IGF 2021 WS #197 Protecting human rights in the State-business nexus

Wednesday, 8th December, 2021 (08:30 UTC) - Wednesday, 8th December, 2021 (10:00 UTC)
Conference Room 4

BHRRC, UN Human Rights B-Tech, and Privacy International 

Organizer 1: Henry Peck, BHRRC
Organizer 2: Isabel Ebert, UN Human Rights B-Tech
Organizer 3Ilia Siatitsa, Privacy International

Speaker 1: Deniz Utlu, Technical Community, Western European and Others Group (WEOG)

Speaker 2: Théo Jaekel, Private Sector, Western European and Others Group (WEOG)

Speaker 3: Moira Oliver, Private Sector, Western European and Others Group (WEOG)

Speaker 4: Sebastian Smart, Technical Community, Latin American and Caribbean Group (GRULAC)

Additional Speakers

Speaker 5: Lucie Audibert, Privacy International


Henry Peck, Civil Society, Western European and Others Group (WEOG)

Online Moderator

Isabel Ebert, Intergovernmental Organization, Intergovernmental Organization


Isabel Ebert, Intergovernmental Organization, Intergovernmental Organization


Round Table - Circle - 90 Min

Policy Question(s)

Digital policy and human rights frameworks: What is the relationship between digital policy and development and the established international frameworks for civil and political rights as set out in the Universal Declaration on Human Rights and the International Covenant on Civil and Political Rights and further interpretation of these in the online context provided by various resolutions of the Human Rights Council? How do policy makers and other stakeholders effectively connect these global instruments and interpretations to national contexts? What is the role of different local, national, regional and international stakeholders in achieving digital inclusion that meets the requirements of users in all communities?
Inclusion, rights and stakeholder roles and responsibilities: What are/should be the responsibilities of governments, businesses, the technical community, civil society, the academic and research sector and community-based actors with regard to digital inclusion and respect for human rights, and what is needed for them to fulfil these in an efficient and effective manner?

Developments in the area of business and human rights, building on the United Nations Guiding Principles on Business and Human Rights (UNGPs) that were endorsed by the Human Rights Council in 2011, offer ways to ensure the governance and operations of technology companies and their collaborations with governments are grounded in respect for human rights. The Guiding Principles serve as a tool to inform both government and company conduct when entering public-private partnerships, because they are internationally agreed and supported by a diverse set of stakeholders including business, governments, and civil society around the world. The workshop will identify and analyse best practices, including States implementing a ‘smart mix’ of policy and regulatory measures, both nationally and where relevant via international approaches; situations where States contract with, partner with, or license from technology companies (‘State-business Nexus’), and how to increase State capacity and internal policy coherence to address the complexity, co-dependence and fast-evolving nature of public-private partnerships with the technology industry.


10. Reduced Inequalities


  • Develop understanding around the implementation of pillar one of the UNGPs on the State duty to protect against human rights abuses by businesses, focusing on the linkages between States and technology companies in the exercise of public functions
  • Identify and analyze best practices on rights-respecting conduct in the State-business nexus and how to increase transparency about public-private cooperation around the use of digital technologies 
  • Enshrine human rights protections into State-business collaborations using new technologies to exercise public functions and spell out the Human Rights Due Diligence requirements in public-private partnerships
  • Depict the potential of public procurement as a tool to scale business respect for human rights


Where there is a close connection between the State and business actors (the “State-business nexus”), the UN Guiding Principles call upon States to take additional steps to ensure that human rights are protected. The increasing use of public-private partnerships involving technology presents many such cases in which to enshrine human rights protections, such as requirements for Human Rights Due Diligence. The workshop will explore the responsibilities and opportunities for respecting human rights at the State-business nexus, with panellists covering the risks of State-business collaborations using new technologies to exercise public functions (such as surveillance tools in programmes to deliver public health or municipal efforts to develop “smart cities”), the Human Rights Due Diligence requirements in public-private partnerships, and the potential of public procurement as a tool to scale business respect for human rights.

Expected Outcomes

The session expects to develop understanding around the implementation of pillar one of the UNGPs on the State duty to protect against human rights abuses by businesses, focusing on the linkages between States and technology companies in the exercise of public functions. It will identify and analyze best practices on rights-respecting conduct in the State-business nexus and how to increase transparency about public-private cooperation around the use of digital technologies. Outputs will include a blog post on the OHCHR B-Tech website, disseminated through the B-Tech newsletter and Business & Human Rights Resource Centre Weekly Update with 15,000 subscribers, and the continued development of Privacy International’s recommended safeguards for public-private partnerships (https://privacyinternational.org/our-demands/safeguards-public-private-…).

We will use collaborative working methods, with a hybrid combination of online documentation tools such as Padlet as well as possible break-out groups.

Online Participation

Usage of IGF Official Tool. Additional Tools proposed: Padlet for documentation of ideation conversations.

Key Takeaways (* deadline 2 hours after session)

There are many different dynamics within the State-business nexus, but the coronavirus pandemic has accelerated trends in public-private partnerships involving technology that impede on rights. It’s the responsibility of both States and the private sector to perform due diligence on each other – for which civil society offers guidance and safeguards to help frame the UNGPs in a manner responsive to different tech contexts.

