Thursday, 5 April 2018

Data, big business and human rights

Data protection and privacy is among the most important and high-profile issues where 'business' and 'human rights' intersect.

Are some media-tech firms so large and influential that their social impact cannot be regulated? Or is the issue more about a sufficient constituency of public consumer-citizen demand for proper regulation?

This week saw news reports that Facebook may have 'improperly shared' the data of 87 million users with political consultancy Cambridge Analytica, linked to the Trump presidential campaign.

In this post I simply paste below a paragraph from a forthcoming paper I have written on how these sorts of issues and crises are treated in popular culture. Hollywood may no longer be a credible barometer or bearer of moral messaging, and nor has it yet produced the definitive movie of our age in relation to our lives online. Still, from 1995's The Net to 2015's Ex­_Machina we do see some reflection of (Western) societies' anxieties and trajectories in relation to the commodification of data and privacy issues.

This is what the paragraph says:

"... One critic describes Ex­_Machina as one examination of ‘how corporations have been freed from all forms of social responsibility in the digital age’ (Allen 2016*). That is an overstatement, but Allen does observe that in movies of this sort the issue is not so much corporate access to one’s private life as the role that individual consumers (out of apathy, convenience, ignorance, trust or other factors) play in enabling corporations to ‘take on a life of their own’ and accumulate so much potential influence over private data. The significance of this movie (or more accurately this type of movie -- it was not a blockbuster) might lie in what it tells us about the mix of regulation vs. consumer preferences in this and other areas of corporate ethics and responsibility. After all, if informed consumers are not motivated to press home data-related human rights concerns in any concerted way, what are the prospects for influencing, expanding and sustaining corporate self-regulation or industry or state regulation to protect those same concerns?"

How does this relate to current debate on Facebook's data management?

Consumers do need to know and understand issues before they can be a constituency of demand for better regulatory interventions.

But social media and other technologies may be so convenient and/or seductive that if the balance of regulation on data privacy ends up not favouring the individual, it may not be that we are all the blameless victims of some elaborate corporate strategy to undermine human rights.

It may be that we have done this to ourselves.


* Allen, A., (2016) ‘How the ‘Evil Corporation’ Became a Pop-Culture Trope’ The Atlantic, 25 April 2016.

Friday, 9 February 2018

Regulating the Future: 'private sector, public role'

One ought not get too categorical about distinguishing the public and private sectors when thinking about the wider 'sustainability' and 'social impact' agendas.

This blog's name plays off the differences we apprehend between public and private actors and activity, from principles (e.g. differing legitimacy levels as between corporations and public authorities) to drivers (e.g. differing incentives and audiences) to practicalities (e.g. different tools and techniques even where the ends are common).

But in many socio-enviro responsibility & sustainability contexts, the public-private distinction may be difficult to make. Or it may be not useful to dwell on, where it blinds us to the significant governance contributions of private actors towards what are ultimately public goals.

Past posts have dwelt on this, but this one (the first for 2018) is prompted by three recent things that I see as connected in relation to this enduring public-private debate.

The first is my delight this week in meeting my new PhD student here at ANU, who will study the financial sector as a significant source of influence on the human rights impact of business more generally. (See recently in this regard the Thun Group of Banks view on one aspect of this, here).

Who is a 'regulator' and what counts as 'regulation', and what are appropriate and effective contributions that those policing bottlenecks in the economy -- such as financiers and insurers -- can play in furthering regulatory objectives? How does formal Regulation (with a big R) or other policy interventions (regulation with a small r?) leverage these contributions?

The second is that I recently returned from a sustainable development symposium at the University of Indiana, Bloomington on balancing freedom vs security in the regulation of cybersecurity. Given that (mostly privately owned) tech firms dominate much activity in cyberspace, they will surely play an outsize role in the governance of that space relative to public authorities.

With this influence comes elevated levels of responsibility on the part of private actors (and expectations of increased accountability about how that power and influence is used).

Which brings me to the third prompt for this post: a Twitter thread from @KateAronoff about a meeting (to which the media were not invited) between Canadian Prime Minister Justin Trudeau and Amazon CEO Jeff Bizos, described by a CBC journalist as a 'bilateral' meeting. Now technically it is bilateral if two parties are involved. But Aronoff's point was to get us to pause and consider the implications of a world where the language of diplomacy is seamlessly used in this way. Normally, only heads of state have bilateral meetings... but then Amazon does 'run' a large part of the world in net terms.
Surveys suggest many consumers/citizens trust (private) big brand firms and business leaders more than they trust public institutions and elected political leaders. Trust is a key component of regulatory legitimacy and effectiveness. Yet as we design societal impact regulatory models for the globalised (and virtual) economy, and make use of -- or just acknowledge as real -- private governance contributions, we need to think about the authority and legitimacy and other qualities that only public institutions ultimately have.



