Our Privacy and Law Enforcement Principles
Our Privacy and Law Enforcement Principles set out our commitment to meeting obligations to respond to agencies’ and authorities’ lawful demands without going beyond what is mandated in law (other than under specific and limited circumstances).
Abiding by our principles can be challenging in certain countries at certain times. In practice, laws governing agencies’ and authorities’ access to customer data are often both broad and opaque and frequently lag behind the development and use of communications technology. Furthermore, the powers in question are often used in the context of highly sensitive and contentious developments — for example, during major civil unrest or an election period — which means that Vodafone colleagues dealing with agencies and authorities in the country in question can be put at risk for rejecting a demand on the basis that it is not fully compliant with legal due process.
The Vodafone Privacy and Law Enforcement Principles
We do not:
- allow any forms of access to any customer data by any agency or authority unless we are legally obliged to do so;
- go beyond what is required under legal due process when responding to demands for access to customer data other than in specific safety of life emergencies (such as assisting the police with an active kidnapping event) or when refusal to comply would put our employees at risk; or
- accept any instruction from an agency or authority acting beyond its jurisdictions or legal mandate
- insist that all agencies and authorities comply with legal due process;
- scrutinise and, where appropriate, challenge the legal powers used by agencies and authorities in order to minimise the impact of those powers on our customers’ rights to privacy and freedom of expression;
- honour international human rights standards to the fullest extent possible whenever domestic laws conflict with those standards;
- communicate publicly any threats or risks to our employees arising as a consequence of these principles, except where doing so would increase those rights; and
- seek to explain the scope and intent of the legal powers available to agencies and authorities in all countries where it is lawful, to do so.
Our Freedom of Expression Principles
Our Freedom of Expression Principles set out how we seek to uphold our commitment to respecting our customers’ lawful rights to hold and express opinions and share information and ideas without interference when faced with law enforcement demands.
They are informed by international laws, standards and industry principles, including:
- Universal Declaration of Human Rights
- International Covenant on Civil and Political Rights
- International Covenant on Economic, Social and Cultural Rights
- UN Guiding Principles on Business and Human Rights
- UN’s ‘Protect, Respect and Remedy’ Framework
- OECD Guidelines for Multinational Enterprises
- Reports of the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression
- Global Network Initiative Principles
The Vodafone Freedom of Expression Principles
- respect and seek to protect our customers’ lawful rights to hold and express opinions and share information and ideas without interference;
- seek to challenge agency or authority demands that appear to us to be overly broad, insufficiently targeted or disproportionate in nature;
- honour internationally recognised human rights laws to the fullest extent possible while also meeting our obligations to comply with local laws;
- seek to increase public understanding – within the limits of lawful disclosure – of the powers and practices used by agencies and authorities in pursuit of mandates which may restrict freedom of expression;
- seek to persuade governments, agencies and authorities – where feasible – to implement measures that minimise or mitigate the impact on freedom of expression arising from the implementation of a lawful demand;
- seek to influence and inform the development of laws relevant to our industry – where we have the opportunity to do so – in order to limit constraints on freedom of expression to narrowly defined circumstances based on internationally recognised laws or standards; and
- seek to intervene at the highest possible levels should our employees come under duress as a consequence of their refusal to process an agency or authority demand that is unlawful.
We do not:
- go beyond what is required under legal due process when responding to demands other than where refusal to comply would put our employees at risk; or
- block access to services or content beyond measures that are:
- specified in a lawful demand from an agency or authority;
- undertaken under the IWF or equivalent schemes that are designed to prevent access to illegal online child abuse material;
- defined and implemented by the customer directly through parental controls software or other user-defined filters, with simple and transparent opt-in and opt-out mechanisms; or
- undertaken to protect the integrity of our customers’ data, manage traffic or prevent network degradation, for example blocking spam or malware or taking action to prevent denial of service hacker attacks.
We believe governments should:
- establish legal frameworks governing freedom of expression which are clear, unambiguous and publicly explained;
- ensure national laws that interfere with freedom of expression are limited to the necessary not the possible, restricting intervention to those measures which are proportionate, carefully targeted and consistent with internationally recognised human rights laws and standards;
- ensure, under those frameworks, that each individual agency or authority action restricting freedom of expression requires prior authorisation by a publicly accountable senior figure (such as a minister or a judge) who would be responsible for verifying that the authorisation sought conformed to the legally defined purpose;
- establish an entity to provide independent oversight, providing it with legal powers to compel all parties (including agencies, authorities and companies) to supply all information required to assess compliance with due process;
- commit to full transparency in disclosing to a parliamentary committee, constitutional court or similar publicly accountable body, the extent to which agencies and authorities had complied with due process over a given period;
- publish – at least annually – relevant and meaningful statistical information related to the number of agency and authority demands issued to block or restrict access to services or content; and
- ensure their citizens are made aware whenever access to specific content has been blocked for legal reasons; for example, by permitting telecommunications operators and service providers to supply an online ‘splash page’ instead of a simple ‘404 page not found’ error message.
Collaboration / Global Network Initiative
Our approach to managing law enforcement demands is aligned with the UN Guiding Principles and the Global Network Principles.
GNI Participants commit to implement the organisation’s Principles on Freedom of Expression and Privacy (“the GNI Principles”), which provide direction and guidance to the ICT industry and its stakeholders in protecting and advancing the enjoyment of these human rights globally.
- Freedom of Expression
- Responsible Company Decision Making
- Multi-stakeholder Collaboration
- Governance, Accountability and Transparency
Our related policies
Our Freedom of Expression Principles are upheld in Group Policies, such as:
- Group Code of Conduct – sets out our core business principles, e.g. ‘ We value the trust our customers place in us and safeguard the information provided to us’
- Group Human Rights Policy – confirms our commitment to the rights to privacy and freedom of expression.
- Group Law Enforcement Assistance Policy – creates the governance and necessary safeguard requirements to ensure we appropriately balance respect for our customers’ right to privacy and freedom of expression with other obligations necessary to a free and secure society.
- Group Privacy Management Policy – defines our Privacy Vision and a privacy management framework which is implemented across Vodafone and which ensures conformance with our Risk Tolerance and Principles.
- Artificial Intelligence Framework – sets out our approach to working with AI technologies and outlines how we intend to develop and employ it in a responsible manner.
Our Group Law Enforcement Assistance Policy applies to all Vodafone companies and joint ventures with an interest of 50% or more, or management control, and to their employees, contractors, suppliers, and directors.