Call to Action (* deadline 2 hours after session)

When States engage technology companies for the provision of services, States should actively ensure that the companies they work with respect human rights. Simultaneously, technology companies should perform due diligence on States before entering engagements.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

The session’s content related to Pillar 1 (the State duty to protect human rights) and Pillar 2 (the corporate responsibility to respect human rights) of the United Nations Guiding Principles on Business and Human Rights (UNGPs), within the context of State and technology company collaboration.

One aspect within the State-business nexus is public procurement, within which is the phenomenon of public-private partnerships (also referred to as PPPs). Privacy International (PI) has conducted investigations identifying a number of issues common to PPPs that involve surveillance technologies and the mass processing of data. PI has developed a set of safeguards in response to these issues and trends, which they launched in the session.

The safeguards reflect observations that PPPs related to surveillance technologies do not always resemble a traditional, one-off commercial relationship that might result from a public tender, but take on a new form in which parties are much more co-dependent and states build entire new systems and processes that can be completely reliant on the services of one company, while providing companies with access to valuable data they can they use in developing their own services.

The safeguards (which are jurisdiction-blind for wide application) are classified across six principles: Transparency; Adequate Procurement; Accountability; Legality, Necessity and Proportionality; Oversight; and Redress. Lucie Audibert of PI explained how in their investigations they’ve found a lack of transparency is common in State partnerships with technology companies, stemming from excessive protections around commercial interests and a government tendency to mask the extent of surveillance systems. The organisation also found that such technologies are often deployed initially for private, commercial, or personal purposes before public authorities co-opt such applications for policing or surveillance purposes without adhering to required public procurement processes, which the safeguards can help prevent. 

With regards to accountability, Audibert showed how challenging it is to find policies that clearly define responsibilities, obligations, duties, and standards for each actor within partnerships, or to identify respective accountability mechanisms for these obligations. On legality, necessity and proportionality, the use of technology addressing a public need or fulfilling a public function has to be authorised by an appropriate legal framework, which is not always the case. Assessments of each, along with independent oversight bodies given the mandate and authority to monitor partnerships and offer redress in instances of human rights infringements, make up some of the measures the safeguards propose to correct troublesome trends in PPPs involving surveillance technologies.

Deniz Utlu of the German Institute for Human Rights outlined the activities of national human rights institutions (NHRIs), which are neither governmental nor non-governmental organisations. He explained how NHRIs can serve as an intermediary between different state agencies to establish whether the agencies sufficiently follow a human rights-based approach to establishing PPPs or in other public procurement procedures, and to monitor if they align with States’ human rights obligations when using data technology interfering with technology companies. NHRIs can also undertake human rights impact assessments and artificial intelligence assessments, for which they could provide a crucial function if systematically involved in public procurement procedures and in the establishment of any strategic relationship with private actors.

Théo Jaekel of Ericsson explained how his company is a ‘communication network provider,’ providing infrastructure through its customers which are usually communication service providers or mobile operators, meaning Ericsson rarely deals directly with government entities – but does interact with them as they are often the end-users of some of the company’s technology. Reflecting on the issue of transparency, he noted the importance of clarifying the roles of the different actors within the ICT ecosystem, to make sure each actor takes its particular position, responsibilities and expectations seriously. On the state-business nexus, Jaekel stressed the importance of differentiating between States’ duty to protect and the corporate responsibility to respect human rights – with the corporate responsibility to respect human rights existing regardless of a State’s ability or willingness to comply with its duty to protect human rights. He urged caution on not blurring these lines too much, where State duties could easily be applied to companies. In thinking through remedy and redress, he suggested the technology sector can learn lessons from other industries such as the financial sector in designing remedy in an ecosystem approach.

Moira Oliver of Vodafone echoed the importance of understanding different relationships within the State and technology company ecosystem, particularly as it affects each actor’s responsibilities. She explained how when Vodafone operates in different countries it does so under a State license, which contains contractual obligations but tends to be non-negotiable for the company, and requires complying with local laws. This can create challenging circumstances for private companies and operators when asked to comply with regulations (such as law enforcement demands) that may infringe upon human rights. For example, an operator may be required to comply with a local directive to either pass certain customer data to the local government or to throttle the network. Vodafone joined the Global Network Initiative to highlight such challenges. With transparency, it’s critical to shine a light on some of these challenges – Vodafone has issued transparency reports since 2014 for this purpose.

Sebastian Smart of the Instituto Nacional de Derechos Humanos de Chile (Chile’s NHRI) shared his experience on the application of the UNGPs in Chile. He suggested the ecosystem has changed since the formation of the UNGPs in 2011, the time of the Arab Spring and Occupy movement. In recent years other threats to human rights have grown, from the activities of companies and governments related to freedom of expression, surveillance, and automated decision-making for social programmes (or the “digital welfare state”). Accordingly the UNGPs should provide the foundation to build further mechanisms protecting and promoting human rights in the digital environment. In Chile, the country’s recent strategy on artificial intelligence (AI) makes minimal reference to human rights, a glaring absence. Smart expressed concern about ensuring policy coherence, and reiterated that States are sub-contracting increasingly technical services that may have consequences for human rights, for which governments must exercise proper oversight.