The Operation of the GNI Principles when Local Law Conflicts with Internationally Recognized Human Rights

The question that was core to the formation of the Global Network Initiative in 2008 remains just as critical today: to what extent can companies operate responsibly in jurisdictions where the government enacts laws and pursues policies that conflict with international rights to freedom of expression and privacy, and how can they do so?

Even advanced democracies enact laws and policies that can conflict with international human rights law. However, recent concerns have focused on jurisdictions with poor human rights environments and weak rule of law, where governments actively pursue restrictive and intrusive policies which impact privacy and freedom of expression. Such jurisdictions feature, for example, over-broad obligations on intermediaries to monitor users, the criminalization of many categories of speech, broad censorship powers, non-proportionate mass-surveillance, and use of government-ordered network disruptions, among others.

GNI works to promote respect for freedom of expression and privacy rights in the information and communications technology (ICT) sector. GNI member companies commit to implement the GNI Principles on Freedom of Expression and Privacy (“GNI Principles”) with improvements over time, in accordance with the GNI Implementation Guidelines, even in the most difficult jurisdictions.

Over the past decade, actions taken by GNI members through periodic assessment of company practice, shared learning among different stakeholders, and policy engagement, are examples of efforts that have helped to avoid and mitigate the impact of government restrictions on freedom of expression and privacy, including censorship and surveillance of journalists and human rights defenders. GNI’s biennial public assessment reports provide some illustrative, anonymized examples of the kinds of challenges member companies face and how the GNI Principles may apply.

What is expected of GNI companies?

Consistent with the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines on Multinational Enterprises, the GNI Principles recognize that companies “should comply with all applicable laws and respect internationally recognized human rights, wherever they operate.” If national laws, regulations, and policies do not conform to international standards, the GNI Principles call on companies to “honor the principles of internationally recognized human rights to the greatest extent possible” to “avoid, minimize, or otherwise address the[ir] adverse impact” and “be able to demonstrate their efforts in this regard.”

The GNI Principles, all GNI members, and GNI as an organization aim to advance freedom of expression and privacy rights globally. We also recognize that there is no “one size fits all” approach to responsible business conduct and that the offer of some services in a challenging jurisdiction may not pose the same human rights risks as the offer of other services. For GNI, the appropriate question to ask of member companies is whether they are acting in a manner consistent with the GNI Principles and Implementation Guidelines in all jurisdictions where they operate.

The GNI Principles help protect users’ rights by giving companies practical guidance and facilitating multistakeholder engagement. GNI also provides a trusted platform for discussing the complex and constantly evolving threats to freedom of expression and privacy in the ICT sector, and for collective action by our members, consistent with law, to promote the adoption of laws, policies, and practices that protect, respect, and fulfill freedom of expression and privacy rights.

However, even this, together with principled company action and coordinated advocacy, may not lead to on-the-ground improvements in government policies or demands, especially in difficult jurisdictions.

What does this mean for member companies’ independent decisions to enter or exit a jurisdiction?

The GNI Principles and Implementation Guidelines offer companies guidance on, for example, how to assess and address the possible impacts of business decisions with respect to human rights, including entering or exiting a jurisdiction. Although GNI does not dictate whether companies should enter or exit any given jurisdiction, company policies, processes, and case studies related to such decisions may be reviewed as part of the GNI assessment process. The GNI Implementation Guidelines [#2.6] specifically identify the entry into, or exit from, a jurisdiction in which freedom of expression or privacy are limited as a situation “where human rights due diligence has revealed the need for human rights impact assessment.”

As part of their human rights due diligence, companies must evaluate whether relevant local laws and practices are consistent with international and regional human rights norms and assess actual and potential impacts. They must then develop mitigation strategies for risks to the rights to freedom of expression and privacy. They must also consider whether their presence and the product or service they offer could facilitate or mitigate abuses, endanger or empower users, and influence government policy in a positive or negative direction. These considerations must be specific to the products or services the company plans to offer, as well as to the particular jurisdiction, and should account for short- and long-term impacts.

In some instances, the application of the GNI Principles may lead to a company’s services being blocked by governments. In others, a company may decide to exit a jurisdiction partly because of a government’s disregard for human rights. Weighing the positive and negative impacts of such a decision over the short- and long-term is particularly challenging.

Some GNI company members have publicly recognized such potential negative human rights impacts by conducting and, in some instances, publishing impact assessments on local operations, including related to jurisdiction entry and responsible divestment. Others have been publicly transparent about their view that with an eye to the longer term, they can more effectively respect human rights through engagement and presence in, rather than absence from, countries with significant human rights challenges (1). Transparency about a company’s approach to these issues, including communication with other stakeholders, sends a valuable message to users about how the company implements its commitments to freedom of expression and privacy rights.

How do we know if companies are acting consistent with their commitments?

The GNI Assessment process, to which all participating companies are subject, provides a means of verifying whether and how companies are implementing the GNI Principles. Confidential by design, this process involves independent assessors reviewing internal company policies and procedures, as well as case examples that illustrate how companies have responded to government restrictions in practice. Entry or exit may be a case examined in such an assessment. Assessors prepare detailed reports that are reviewed by GNI’s multistakeholder Board of Directors (2). The board determines whether each member company is making good- faith efforts to implement the GNI Principles with improvement over time.

While individual assessments are kept confidential, GNI does publish a public report of each assessment cycle. These public assessment reports provide an overview of the types of specific cases and any potential issues or questions raised and addressed through assessment, and articulate key findings that may be useful to stakeholders inside and outside of GNI.

How does this matter for users?

There are no easy answers, including in the GNI Principles, to the vexing challenges companies face in difficult jurisdictions. Taken together, implementation of the GNI Principles, independent assessment, and multistakeholder collaboration provide users with a degree of confidence that GNI member companies are constantly evaluating — both internally and with external stakeholders — how to respect their rights. Further evidence of this can be found in the results of independent evaluations, like the 2019 Ranking Digital Rights Corporate Accountability Index, in which the GNI member companies that were evaluated earned the highest scores due to “relatively strong governance and oversight of human rights.”

Ultimately it is up to users of ICT products and services to determine which companies they trust with their data. GNI provides guidance and independent assessment, which help companies develop and demonstrate the steps they take to respect user rights, even in the most challenging circumstances.


GNI member companies routinely disclose information publicly about their work to respect human rights on their websites and in their periodic transparency reports. You can find additional information about GNI member companies’ commitment to and implementation of human rights principles at the links listed below (3):

(1) These are just some examples, and are not fully representative of any particular company’s efforts or of what any particular company is required to undertake. For additional examples of steps taken by GNI Member Companies to address human rights risks generally, please see the Appendix.

(2) The assessment reports are one part of the broader assessment process. For a full description of that process, please see the relevant section of our website:

(3) These links are to companies’ individual websites. GNI does not maintain these websites.