Sunday, 22 October 2017

Regulating modern slavery in supply chains

What viable but principled regulatory model is best suited to regulating business supply-chains to ensure that they do not tolerate or promote forced labour, human trafficking, etc ('modern slavery')?

Does legislation that requires corporate reporting on measures taken within one's supply-chain to address these risks -- but which does not imposes statutory consequences for not complying -- have a place here?

Many activists argue 'Not'.

I would disagree. One can be highly motivated about addressing modern slavery in business supply-chains, yet support legislative models that others dismiss as 'undemanding'.

Australia is proposing a legislative model on this issue, drawing on s. 54 of the UK's 2015 Modern Slavery Act. The consultation on the proposed approach closed last week. (See the Consultation Paper here).

Last week I made a lengthy submission to that consultation.

Here is the gist...:
  • If the aim is to foster business engagement in preventing and solving the underlying problems, a model that give businesses space to address its operations and supply chains (which they know better than any regulator could), that is not prescriptive about reporting, and that does not impose penalties for non-compliance is defensible ... 
... but only ....
  • If the model clearly signals to business that more demanding / intrusive regulation is conditionally being held in reserve for a period, and will be implemented if the uptake by business is merely perfunctory and the reporting patterns do not indicate proper engagement in due diligence and other processes to identify, prevent, resolve and remedy human rights risks...
The current proposed model does not include penalties for non-compliance with the reporting requirement. Yet it makes no overt or explicit signal to business that there may be more demanding legislation in future if business uptake and response is weak.

This is from the intro to that submission, making the above points:

"... The point of all this is not the adoption of ‘tough’ regulatory postures for their own sake (even if these were politically viable): instead the point is to find ways to incentivise and support Australian entities to systematically identify and to prevent or address the underlying human rights risks...

... many features [of the proposed legislation] which this submission supports (such as refraining from any statutory consequences for non-reporting) are ultimately only justifiable, or likely to be received as legitimate by civil society, on a certain condition. This is that there ought to be a clear, signalled government message to business that government ... is prepared in future to consider more intrusive, demanding legislative measures if it is found that the proposed approach is not engendering meaningful engagement with the problem..."


See previous posts on 'modern slavery' and its regulation (in Australia and generally), most recently here.

Monday, 2 October 2017

Responsible business in a Trump era (III)

Just how compelling is the 'business case' for firms and funds to adopt and implement human rights policies?

Here I mean planning, self-assessment and reporting policies and systems that are explicitly framed in human rights terms -- not the wider idea of a 'business case' for being socially responsible.

Among the outgoing Obama administration's last actions in December 2016 was to shepherd in a US 'National Action Plan' on 'Business and Human Rights' (BHR).

The evidence so far shows clearly that a Trump-led US federal government will not lead, in policy, messaging and regulatory terms, in the BHR area. Indeed it will evidently not do so on the responsible or even sustainable business agendas more broadly.

If that is so, it may nevertheless happen that in the US and beyond, big business and the financial and insurance worlds drive parts of this broad agenda itself, not waiting for a national government lead.*

With important caveats, I have recently blogged on this possibility.** These blog-posts were offered in the search for a 'silver lining', from a BHR perspective, to Trump's election. Of course European governments + the EU (and others) might lead in America's stead. But the US matters.

If it happens that business does not wait for such a lead, it may be because there is a perceived 'business case' for it (even if part of that case is just longer-term anticipation by business of a degree of reversion in regulatory trends in a post-Trump presidency).

The 'business case' concept in the BHR field derives from the wider corporate accountability / responsibility field. It is a familiar feature of the CSR field, in particular. 

'Business case' is of course shorthand for the idea that whatever the ethical, moral or legal reasons for mitigating a business's social, enviro and governance impact, it makes good commercial sense, especially in the longer term, to embrace this agenda.

We need to be cautious about a 'business case' at the broad level: business sectors and sub-sectors -- and individual firms within these -- may have very different incentive structures (etc.) in responding to or anticipating social impact issues. The 'business case' concept is a more sound one when describing how those incentives etc might be approached in particular contexts, making a case each time.

