Freedom of expression

Our networks and services enable access to information and the exchange of ideas in a way that supports freedom of expression, openness, transparency and democracy. Telia Company is committed to respect the freedom of expression and right to privacy of users while meeting legal requirements in the countries where we operate.

Challenges

Issues related to freedom of expression and surveillance privacy pose a high risk to users of telecom services globally. Risks include mass surveillance, network shutdowns, localization of mobile devices and blocking or restriction of certain content. Today, there is an increasing trend of policymakers introducing surveillance measures to fight crime, terrorism, hate speech and more – measures that can potentially limit the freedom of expression and privacy of users.

Our approach

This focus area is governed by the Group Policy – Freedom of Expression and Surveillance Privacy, the GNI Principles on Freedom of Expression and Privacy and the UN Guiding Principles for Business and Human Rights.

Our approach is to have clear rights-respecting policy commitments in place and secure implementation through processes that are regularly reviewed through third-party assurance. States define the scope of surveillance privacy and limitations to the free flow of information through legislation and decisions by authorities. We abide by such laws and regulations but challenge requests that have no or unclear legal grounds. When there is a conflict between internationally recognized human rights and local legislation, we try to find ways to raise the issue with the authorities or by pointing to the issue in public communications.

We have implemented a process of practical steps regarding assessments and escalation to be carried out whenever a local company receives a request or demand that may have serious impacts on the freedom of expression and privacy of users (“unconventional request”). Potentially unconventional requests are to be assessed by the local company and escalated to group level for final decision-making regarding measures – “points of challenge” – to mitigate human rights risks. In this way we can adhere to local legislation while at the same time seeking to carry out measures that respect and support the rights of individuals. In addition, we aim to publicly share as much information as possible about requests.

We publish periodically a Law Enforcement Disclosure Report which covers statistics on requests from the police and other authorities (‘transparency reporting’), links to national laws that provide governments with direct access to information about our customers and their communication without having to request information from Telia Company, as well as further information on ‘unconventional requests’.

More information can be found on pages 64-66 in the Annual and Sustainability Report.

Freedom of expression and the right to privacy in times of covid-19 – up-dated information on related initiatives and government requests (latest up-date December 1st 2020)

(Originally published April 30th, 2020. The information has been updated regularly, and here now as of Dec 1st, 2020)

The disruptions caused by the Covid-19 crisis have highlighted Telia Company’s special role and responsibility as part of the backbone of society. Keeping the networks up and running remains of utmost importance as many fundamental services, including health care, rely on our networks. In addition, governments continue to turn to Telia Company for assistance in the fight against the pandemic. Since the start of the pandemic Telia Company has provided information about Covid-19 related initiatives and government requests.

Covid-19 related requests to Telia from governments and authorities from March 2020 and onwards have concerned topics such as the provision of data to monitor the spread of the virus, blocking of sites with e.g. fraudulent information, the sending of mass-sms, and initiatives for new legislation. Telia Company is committed to respect the privacy and freedom of expression of users, and therefore assesses each request and legislative developments affecting our users. We are also committed to be transparent about how we act and respond.

In this process, we continue to work closely with peers and other stakeholders, through the multi-stakeholder Global Network Initiative (GNI) and our industry organization, the GSMA.

In late April 2020 Telia Company also published a position paper on the use of data to help fight Covid-19, available here.

Covid-19 related initiatives and requests up until December 1st 2020, and how Telia Company decided to handle them:

Denmark – Legislation about blocking of sites taking fraudulent advantage of the pandemic was introduced in April 2020 and will expire on March 1st, 2021. According to this law, police orders to block must be confirmed, or rejected, by the Courts. The legislation only covers sites relating directly to the Covid-19 crisis. (Link to applicable legislation here.)

Status update December 1st: Telia Denmark is blocking 33 sites based on court orders (or police orders awaiting court orders).

Estonia (new) – The Estonian state in August launched a Covid-19 prevention mobile app ‘Hoia mobile’(more information is available here). The app is based on Bluetooth, not location data tracking. Privacy and security aspects of this app have been reviewed and validated by the Data Protection Authority. Estonian telecom operators have been asked by the State to help communicate regarding the app to support and promote usage. To support Covid-19 prevention, Telia Eesti has actively shared information about this app through its social media channels and webpage.

