Ranking Digital Rights (RDR) reviews the world’s biggest Internet and telecommunications companies under the three categories of privacy, governance, and freedom of expression. It provides investors, lobbyists, and other stakeholders with a comparison of firms’ respect for human rights. The index consults the companies’ privacy policies, terms of service, and other self-disclosed, publicly available documents in its evaluations. This year’s index has expanded to include Chinese Internet company Baidu for the first time. It evaluated Tencent in 2015, and has re-assessed the company under the new methodology used in the 2017 ranking. Baidu and Tencent were both low on the list, with Tencent coming in third-to-last and Baidu at the very bottom.
The review of Baidu included its Search, Cloud, and PostBar (贴吧 tieba) services. To contextualize the Chinese companies’ policies, the RDR report cites the 2016 Freedom on the Net publication from Freedom House. Freedom House deemed China’s Internet “Not Free” and placed China as the lowest-scoring country for the second year in a row. In RDR’s governance category, Baidu was the only company to score 0% for its lack of commitments to upholding human rights in employee training, due diligence, top-level oversight, or remedy mechanisms. Furthermore, Baidu provided no indication of how it responds to government and private requests for user data. Only Baidu PostBar’s user agreement stated that it complies with law enforcement requests for user data and private requests that the users choose to post.
The RDR assessment of Tencent covered the company’s QZone, QQ, and WeChat services. Tencent’s moderately higher scores across all three categories indicate that Baidu has room for improvement. Tencent has differing policies for its users in mainland China, Hong Kong, Taiwan, and outside of East Asia. The report found that the policies in English and traditional Mandarin are more detailed than their simplified Mandarin equivalents used in mainland China. The 2017 RDR index only reviewed the simplified Chinese documents.
Tencent scored higher than Baidu in all three categories, tying with Google on governance. On freedom of expression, Tencent’s rules regarding the types of content it excludes were clearer than Apple’s. On privacy, Tencent’s disclosures about the type of data it collects are on par with Facebook, Yahoo, Twitter, and Russia’s Yandex. Tencent tied with Yahoo, Twitter, and Facebook regarding disclosures about its security practices. However, none of these companies scored well on questions of how they notify users about and respond to data breaches and other security incidents.
These findings have arisen shortly after Tencent has become the first Chinese brand to pass the $100 billion valuation mark. Yet in its quest to establish international user bases Tencent will have to address data security and privacy concerns. In May 2016 the University of Toronto’s Citizen Lab uncovered security vulnerabilities in Tencent’s widely used QQ Browser. These included unencrypted transmission of users’ search histories, URLs visited, and even the hard drive serial numbers of their devices. As Adam Minter has pointed out in an article on changing Chinese conceptions of online privacy for Bloomberg View:
“Concerns about data security will also cramp Chinese companies’ ambitions to expand overseas. China wants firms such as Alibaba and Tencent to be global brands no less than Facebook or Google.
The good news is that a consensus is growing in China that the problem must be addressed. Any solution will have to start with the government writing national standards on protecting online data. It can’t end there, though. Earlier this month, during China’s National People’s Congress, Tencent CEO Pony Ma called for standards to be combined with a national system for reporting data breaches, allowing companies like his to close leaks as soon as possible.” [Source]