IGF 2021 – Day 4 – Town Hall #11 Leveraging the UNGPs on Business and Human Rights in tech

The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> We all live in a digital world. We all need it to be open and safe. We all want to trust.

>> And to be trusted.

>> We all despise control.

>> And desire freedom.

>> We are all united.

>> MARYAM LEE: Shall we begin? Thanks everyone. Good morning, good afternoon, good evening, depending on wherever you are in your respective positions. Welcome to this session at the IGF, leveraging the UNGPs for the tech sector. Today we are here ‑‑ today we are here to basically share our experiences. It's basically in the title. We are sharing our experiences in leveraging the United Nations digital rights for technology users in our respective countries.

Kathryn, could you go to the next slide, please? Thank you. First let me introduce myself. I'm Maryam Lee, the facilitator for this session today. I work as strategy program manager at the IO Foundation, a digital rights organization working on data centric digital rights. We are very happy to be at the Internet Governance Forum. I would like to take this opportunity to wish everyone a happy Human Rights Day.

This session is going to be held for 90 minutes. We will have presentations by our panel of speakers today who I will introduce. As usual, you may raise your hand if you'd like to speak, use the Q&A function to ask questions and use the chat function to comment or give your feedback. Welcome everyone to join the discussion we have today. There will be time for discussion at the ‑‑ after the presentations. So now I would like to introduce all of you to our panel. We are going by order of speaking. We have Kathryn Doyle from Global Partners Digital. We have myself, Maryam. I'm based here in Malaysia. Then we have ADC, a civil society organization based in Argentina represented by Eduardo. Then we have Paradigm Initiative based in Nigeria. We have Gabreal here representing Paradigm Initiative. And we have InternetLab, we're going to be hearing from Barbara. Then we have Institute for Policy Research and Advocacy, ELSAM, based in Indonesia with Alia. Then we're going to have Kennedy from the Bloggers Association of Kenya. That's who we are.

As for why we're here, here is a little background. We've had this session before at the RightsCon held last June, if I'm not mistaken. We focused a lot more on National Action Plans which are actually policy documents which a government articulates priorities and actions it will take to protect human rights from business‑related activities. Just a little back ground, as of today, 26 countries have published a National Action Plan. The earliest being the UK in 2013, the latest being Japan in 2020. In Asia the first plan was Thailand in October 2019, and there is a specific mention for technology and digital rights protection in some of these countries' area of focus. Japan in particular has a particular mention for technology and digital rights which is a step in the right direction. However, very few of these existing National Action Plans currently address the specific impacts of human rights by the activities of tech companies, even though, as the COVID‑19 pandemic has highlighted the potential scope of these impacts the pretty substantial. So we believe tech companies can play a very positive role in enabling the access of human rights. For example, action to education and health services, but they can also pose a risk. Internet shutdowns, blocking access to information, privacy issues, also bias in AI and things like that.

What we're going to be talking about essentially is how we connect digital rights advocacy in general to global United Nations frameworks, specifically the United Nations Guiding Principles on Business and Human Rights and also the possible connections to the Sustainable Development Goals.

Throughout the presentations we will see two main approaches on leveraging the UNGP. As I mentioned earlier, a lot of the colleagues here focus on governments for the inclusion of digital rights into the National Action Plans because these are very important national documents, but also slightly different from our session in RightsCon, today we're going to share a little bit more on the second main approach which is advocating with the technology private sector by engaging technologies and technology providers, essentially the National Action Plan approach is more in line with the first pillar of the United Nations Guiding Principle, and the second approach which is directly engaging with the private sector itself, in line with the second pillar of the UNGP which is the corporate responsibility aspect.

Without further ado, I would like to invite our very first speaker from ADC, Eduardo. Are you there?

