Explicit and clearly articulated policy commitment to human rights, including freedom of expression and privacy.
The service provider has no language in any of its policies or other documentation expressing a commitment to human rights, including freedom of expression and privacy.
❌
The board of directors exercises formal oversight over how company practices affect freedom of expression and privacy.
The service provider has no language in any of its policies or other documentation describing board-level oversight processes relating to human rights, including freedom of expression and privacy.
❌
An executive-level committee, team, program or officer oversees how company practices affect freedom of expression and privacy.
The service provider has no language in any of its policies or other documentation describing executive-level oversight processes relating to human rights, including freedom of expression and privacy.
❌
A management-level committee, team, program or officer oversees how company practices affect freedom of expression and privacy.
The service provider has no language in any of its policies or other documentation describing management-level oversight processes relating to human rights, including freedom of expression and privacy.
❌
Provides employee, volunteers or other staff training on freedom of expression and privacy issues.
The service provider has no language in any of its policy or other documentation employee, staff, or volunteer training processes relating to human rights, including freedom of expression and privacy.
❌
Maintains a whistleblower program through which employees, volunteers or other staff can report concerns related to how the company treats its users’ freedom of expression and privacy rights.
The service provider has no language in any of its policy or other documentation describing an employee whistleblower program.
❌
As part of its decision-making, considers how laws affect freedom of expression and privacy in jurisdictions where it operates.
The service provider has no language in any of its policy or other documentation describing consideration of laws in the jurisdiction and how they impact freedom of expression and privacy, in its decision-making processes.
❌
Regularly assesses free expression and privacy risks associated with existing products and services.
The service provider has no language in any of its policy or other documentation describing assessment processes for existing products and services regarding risks to human rights, including freedom of expression and privacy.
❌
Assesses free expression and privacy risks associated with a new activity, including the launch and/or acquisition of new products or services or entry into new markets.
The service provider has no language in any of its policy or other documentation describing assessment processes for new products, services, or activities regarding risks to human rights, including freedom of expression and privacy.
❌
Assesses free expression and privacy risks associated with the processes and mechanisms used to enforce its Terms of Service.
The service provider has no language in any of its policy or other documentation discussing evaluation of freedom of expression and privacy risks when enforcing its terms of service.
❌
Conducts in-depth due diligence wherever the company’s risk assessments identify concerns.
The service provider has no language in any of its policy or other documentation disclosing that it conducts due diligence regarding concerns raised in any risk assessments in formal policy documents or in other communications that reflect official company policy.
❌
Senior executives and/or members of the company’s board of directors review and consider the results of assessments and due diligence in decision-making for the company.
The service provider has no language in any of its policy or other documentation describing executive or board-level review processes relating to conducting or using assessments of risks to human rights, including freedom of expression and privacy, and due diligence in decision-making.
❌
Conducts assessments on a regular schedule.
The service provider has no language in any of its policy or other documentation describing any timeline or interval on which they conduct human rights impact assessments.
❌
The company initiates or participates in meetings with stakeholders that represent, advocate on behalf of, or are people directly and adversely impacted by the company’s business.
The service provider has no language in any of its policy or other documentation describing consultation with stakeholders that represent, advocate on behalf of, or are people directly and adversely affected by the company’s business.
❌
Clear disclosure of processes for receiving complaints.
The service provider has no language in any of its policy or other documentation describing a process for receiving human rights or privacy complaints. It does have mechanisms for seeking support from the company, but not complaints specifically. It does have information describing how to register Privacy Shield complaints, but those are with a third party and specific to Privacy Shield.
❌
Clear disclosure of process for responding to complaints.
The service provider has no language in any of its policy or other documentation describing a process for responding to human rights or privacy complaints it receives.
❌
The company reports on the number of complaints received.
The service provider has no language in any of its policy or other documentation reporting the number of human rights or privacy complaints it receives.
❌
The company provides evidence that it is responding to complaints.
The service provider has no language in any of its policy or other documentation providing evidence that it is responding to human rights or privacy complaints it receives.