performance. Failures by tech companies to operate in accordance with the standards of the UNGPs increasingly puts them at risk of a withdrawal, lack of availability or increasing cost of financing.
- Operational: Authentic engagement with human rights issues is increasingly important in a business attracting and retaining the best talent. Additionally, allegations of poor human rights performance by tech companies or their suppliers could lead to investigations of their business, protests at facilities, AGM hi-jack and/or loss of legal or social licence to operate. Any of these could lead to operational inefficiencies or interruptions.
- Legal: There are increasing laws and regulations that require companies to report on their human rights performance (such as in the UK, Australia, France, Germany and Switzerland) and increasing litigation risk in relation to the same (including a growing class action risk in the UK, Australia and other jurisdictions).
By contrast, strong human rights performance can place a tech company at a competitive advantage in relation to each of these issues.
THE INCREASING IMPORTANCE OF HUMAN RIGHTS DUE DILIGENCE
In light of the existing and developing landscape, human rights due diligence (HRDD) is becoming increasingly important for businesses. HRDD is a key part of a business' UNGP responsibility to respect human rights, it is also a key tool to understanding and responding to the risks to human rights posed by a business' operations, it is increasingly important as part of an effective sanctions compliance programme and there is an increasing trend towards legislation requiring human rights due diligence, in particular in France, Germany, Switzerland and (potentially) the EU.
RESPONDING TO THE EVOLVING LANDSCAPE
In light of the above, and consistent with their UNGP responsibility, tech and digital companies should:
- review their existing policy framework to ensure that it sets out a suitably robust position in relation to human rights risks, is endorsed and supported by senior management and is appropriately understood and implemented, particularly by those in the company who are likely to be closest to human rights risks.
- ensure that they understand the human rights obligations that they are already under as a result of the laws in their local markets and their contractual relationships.
- understand how appropriate human rights due diligence can help them to identify, mitigate and respond to any human rights risks that their operations and supply chain pose.
- consider whether they should seek to introduce remediation mechanisms to respond to allegations that they have caused or contributed to human rights adverse impacts.
Each of these steps is ongoing process.
Whilst these steps are not yet mandatory in many jurisdictions, there is a clear global trend towards increased business and human rights regulation. Further, many companies have existing public commitments to international standards, such as the UNGPs, that envisage these steps being taken.
A prudent tech or digital company should therefore already be undertaking these steps to protect themselves against the risks highlighted above and to get ahead of this trend. If a company is not already undertaking these steps, there is no better time to start than now.
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2021