>> EDUARDO FERREYRA: Yes, I'm here. Thank you, Maryam for the presentation. Thanks everybody for being here with us. My name is Eduardo Ferreyra, project manager of Asociacion por los Derechos Civiles based in buenos Aries, Argentina. Working since 1995 in the defense and promotion of human and rights, not only in Argentina, but Latin America. While our organization covers different topics, different rights, a great part of our work is focused on digital rights. So for this reason, we are starting to look very carefully to the national business and human rights framework in general. The United Nations Guiding Principles in particular constitute a cornerstone of our work on business and human rights. Guiding Principles are the key treatment because it can serve to make product companies comply with human rights and not only private companies, but also state governments to push them to look closely at that issue and take measures to make companies comply with it.

As you may already know, Guiding Principles are based on three fundamental pillars, and the duty of the state to protect human rights, the responsibility of private companies to respect human rights and private companies and public to manage damage ‑‑ that's why our agency is aimed at both private and public sector. On this presentation I would like to focus on pillar one. I will use the case and its relationship with National Action Plans on human rights. In 2014 the United Nations Human Rights Council called all member states to develop their National Action Plans. In addition, encouraged implementation of the United Nations Guiding Principles to other member countries. The G20 has also expressed support for developing and updating that. In Argentina ‑‑ three major organizations. Despite that, Argentina doesn't have any action plan, National Action Plan so far. But there was a process that was started in 2017 because in 2017 Argentina implemented for the first time national human rights plans. Within that framework the company committed to ‑‑ human rights in that same period. That process started, but unfortunately it was cut short because the then government lost the election, so a new government took the office and it's a feature of our country that there is no continuing from different policies to government. Every time a new government took office, they just start over again. So that process was interrupted, but nowadays we are starting to see a new initiative of the current government to start a new human rights ‑‑ National Action Plan for these human rights. This is a commitment that Argentina has made to the United Nations when my country submitted the candidates to the human rights ‑‑ Argentina will share it for the next year. One other commitment is to have a NAP in the country. So a couple months ago the government started this new process calling different stakeholders, academia, organizations, and IDC attended the plan. Our goal is to try to ‑‑ try the digital perspective be into the plan. Digital rights in private company are not a topic in Argentina as other topics like environmental issues, which is usually the main topic. That's a main challenge for us. The main challenge for us is to try to shed light on how digital companies can affect human rights in the countries.

Different issues like surveillance, but also data protection and access to internet ‑‑

We know that there are several opportunities for us to ‑‑ digital perspective. There is a growing concern in Argentina, especially with surveillance, for instance. Argentina deploy several digital technologies to survey people, especially ‑‑ but these deployment usually are made without data protection assessment impacts, without having an updated framework in the country, for instance. This is an opportunity for us to raise our concern to the government and try to put this concern in the new guide, NAP. So there's not much information about this initiative right now. But we hope to expect more information from the next year. I think I'm running out of time. I will stop here and then we can open discussion.

>> MARYAM LEE: Eduardo, Malaysia has a similar problem actually. At the beginning of the NAP process, there was no mention, zero mention of digital rights into the plan of the National Action Plan. But after two years of advocating with the government, finally we have some progress. Definitely keep at it. Thank you so much, Eduardo. Next we will go to Paradigm Initiative. Hello, Gabreal.

>> GABREAL ODUNSI: Hi Maryam. Thank you very much. Can you hear me?