European Commission – Before the summer, the European Commission (EC) asked operators throughout the EU to provide fully anonymous and aggregated data to fight the pandemic. Telia Company’s intention is to assist in the fight against Covid-19, while ensuring highest quality and compliance with GDPR and privacy laws, providing our crowd insights service to governments in the Nordics and Baltics, and also to the EC. Telia Company is continuously working with peers via the industry organization GSMA to coordinate interactions with the EC, including ensuring timely reporting from the EC on how the data is used.

Telia is continuously providing our crowd insights to the EC, i.e. fully anonymous and aggregated data, solely for the purposes of fighting Covid-19 as defined by the EC in writing. The data cannot be shared with any third party without Telia Company’s prior written consent. In December 2020, the collaboration is planned to be legally formalized by a Letter of Intent (LoI) which will be followed by a cooperation agreement as further described below.

In practice, Telia Company delivers to the Joint Research Centre of the EC fully anonymous and aggregated data from Sweden, Finland, Norway, Denmark starting from February 4th, 2020 and from Estonia starting from February 14th, 2020. The data is only being used to deliver insights to help fight Covid-19, necessary security and confidentiality measures are applied, and the anonymous nature of the data is maintained throughout this process. During the duration of this initiative, Telia will continue to seek reassurances from the EC about safeguards and results.

The first delivery of anonymous and aggregated data was sent to the EC on May 4th, and we are providing weekly updates since. On July 14th the EC published first findings from the initiative, including three reports, explaining the relationship between human mobility and the spread of coronavirus, as well as the effectiveness of mobility restriction measures to contain the pandemic. More detailed information about the initiative from the EC and the reports are available here: https://ec.europa.eu/jrc/en/news/coronavirus-mobility-data-provides-insights-virus-spread-and-containment-help-inform-future

Status up-date December 1st: A Letter of Intent is being negotiated between the EC and the operators to establish; purpose, content and scope of cooperation; contribution of the parties; transparency and non-exclusivity; findings and benefits; duration of data retention; and term and termination of cooperation.

Finland (new) - Telia Finland has supported the distribution of the Finnish Corona app by means of customer communications and advice at sales points. The app has been designed on the basis of Apple and Google reference implementations and DP-3T. The app does not gather personal data and was audited by the local cyber security authority before release. More information is available here.

Latvia – Latvia (see press-release here) became the first country to launch a contact tracing app using the newly-available exposure notification APIs by Apple and Google. The ‘Apturi Covid’ (Stop Covid) application, which is voluntary, decentralized and GDPR-compliant, was developed by representatives of the Latvian ICT sector and launched on May 29th. The aim is for the app to be used by 400,000 people. A voluntary MoU, available here, to develop and support the implementation of the app was signed by the private initiative group, and is supported by Telia Latvia and many more.

Status up-date December 1st: More than 155.000 users have downloaded the app to date.

Latvia (new) – LMT cooperates with the University of Latvia analysing anonymous network data, in compliance with the GDPR. More information (in Latvian) here.  

Lithuania (new) – From March 20th to date Telia Lietuva provided a number of crisis-related emergency numbers free of charge in order to help society tackle consequences of Covid-19. A specialized call centre (1808) that citizens could turn to when in need of assistance regarding Covid-19 related questions, was developed free of charge to support the government.

Lithuania (new) – In order to strengthen the technological resources of the National Center for Public Health, Telia Lietuva has set up an automated calling system free of charge that informs thousands of people about the need for mandatory self-isolation. A specially programmed interactive voice answering and intelligent call system solution calls the addressees and informs them about the logic behind self-isolation, provides other necessary information and instructs them to check the exact date of self-isolation on the phone. It is estimated that around 95% of the contacts are reached.

Lithuania (new) – In the beginning of November the mobile app Korona Stop LT was launched. The app records the distance between people who have downloaded it (anonymously). In case of possible contact, the app provides recommendations on how to proceed. No location data is saved or provided to third parties. The operation of the app is coordinated by the National Center for Public Health (NVSC).