For years the CSR and then emerging BHR fields spent considerable energy on articulating a general 'business case'. Yet in recent years BHR advocacy has sometimes appeared to proceed on the basis not only that the business case for acting on human rights risks is self-evident, but that it is or will go further and become an important driver of uptake by business of the BHR implementation agenda.

The thrust of the current post is to suggest that the Trump era will now put to the test claims made in recent years about the strength and obviousness and appeal of the business case for self-starting action on human rights risk.

Put another way (and partly for provocation's sake), it is easy to assert the existence of an obvious business case for business to be pro-active about addressing human rights impacts, but we need to be careful about assuming that this has some sort of self-executing logic to it.

At very least, it seems unlikely that all aspects of BHR will advance at equal pace and degree. Parts of some sectors in business may go with some aspects of the BHR agenda (eg 'modern slavery' in supply chains), while not on others; we may see uptake on some measures (eg human rights due diligence in larger listed firms and financial houses), but little movement in areas such as access to remedy.

Of course many would argue that because human rights are universal non-negotiable normative imperatives, emphasising the commercial advantages of investing in a human rights-consistent business is a wrong starting-place to 'motivate and justify' corporate engagement in human rights implementation.*** This is partly the thrust of a recent Harvard Business Review article entitled 'We shouldn't always need a business case to do the right thing'.

I think there is unarguably a business case for some kinds and sizes of firms to take the BHR agenda seriously. Demonstrating empirically that such action protects or creates commercial value is more difficult.


* This comment relates to the federal government: the same reactionary approach to promoting sustainable and responsible business conduct is not necessarily true of state-level governments in the US, some of them major economies in their own right, such as California.
** My previous posts on 'responsible business in a Trump era' are here (February 2017) and here (November 2016).
*** See Posner and Baumann-Pauly, 'Making the Business Case for Human Rights', in Baumann-Pauly and Nolan 2016, section 1.2.

Friday, 11 August 2017

Corporate supply chains and modern slavery

What are some factors in regulating corporate action and transparency on human rights risks across supply chains?

Today I present* to an Australian parliamentary enquiry into whether the country should adopt legislation similar to the UK's Modern Slavery Act 2015, in particular s. 54 of that Act, which requires larger UK firms to publish a statement on whether they've taken steps to address human trafficking and forced labour in their operations or supply chain.

I've included a link below to the full written submission that I speak to (and 200 or so other submissions from government, businesses and industry groups, civil society and others).

This post is to make 5 general reflective comments, briefly:

1. 'Great expectations': many submissions over-state the regulatory reach and effect of both a government such as Australia and large companies in respect of their supply chains. While advocates want to draw the 'business and human rights' paradigm into service in addressing many of the imbalances and inequities of the globalised production system, we need to keep perspective. Legislation addressing 'modern slavery' in Australian corporate supply chains is important and can have some practical and messaging effects. But the phenomenon reflects deep governance capacity and incentive problems in developing countries. Such problems cannot be 'fixed' by even the most comprehensive and sophisticated regulation in investor-sending countries.

2. 'Definitions matter': while many submissions address problems in labour conditions here and abroad, 'slavery' is not a term to be bandied about in the hope of larger reform to such conditions. It reflects the oldest, strongest-pedigree norm in international human rights law. It is not to be diluted, tempting as it is to recruit the rhetorical power of 'human rights' in service of all sorts of campaigns.

3. 'Government lead': any requirement that large firms address these risks in their supply chains should arguably also apply to at least large federal government procurement behaviours, if only because government must lead by example. This much is clear from Pillar I of the 2011 UN Guiding Principles on Business and Human Rights, unanimously adopted by UN member states on the Human Rights Council.

4. 'Compliance tunnel vision': we should aim at regulation that encourages and incentivises all stakeholders to work together to prevent and remedy these complex problems. Legislation that creates highly process-focused requirements has the risk of diverting attention to narrow procedural cultures of compliance, which become 'rituals' of their own (Charlesworth and Larking 2010-2015, developing John Braithwaite's work) and become the point of the exercise -- rather than solving the underlying problem.

5. 'Messaging': related to (3) above, it is cost-free for government simply to state its expectation that businesses will comply with human rights standards and remedy their breach where established. This does not sound like 'regulation', but such messaging may be the most importand and influential form of influencing corporate conduct, and signalling the possibility of intervention in future.


* I present also on behalf of Justine Nolan, co-author of our joint submission to the enquiry and a leading scholar in this field. That submission can be found on the Enquiry's website, here. For the Enquiry's Terms of Reference, see here.

PS: for a recent blog post I did on this issue in the Australian context (but making more general points), see here.