>> GABREAL ODUNSI: Good afternoon everyone from Nigeria. My name is Gabreal Odunsi with Paradigm Initiative. We're focused on improving livelihoods of people ‑‑ we do this in digital inclusion programs and digital rights activities. Focusing on the topic ‑‑ also Nigeria is facing a similar problem but we've moved to another level with the government. I'd like to mention, it is the duty of the state to protect human rights of the public which is actually the pillar one of the Guiding Principles. Following on this, between 2012 and 2017 the government tried ‑‑ not tried. They developed the first draft. This first draft did not have any mention of tech regarding Malaysia ‑‑ Nigeria. We were following the activities in preparation for the NAP for the country. So we say in 2018 to engage the government because there was something called public hearing whereby you can give feedback. Through that publish hearing we give our feedback and give us the opportunity to have more access to engage with the government. So in 2019 we started that. From there we were able to work with other civil society organization. So we had this steering committee called national business and human rights steering committee. So we lad not just people around the tech society ‑‑ tech civil society. We also have people from different sectors within the country. So at that round table we began to work on the drafts, the second draft for the National Action Plan. Through that we were able to include the trust. About three months ago we received a draft company of the new NAP which has actually been presented to the governments at the moment ‑‑ when I say the government and national human rights commission for the country and the vice president ‑‑ we are just waiting for them to give consideration to it and that will become a public document. But I just want to ‑‑ the government begin to take this NAP as a ‑‑ document because it gives opportunity for them to actually moderate, which is their function to protect human rights. Mod rates effectively what tech industries are doing and how they are relating to human rights within different space in the country. It helps them to monitor. Helps them to also help the people to address where possible. It gives them the power to engage accurately. I'm just going to say they should make this process as soon as possible. As we know, everything is moving towards tech, education, transportation, every aspect of life is moving towards tech. ‑‑ thank you very much.

>> MARYAM LEE: Thank you very much, Gabreal. Happy to see that Nigeria is a lot, lot further ahead than countries like Malaysia. Thank you so much for sharing your insights on that one.

Next we have Barbara from the InternetLab. InternetLab needs no introduction, digital rights advocacy based in Brazil. Are you there, hello?

>> BARBARA SIMAO: I'm here.

>> MARYAM LEE: Go ahead.

>> BARBARA SIMAO: Thank you, Maryam. First of all, I'd like to thank Kathryn and Maryam for the organization of the session. I'm glad to here speaking. I'm Barbara Simao, head of research on privacy surveillance at InternetLab, which is a research center based in Sao Paulo Brazil, production of knowledge in the areas of laws and technology. I'm here to talk a little bit about research we've been developing since 2016 that's called who defended your data. That aims to promote transparency and best practices in terms of privacy and data protection by companies providing internet connections in Brazil. With this research, we have the intention to create a race to the top, encouraging companies to compete in privacy and data protection parameters. It's the Brazilian version of who has your back. During the year, we engaged with companies to evaluate practices regarding privacy and data protection standards. So we designed evaluation parameters capable of measuring a company's public commitment to their user's privacy. Each company is evaluated according to six categories, six parameters that take into account the requirements of legislation in Brazil and also international best practices.

We have six categories, the first is on data protection policy, and we evaluated the company, provide clear and complete information about data information practices. In the second category we evaluate law enforcement guidelines. If the company undertakes to follow the interpretation of the most protective law on the right to privacy when personal data are requested by law enforcement agents. The third category, we evaluate if the company challenged administrative or digital ‑‑ legislation that it considers violating user's privacy. The fourth category we evaluate public positioning of the company in favor of privacy. So the company positioned itself in public hearings or in newspapers, stressing the culture of protection of those rights in Brazil.

The fifth category, we evaluate if the company published transparency reports with basic information on data requests by public health parties and if they prepare and publish data protection. And in the sixth we evaluate of the company not to ‑‑ users when it receivers data requests.

If the company is doing well, we grant them a star, as you can see in the slide, or at least a part of a star if it's in a good way, a good path forward. In our evaluation we have an engagement phase with these companies. During a year we collect data based on their contracts, web pages, sustainability reports and other documents that might be useful for us. And then we send to them a previous analysis so they can make observations, send us further documents that we might have missed and maybe have a chance to change our practices before the report is launched. So I put these images comparing our first version of who defended your data to our last version that was launched this year and showed the evolution of the project throughout these years. In 2016 we didn't have data protection law yet in Brazil, and no company achieved a full story in categories that measured access to information, public positioning in favor of privacy, publication of transparency reports or user notification. It was really the worst year that we lad in the research since its beginning. It was the first year. Things changed throughout the years. So in 2017 we noticed that companies began to publish transparency reports with government requests to access user's data. And in 2020, after the Brazilian data protection law came in, we had the biggest advance in the category of access to information. So companies began to adopt privacy web pages. And also punctuated better in categories of user defense in the judiciary and public positioning in favor of privacy. The last year in 2021 we noticed a major advance in the law enforcement guidelines. Countries began to publish protocols with rules for data transfers for public health authorities, law enforcement agents. But there are, however, practices that do have some resistance to being adopted, especially practices that are not mandatory by law and that consist in best practices. Companies still didn't notify users in cases of data access requests which is not mandatory by law in Brazil and don't publish yet data protection impact assessments which is also not mandatory by law in Brazil. They are really resistant ‑‑ in terms of best ways to defend users' data.