Norway Telia Norway has offered Telia’s Crowd Insights service to local authorities that needed updated information on movements across municipalities and knowledge about the number of visitors present within each geographical area.

Status update December 1st: Telia Norway has provided the Crowd Insights service to a number of municipalities and authorities, including the Norwegian Institute of Public Health, from April onwards, and also to Norwegian media, such as NRK and local newspapers.

Sweden - Telia reached out to the Swedish National Health Authority (Folkhälsomyndigheten, FHM) to present the Crowd Insights commercial service for consideration by the authority, given the interest observed in other countries. Since early April, Telia has been providing a version of the existing Telia Crowd Insights that visualizes the anonymized and aggregated volume of trips and general movement patterns of the population. FHM is able to use this to observe changes in population movement at national, municipal and local levels, in particular in relation to travel guidance.

Status up-date December 1st: Telia continues to provide the Crowd Insights service until the end of 2020 when the agreement expires.

Sweden - The Minister of Digitalization requested the main operators in Sweden to prepare for a mass-SMS to all its respective subscribers with a message from the authorities in relation to Covid-19. Telia Company responded positively but asked for legal assessments by the Swedish NRA (Post- och telestyrelsen, PTS) and the national Data Inspection Board (Datainspektionen). (The request was not based on legislation.)

Status up-date December 15th - The mass-SMS, with the Swedish National Health Authority (Folkhälsomyndigheten, Fohm) and the Swedish Civil Contingencies Agency (Myndigheten för Samhällsskydd och Beredskap, MSB) as senders, was sent on December 14th. Telia Sweden has highlighted, to our regulator PTS, that we presume that the responsible authorities have checked the mass-SMS with the Swedish Data Protection Authority (Datainspektionen), and also that future similar requests for mass-SMS’s - for faster and smoother handling in accordance with the rule of law - will be based on legislation.

Issues closed between March and December 2020:

Denmark – In March Telia assisted the Police in sending out an SMS to all customers, reminding everyone to keep social distancing. The SMS was clearly marked as being from the Police.

Denmark – An executive order for data collection, updating the Danish legislation in cases of epidemics, was passed by Parliament without an ordinary hearing, and the executive order was also issued without a hearing. Some weeks later, however, the executive order was repealed.

April 28th – Actual requests for data based on the executive order never materialized.

Denmark –The Danish health authority, ‘Statens Serum Institut’, contacted mobile operators through the telecommunications industry association with a request for anonymized, aggregated data about movement patterns and location of customers. Telia Denmark, from April until end of June, provided the Crowd Insights service to the health authority Statens Serum Institut.

July 1st – By June 30th the authority stopped asking for data, and Telia discontinued providing data.

Denmark - Telia Denmark was requested by the DCIS (‘Telesektorens DCIS’, the security cooperation unit between the cyber security authority and the telecoms industry) to voluntarily block a handful of sites that were fraudulently taking advantage of the pandemic. Telia Company supports and promotes the general principle that a court order is required for blocking. However, due to the urgency of the situation, an exception was decided upon and we blocked the sites according to the request.

August 21st – The Police provided a court order based on current legislation for one site and confirmed the rest of the blockings could be discontinued.

Estonia – Estonian governmental agencies requested anonymized or pseudonymized traffic data, instead of data insights, from the mobile networks operators in Estonia and based on the Electronic Communications Act. Telia Eesti offered an alternative approach and proposed to the authorities to solve the request based on the Telia Company Crowd Insights platform and to use Telia’s existing service for providing anonymous and aggregated mobility insights.

June 1st – This proposal was accepted by the authorities and relevant cooperation for provision of mobility insights delivered by Telia Company Crowd platform continued until the end of the emergency situation in Estonia (May 17th, 2020).

