Can National Action Plans make tech companies rights-respecting?

Last month, several online platforms made a collective decision to remove content by Infowars, a conspiracy theory platform associated with the far-right, on the grounds of hate speech and incitement to violence. This decision, while welcomed in many quarters, points to a troubling reality: tech companies are increasingly the arbiters of a range of human rights exercised on the internet, including freedom of expression. This is a complicated role and, in the absence of oversight, they don’t always get it right.

Instruments like the UN Guiding Principles on Business and Human Rights (UNGP) and the GNI principles help us understand the distinct and specific role that businesses play in respecting human rights. But they are not mandatory, and the UNGPs have been criticised because they don’t provide clear recommendations to states consistent with human rights standards. Alongside the proposed treaty on business and human rights currently making its way through the UN, one of the most interesting solutions to this lack of “teeth” is being tested at the national level, through the implementation of National Action Plans (NAPs), a mechanism by which governments commit to take action to ensure businesses in their country respect human rights.

An address by political scientist and main UNGP promoter John Ruggie at the launch of the UK’s NAP exemplifies the radical claims being made for this new process:

“The era of declaratory corporate social responsibility is over. It is no longer enough for governments to act as though promoting CSR initiatives somehow absolved them of their obligations to govern in this domain, and to do so in the public interest. It is no longer enough for companies to claim they respect human rights; they must know and show that they do. And it is no longer enough for rights-holders merely to harbor the hope that governments and companies will fulfill their respective obligations; they are entitled to demand remedy for harm done.”

It’s a promise which evidently holds diverse appeal. NAPs have already been rolled out for a range of focus areas in 19 countries, with another 21 countries – across both the global South and North – in the process of developing one. Proponents of NAPs argue that they can deliver more substantive change than other policy processes, and it is true that NAPs have yielded important legislative advancements. Between the original NAP (2013) and its update (2016), the UK passed the Modern Slavery Act (2015), which built on UNGPs and NAP recommendations specifically requiring companies to disclose the steps undertaken (including due diligence measures) to ensure that slavery and human trafficking are not taking place in their supply chains. More recently, France’s NAP led to the passage of the Devoir de Vigilance law which imposes a duty of care and civil liability on large parent companies for the activities carried out by subsidiaries, subcontractors and suppliers.

There have also been cases where NAPs have been criticised for offering nothing but vague aspirations, notably in instances where they have been used to regulate the tech sector. The Finnish NAP is a good example. While it recognises that the right to privacy, the protection of personal data, and the protection of confidential messages are fundamental human rights, it establishes neither concrete company liability, nor remedies for victims of corporate behaviour. A lack of practical guidance on implementation is another common weakness, seen in NAPs from Belgium to Colombia. The Polish NAP idly gestures towards plans “to draft a regulation to counteract restrictions on the freedom of speech” without establishing any standards or a viable roadmap for the introduction of the regulation. In other cases, the problem relates to scope. Norway’s NAP, for example, actively exempts tech SMEs from its provisions, asserting that they are “unlikely to risk becoming implicated in human rights abuses to any great extent”, a highly dubious claim which ignores the fact that UNGPs apply to all enterprises regardless of their size, sector, operational context, ownership, and structure.

What can we take away from this mixed, even contradictory evidence? It’s clear that NAPs show promise as a mechanism for implementing mandatory standards on human rights at the national level. It’s also clear that there is no perfect recipe for a good NAP, and that success or failure relates to a range of local factors – from the organisation and capacity of civil society, political culture and constitution, and the openness of companies to human rights compliance. That having been said, it’s safe to say that a successful NAP is likely to:

• Recognise the duty of states to protect human rights, the duty of companies to respect human rights, and victims’ access to remedy;
• Be context-specific, and able to evolve dynamically to address the country’s actual and potential business-related human rights abuses; and
• Be developed in an open, inclusive, and transparent fashion (we’ll be looking at this aspect of the NAP debate in a coming blog post).

How can human rights defenders work to make sure that these principles are embedded in NAPs? A few tentative thoughts. First, we have to organise ourselves. Both at the national and international levels, we must work with governments and companies to emphasise the importance of NAPs and how they can reduce potential human rights abuses by businesses. To do so, we need to start mapping the actors involved in the creation or potential elaboration of the NAP and convince them of the importance of an OIT process. There’s also a clear need for serious, sustained thought and work around systematising minimum regulatory standards for the tech sector within NAPs, as has already been done for the extractive sector. In doing so, we need to consider holistically all the potential human rights impacts of tech companies, from freedom of expression to the potential impact of the sector on economic, social and cultural rights. For all their limitations, NAPs are one of the few available tools that we have to avoid potential human rights violations in the digital era. It’s up to us to ensure they deliver on this potential.