So in conclusion, I would just like to say that we think that this project is a good example of how this engagement process with the private sector can bear good results throughout the years. It's a long way ‑‑ it's a long‑term process, encouraging companies to change their practices. While in this case we only evaluate parameters related to privacy. I believe this engagement can also be fruitful in other areas that involved respect for human rights and corporate responsibility, leveraging the principles. I think that's it. Thank you so much.

>> MARYAM LEE: Thank you, Barbara. Actually, I should have mentioned earlier that Eduardo's presentation and Gabreal's presentation were examples of the first approach that we mentioned earlier which is the approach to advocate with the government. Barbara's presentation with InternetLab is the first of the two ‑‑ of two examples of the second approach of the advocacy with the private sector. So, yeah, I should have mentioned that a little bit earlier so it's easier for the audience to follow. We have two examples for the first approach, and now we have two examples for the second approach. Barbara just gave us an excellent presentation on how InternetLab engages tech companies for advocacy for the UNGP framework in Brazil. Thank you very much.

I have some questions, but let's move to Indonesia first. Alia, are you there?


>> MARYAM LEE: The floor is yours.

>> ALIA YOFIRA KARUNIAN:  Thank you so much. Good morning, good afternoon, good evening to everyone, depending where you are now. Thank you for being here today. I'm honored to be here as well at the IGF. I'm Alia Yofira Karunian from the Institute of Policy Research and Advocacy. I'll jump into the presentations because I know we have limited time. I'll be sharing ways on ways ESLAM has been engaging with tech companies to address digital rights issues as part of our bigger policy advocacy work which involves governments, relevant ministers and house of representatives in Indonesia. The first point is that in Indonesia data exploitation and privacy violations conducted by fintech companies, particularly lending companies is a huge problem here. For those who aren't really familiar with what is lending ‑‑ provides from online loans usually with very high interest that are more easily accessible than conventional credit for those without reliable income or assets and women and LGBTQI communities, making up a significant portion of their users as clients. So the process is relatively simple. A photo of us holding our ID card. We apply for the loan and the money will be transferred to our bank account and they you need to pay it back, normally with very high interest which is a problem here in Indonesia. Because of this con Venn yen see and fast process, most people turn to these lendings, even with the high interest that comes with it. Especially in situations during the COVID‑19 pandemic where people are losing their job because of the layoffs or transgender community because of lack of access to jobs and businesses are struggling because of the COVID‑19 restrictions. So online loan applications become a solution to meet their daily needs.

There are even reports that found illegal fintech applications are building user bases based on personal data obtained from the data sold in dark web as a result from the data breach. This is why it's not surprising that even though we are not using the application directly, we are also suffering from a risk of being a subject or victims of identity theft cases in Indonesia, and we're seeing our data being shared by applications to third party.

I'm citing report from the Jakarta Legal Aid which has been following cases of these victims in Indonesia. The majority are women and gender minorities and online gender‑based violence, outing for the transgender communities. In some instances debt collectors have attempted to threaten and coerce the victims by leveraging access to legal names, ID pictures and public humiliation tactics. So me personally, for example, I've been invited where a debt collector is sharing my neighbor's ID picture who happened to use the online loan. The debt collector is publicly shaming and harassing her in the group. This is happening because the app has access permissions to phone users for private posts initially. But then they use it and share it for other purposes beyond and outside the user's content and even harassing their contacts, too, individually.