Finland – The Finnish Prime Minister’s Office asked Telia Finland to provide anonymized and aggregated mobility insight data via Telia’s Crowd Insights service. Telia agreed to provide the service from April 3rd onwards. On April 28th, The Finnish Chancellor of Justice concluded, after requesting clarification from the Prime Minister’s Office regarding the Government’s use of Telia’s Crowd Insights service, that the use does not violate anyone’s right for privacy. Telia Finland provided the Crowd Insights service to the Finnish Prime Minister’s office from April 3rd to the end of June.

July 1st – The contract with the Prime Minister’s Office elapsed end of June according to the agreement.

Lithuania – On August 7th, the Minister of Foreign Affairs requested all operators in Lithuania to send ‘welcome-back’ SMS’s, including a form to fill in, to citizens returning to the country from abroad. Telia Lietuva informed the authorities that it does not have the technical capabilities for sending of such messages. No further such requests have been received.

Lithuania – A draft law was proposed introducing a requirement for operators to disclose mobile location data on individual level to competent authorities in explicitly defined cases. Telia Company advocated the importance of transparency and the protection of human rights. (Link to the legislative proposal - here.)

December 1st – Telia Company’s assumption is that this question will not be raised again.

Sweden – The Swedish Embassy in Washington, USA, submitted a request to Telia through the Swedish NRA (Post- och telestyrelsen, PTS) to deliver to the Embassy statistics on the number of Telia customers roaming in the US. PTS approved the request. (The request was not based on legislation.) Requested statistics were delivered on a weekly basis from the end of March 2020. The information did not include personal data.

June 1st – On May 12th the Embassy informed Telia that they no longer needed the information and delivery of statistics was discontinued.

Sweden – The Swedish Civil Contingencies Agency (MSB) requested the main operators in Sweden to prepare for a mass-SMS to all its respective subscribers with a message from the authorities in relation to Covid-19. Telia Company responded positively but asked the Authorities to confirm the legality of the full set-up, including checking with the national Data Inspection Board. (The request was not based on legislation.) End of April, MSB had not yet requested the operators to send an SMS.

June 1st– The issue was not to be pursued by the authority.

Sweden – The Swedish Civil Contingencies Agency (MSB) on May 28th asked Telia Sweden to consider adding to the standard ‘welcome-to-Sweden-SMS’ received by tourists arriving to Sweden and onto Telia’s network a sentence with wording along the lines of: Follow the latest updates from Swedish authorities regarding covid-19: krisinformation.se/en. (It was noted that the proposal was not based on legislation.)

July 1st - Telia declined the request at this time due to uncertainties around the legal basis for the activity.

More information about Telia Company’s work within this area

As outlined in Telia Company’s statement of materiality we are committed to a number of international guidelines on human rights, including the UN Guiding Principles on Business and Human Rights. Accordingly, we are to ‘Know and Show’ that we respect human rights, including individuals’ right to freedom of expression and surveillance privacy. Therefore, we seek to know our human rights impacts, risks and opportunities, and we seek to show how we address them. It is in this context that we publish information on requests or demands from governments during the covid-19 crisis, and how we have handled them.

Telia Company’s transparency commitment has been further defined in our Group Policy on Freedom of Expression & Surveillance Privacy. We provide additional context and statistics in our Annual and Sustainability reports, most recently in the Telia Company Annual and Sustainability report 2019, page 51. Telia Company’s full Law Enforcement Disclosure Report 2019 published in March 2020 with more detailed context, definitions, etc., is available here.

Global Network Initiative (GNI)

All over the world companies in the ICT-sector face increasing government pressure to comply with domestic laws and policies in ways that may conflict with the internationally recognized human rights of freedom of expression and privacy.

In response, a multi-stakeholder group of companies, civil society organizations (including human rights and press freedom groups), investors and academics – together some 50 entities - have joined together in a collaborative approach to protect and advance freedom of expression and privacy in the ICT sector, and formed this Global Network Initiative (GNI). More information about the GNI is available here.

Telia Company is an active member of the GNI. Our active participation stimulates shared learning on how to best respect freedom of expression and privacy and provides leverage to advocacy promoting freedom of expression and privacy in the ICT industry. 