So there is also another instance where the app which has access to the user's phone gallery they'll load the personal pictures and share it without the user's content in order to further humiliate the users through the personal pictures of their users. As a result some people even lost their job because their bosses are being harassed by the debt collectors. Some cannot cope with the stress of being subjected to public humiliation and even these applications are driving people to commit suicide even. There are a lot of lived realities, and this problem actually stems from the fact that Indonesia, one of the major contributors because Indonesia doesn't have a comprehensive ‑‑ act. We currently have more or less 48 statute or laws that regulates the principles and several laws in financial sector which primarily focus on consumer protection rights, face also various challenges because these laws real really providing users with easily accessible rights ‑‑ to remedy when their rights are being violated. This is closely related to the ‑‑ providing access to remedies effective and easily accessible.

Because we don't ‑‑ these comprehensive regulations, people are left with litigation through civil court procedure, for example, and is also the case in Indonesia where the victims of the application haves been launched in civil lawsuit in or Des to address harms caused by this applications.

Leaving data subject to ‑‑ evidence before the Court without enough technical capabilities is very taxing work. This is why the role of regulations and governments and related to the ‑‑ however, in the meantime ELSAM is advocating about these issues, and given the gravity of the situations, there is a public pressure for these fintech companies or the association ‑‑ because they have an association called Indonesia fintech association or Aftech,  to develop a code of conduct to prevent these type of abuses and assisting the Aftech on code of ethics of privacy by design and by default, putting limitations on data sharing with third party and debt collectors and other ways to put the data participation principles into practice. And it's just launched several months ago, so I'm sure this is merely a guidance, sectoral guidance, the implementations will be equally if not more challenging than the code itself.

Coming back again to the first pillar, duty to protect, is still very much of fundamental importance here to establish a robust digital protection framework with its monitoring mechanism in place.

I think that's all from me, Maryam. Thank you very much. I'm looking forward to our discussions today. Back to you.

>> MARYAM LEE: Thank you so much, Alia. I can see the difference between Brazil's approach and Indonesia's approach with regard to engaging the private sector. Brazil uses a popular governance route where Indonesia is tackling it by issue with ‑‑ online debt?

>> ALIA YOFIRA KARUNIAN: Online loan applications.

>> MARYAM LEE: We have so many creative and diverse approaches here. Let's go to the Bloggers Association of Kenya. Are you here?

>> KENNEDY KACHWANYA: Yes, I'm here, but it's Kennedy.

>> MARYAM LEE: Yes, Kennedy from the Bloggers Association of Kenya.

>> KENNEDY KACHWANYA: Thank you very much, Maryam. So I'm just going to ‑‑ my presentation drew a lesson between the two approaches that Maryam mentioned, the national action advocacy and the tech sector engagement. I'm just going to give you more on what we learned through these two approaches. So first, Kenya committed to developing a National Action Plan that reflects the issues of priority through business and human rights in the country in 2016. Then it took up to 2019 for the country to publish their final National Action Plan document which by then was awaiting approval by the cabinet and the adoption by parliament. Again, from 2019, it took another two years for the cabinet to approve that document. And then now it's still waiting for the adoption by the parliament. There's good progress there.

My point here is when you're doing the advocacy which mostly is time‑based, the first lesson we have learned there is to have a longer term ‑‑ you have to look at it in more longer term than just seeing ‑‑ we learned to do the advocacy for two year or one year or three years because the government bureaucracy ‑‑ you can't predict it, but obviously things move a bit slow. So I think when you're designing a program, advocacy program, the most important thing is to have probably divided into more short term, maybe midterm and longer term version of it depending on how things will go with that.

The other thing that we have really come across and realize is the public awareness campaigns. For us we have used social media and the digital space to talk much about the NAP, the National Action Plan, and this has moved the needle. Whenever we do this, we see changes, either the tech sector side or the government side, we see people committing more to either developing the NAP or moving the process of the NAP or starting to accept that, if you're running a big business within the country, you need do respect the human rights in that point.

And then I'll move to talking about tech sector specific. One of the things that we have learned through the process is that the language matters. In Kenya, for example, when you use the word human rights, most SMEs, they feel like it's a confrontational issue. It's like you're having a confrontation with the government. Some of them, not all, but some of them shy away from that. They just want to do their businesses. They just want to run their startups and not be in a confrontation with the government. Whenever you say business human rights, sometimes it's the human rights part that comes up first and this one is left to the civil society and not the tech sector. So we added to tech to educating the tech SMEs and some of the big companies on what this exactly means, then with respecting the human rights, not issue of advocating for that, but them expecting it ‑‑ respecting and putting into place processes that respect people who work for them, the customers and all the people involved. So in that case there's training and mentorship for the SMEs because we realize that sometimes that is not to the understanding of what the process is about. Of course, sometimes those issues that are human rights related are ignored by them, not from our perspective, is not that they do it intentionally, but sometimes they just concentrate the work they're doing and not realizing that some of the work we're doing are actually infringing the human rights of so many people, especially the customers or the public in general or the people they're working with.

So you find people ‑‑ you find a startup developing a system that collects data from the public. They don't take into account the privacy of this data and whether people are consented when they use that data in any way. To them it's just innovation, innovation that is the talk. We have to innovate. We have to disrupt the space. We have to do that. So we find disrupting and innovation, but in the process the human rights is never a call in their design. It's never in front when they're starting or when they're designing their system. Sometimes you get a system that the disabled members of the community cannot use. To them it is, yeah, we're innovation. So that's to us, doing the mentorship has changed a lot. A lot of training has changed that and that has made us to move forward.

I needed to have started by introducing BAKE, the Bloggers Association of Kenya. Of course, what we do is represent the interest of content creators in Kenya as well as look at the digital rights of the public. So our main work, especially on this, is looking at the digital rights of Kenyans and in Africa in general. We have done a lot of this ‑‑ some of this program to move forward with that. Thank you Maryam.

>> MARYAM LEE: Thank you so much, Kennedy. Apologies again for the mistake earlier. Great summary. Actually there is a member of the audience here would like to speak. Amir, you have requested to speak?

>> Amir: Can you hear me.

>> MARYAM LEE: Can you introduce yourself?

>> Amir: Of course. Hello to everyone, hello to distinguished panelists. ‑‑ I would like to share another issue regarding human rights and internet. I would like to thank you for convening this time decision. I would like to raise a vital issue regarding human rights in the digital space. I would like to talk about using them in cyber role. Unilateral course of measure in cyber role. I think this is highly related to topic. As you all know, more than ‑‑ countries are suffering from this issue, from the issue of negative effect of unilateral digital sanctions in digital space. As you know all, the negative effects of unilateral digital sanctions on some nations could have become intensive and more destructive, especially during COVID‑19 pandemic and other emergencies. These digital sanctions are in many area, like on investment in ICT infrastructures, digital services, licenses, digital resources like IPs and getting a system and access to network are key barrier ‑‑ national development goals using ICTs. I believe this digital restrictive measure constitute human rights violation in cyberspace, especially violation of right to development, right of people to education, right to businesses and so on. Some of our universities in Iran have problem to access to some scientific database, and some Iranian digital businesses and application of some Iranian entrepreneurs have been removed from digital stores like from Google play and Apple store with pretext of sanctions of their respective government.

Non‑discriminatory and access to ICTs and cyber capacity building for all nation should be a new norm for having inclusive internet. I would like to request my colleagues and your panelists and your audience that this common concern will be reflected in final outcome of decision and final outcome of IGF 2021 in Poland. Also, I would like to request my colleagues that reflect in their works of United Nations Guiding Principles on Business and Human Rights this concern. My question is what would be the role and contribution of UN family and IGF community to address this vital issue. Many thanks for the opportunity to share our views with you. Thank you very much.