Your freedoms – Our commitment to continue to improve over time

In 2017 Telia Company joined the Global Network Initiative (the GNI), a collaborative platform with a shared commitment to promote and advance freedom of expression and surveillance privacy in the ICT sector worldwide. Since then, Telia Company’s work has continued to evolve, many times thanks to the insights we have gained from GNI’s multitude of voices and views. In this blog, Patrik Hiselius, Telia Company’s Senior Advisor on Human & Digital Rights, describes what the GNI provides and why collaboration is important.

For a company joining the GNI means committing to a set of principles and implementation guidelines to respect and support freedom of expression and surveillance privacy. And for the implementation work to be scrutinized by external auditors and the multi-stakeholder GNI Board making determination of the member company’s measures to implement the policy. Most importantly, membership means access to a network of experts within organizations and companies and the possibility to share experiences, challenges and learnings.

Stakeholder expectations upon Telia Company are often contradictory, e.g. ‘Block / Don’t block!’ or ‘Delete user data / Retain user data’. Some call for transparency, others for confidentiality, etc. Membership in the GNI, and the above external assessment process, provides Telia Company with opportunities to discuss with experts, within the limits of confidentiality and anti-trust, such often complex issues.

Since 2017, the digital landscape is experiencing several substantial changes. In 2017 we had not yet seen the impacts of #MeToo, nor of the Black Lives Matter movement. Artificial Intelligence (AI) wasn’t yet as broadly addressed from ethics and human rights perspectives as now. Hate speech is even higher on the agenda today, a difficult issue where both states and companies struggle to define exactly which specific statements that should be legal/illegal and/or allowed/not allowed. AI solutions are being launched, raising new issues of surveillance and privacy in eco-systems of business models and partnerships. And 5G -based services are coming. This world of fast development brings both opportunities and risks which are difficult to solve single-handedly. The need for joint learnings, efforts and initiatives becomes even stronger. Together with GNI members we can win better knowledge on all the above and other topics such as transparent reporting, protection of privacy in relation to COVID-19, and the relationship between sanctions and free communications.

The GNI’s assessment of Telia and ten other companies was completed in April this year as the GNI published its assessment-report, including some eight hands-on case-studies per company. For Telia Company, two of the public cases are about issues highly topical today. One case is about a new law on direct access in Finland, a type of legislation now being introduced also in Norway. Government surveillance serves legitimate purposes such as the protection of certain human rights, but it may also be problematic in that it can conflict with other human rights. As further articulated in Telia Company’s policy on freedom of expression and surveillance privacy, our view is that we, the operator, should retain operational and technical control. Another case in the GNI assessment report is about mandatory data retention for surveillance, national legislation based on an EU Directive which the European Court of Justice has ruled as non-proportionate. Telia recognizes that privacy and data protection are extremely important to our customers and therefore we manage personal data with utmost responsibility and care. Telia is now analysing the ruling in order to understand its implications on us. At the same time, legislators should take the new ruling into account in order to find the best way forward where security and privacy are mutually reinforcing.

The GNI Board concluded the assessment of Telia Company’s work by determining that Telia Company is making ‘good faith efforts to implement the GNI principles, improving over time’. As this wording used by the GNI demonstrates, this is an area which can never be ‘completed’, but which needs continuous work and attention, not the least in the fast-changing world of digitalization. As a result of the assessment, the GNI recommended that ‘Telia Company considers implementing a formalized process to identify potential risks related to freedom of expression and privacy that may be connected to its products. This may be usefully incorporated into the existing risk assessment processes for when new products are developed.’ This is an area that we will continue to develop in the years to come.

Telia Company sees the great benefits of the GNI, and the assessment process, as part of an experience of both company specific and shared learnings. We welcome additional companies to take a seat at the table and tackle complex issues in relation to which no company can ever fully progress by working on their own. Our work to respect and promote the rights of users continues, including on specific recommendations, and we look forward to the next round of GNI-assessments.

Links for further information;

The Global Network Initiative (GNI), homepage.

The GNI members, click here.

The GNI full assessment report ‘The GNI - Principles at work - Public Report on the Third Cycle of Independent Assessments of GNI Company Members 2018/2019’, click here.