>> MARYAM LEE: Thank you, Amir. I think you raise a very, very interesting point. Technology uses digital citizens, not necessarily from a nationalist perspective. But if you are a digital entity, you don't actually have a national identity, per se, and you can travel all over the world. And then when you are restricted in the case of sanctions, then what do you do. Did I get you correct, Amir? Never mind. Amir, I'm not sure. I would open up the opportunity to my colleagues here who may want to answer or may want to comment on Amir's point. Otherwise, Amir, maybe you could share with us your contact details so anyone who is interested in this can reach out to you.

>> Amir: Thank you very much because this issue could be the issue of many parties and more countries. More than three countries are suffering from this. On a global level, we should think about this issue. Thank you very much.

>> MARYAM LEE: I'm sorry if you can't get the answer here from this session in particular because we are here pretty much focused on the UNGP for business and human rights. If there's anyone interested to talk to Amir further on this particular issue, Amir, you can share your contact details and you guys can take it from there.

>> Amir: Thank you for your kind consideration.

>> MARYAM LEE: You're very welcome, Amir. Thank you for participating. We actually have six more minutes, six minutes left of the session. So we do still have time for a couple more questions. As I said earlier, I did have some questions for Barbara, and actually one for Alia. But I would like to give the opportunity for the audience to interact with the speakers. Do we have anyone on Q&A? No.

Actually, Barbara, my question to you on your presentation about the engagement with the national ISPs ‑‑ sorry. I've just been informed that we actually have ten minutes. Great. I'll start first.

Barbara, when you said there was resistance from the ISPs, actually I'm curious what did they actually say when they resist? How did they say that they're probably reluctant to adopt the UNGPs into their business practices?

>> BARBARA SIMAO: Can I respond? All right. Okay. They say to us mostly that these are not mandatory practices by law in Brazil, especially those that aren't mandatory in our data protection law and other laws that tackle data protection issues. And they resist saying it's ‑‑ difficult for them to adopt for these changes to publish full transparency reports, data protection impact assessments and to notify users in cases of data requests by law enforcement agents. So they claim mainly these two arguments, that these are not things that are mandatory by law, and technical difficulties to adopt.

>> MARYAM LEE: Okay. Pretty much expected I guess from businesses and companies. The law thing is pretty easy. Actually the technical answer is very easy to ‑‑ there you can create anything essentially, so why not create more code. Thank you so much, Barbara, for answering the question. I have one question for Alia actually, because the presentation by Alia was on this particular issue of private lending becoming a problem and creating social problems in Indonesia. My question is, is there any ‑‑ what are the other issues that also raise in Indonesia with regard to the practices ‑‑ the business practices of tech companies in Indonesia in particular. Like, apart from the private lending?

>> ALIA YOFIRA KARUNIAN: There are many actually. But maybe one major incident is the internet shutdowns. I think this is closely related to the points raised earlier about how digital inequality and access to digital online spaces has been really severely affecting people during this pandemic, COVID‑19. Indonesia, I think, is one of the ‑‑ renal John implementing internet shutdowns during a politically sensitive time in Indonesia, particularly during demonstrations in certain regions, for instance, in Papua who has been suffering human rights issues in Indonesia.

Where is the tech company's role in this whole scenario is because the internet shutdown is imposed by the internet service provider. So the ISP is very much involved in the violations to freedom of expression, particularly the rights to access information in online spaces during this very critical times because we know that people are turning to social media to seek for information around how to self‑isolation, for example, how to access hospitals that still has rooms for people that have COVID as well as to access telemedicine services, for example. Because in Indonesia during the early 2021 we've seen our health system in nearly collapsing because of COVID, and telemedicine services has been a lifesaving service that has been really useful for people.

Some people, unfortunately, aren't really accessing that because the governments are not giving them the internet access. This is also a major problem in Indonesia. ISPs are involved in this particular instance of violations of digital rights. I think that's for me, Maryam. We have problems about content motivations and criminalizations over alleged expresses, but I'll stop here and give back the floor.

>> MARYAM LEE: I feel like the examples you just mentioned are definitely the more traditional ‑‑ not traditional. Those are the ones that we heard of a lot. This online lending problem is probably more underresearched more than the others. But one thing is very clear, is that all these social problems, they have already existed. These are problems that have always been there. And what the digital transformation, so to speak, does, is they amplify these problems even more. We saw that with the COVID and everyone having to switch to the online world. Then we start seeing literally, all these social problems that we've been ignoring for so many years, they just get amplified and then just ‑‑ into our faces. Thank you. I'm pretty sure other countries also experience similar problems.

I would like to open the floor once again before we close this room in three minutes, to anyone who may have some comments or feedback or any of my colleagues here who would like to chime in and add a little more. Eduardo maybe, since you were the first, you may have something to add.

>> EDUARDO FERREYRA: I mean, considering particularly Argentina, one thing that concerns me the most here is many of the companies operating in my country doesn't have their headquarters in my country, even a branch here. Most of the technologies applied in Argentina is manufactured and sell outside the country. That's a problem for us. Maybe you have a National Action Plan, but if companies are not present here, it's very difficult to enforce that. It is important to have a National Action Plan. It's important, also, to work showing ‑‑ at an international level. I think this is a global effort, not only a national one.

>> MARYAM LEE: Yeah. As for Malaysians, we are jealous because all the companies are headquartered in Jakarta. Why do they not come here? Great point, excellent point, Eduardo.

We have only two minutes left. Maybe I would like to go around the panel before I go into summary and start closing the session. Eduardo, you have spoken. Gabreal, anything to add before we close?

>> GABREAL ODUNSI: Okay. Just to what Eduardo said regarding having tech companies who are not residents in your country. The National Action Plan actually gives power to the government to protect the people. I think in producing National Action Plans for different countries there should be consideration for countries to be specific in terms of when application is used in your country, how is it being used? You need to keep an eye on it. That's the only way you can actually protect the rights of the people that you're governing in your country. Yes, we can have a National Action Plan for the country, but, again, it should give power ‑‑ not power ‑‑ not abuse of power, but power to actually protect the people from them being abused by companies who are not residence in your country. If they are foreign companies and you don't have access to them, it could be a very big issue. That's why the country needs to actually keep their feet ‑‑ before coming into your country, think ahead and let us think 30 years to come, what can actually change and how can we be sure we have rights respecting rules that we're creating for our citizens. Thank you very much.

>> MARYAM LEE: Thank you, Gabreal. Let's go to Kennedy.

>> KENNEDY KACHWANYA: Thank you very much again, Maryam. I want to add that one of the things that helped Kenya move forward a little bit is the enactment of Data Protection Act. And with that, some of the issues of some of the companies which are not operating in the country or operating in the country and don't have their headquarters, the laws sort of brought in to regulate some of the things within the country some when the country came up with the data protection act and made it a law, that really include a lot of things for the human rights, special protection of the private data and the privacy of individuals.

It was mostly based on the Europe model. So, yeah, but it's really helped that. Though we still don't have the final version of NAP, the National Action Plan. The Data Protection Act has really helped.

>> MARYAM LEE:  Thank you very much, Kennedy. Unfortunately, we've run out of time. Kathryn, would you like to add something last minute? Okay. Got it. Thank you so much everyone. Thank you, thank you for joining us in this session. Thank you to the speakers and the audience, and the audience who have interacted and engaged and listened to us. In the chat there is a link for you to contact all the speakers who have been on this panel today. On behalf of my colleagues, we wish you a very happy, happy holidays and merry Christmas and may the next year be a lot, let better than the last two years. Thank you so much everyone. See you again, and yes, happy Human Rights Day.