Freedom of expression

Telecommunications enable access to information and the exchange of ideas in a way that supports openness and transparency. We aim to respect freedom of expression and surveillance privacy.

Ambitions 2022 goals

Know our impacts and enable, respect and support freedom of expression and privacy in the context of surveillance

Promote transparency related to surveillance legislation as well as conventional and unconventional requests


 

 

Law enforcement disclosure reporting with regard to number of conventional authority requests, information on local surveillance legislation on direct access and on data retention

Implemented processes to assess impact on and promote, to the extent possible, freedom of expression and privacy in the context of surveillance in potentially unconventional requests

Good faith efforts, including continuous improvement over time, to implement the GNI principles

Actively contribute to the work of the GNI

Challenges

Issues related to freedom of expression and surveillance privacy pose a high risk to users of telecom services globally. Risks include mass surveillance, network shutdowns, localization of mobile devices and blocking or restriction of certain content. Respecting and promoting freedom of expression and surveillance privacy is becoming increasingly important as legislators seek additional surveillance measures to fight crime, terrorism, hate speech and more.

Our approach

This focus area is governed by the Group Policy – Freedom of Expression and Surveillance Privacy, the GNI Principles on Freedom of Expression and Privacy and the UN Guiding Principles for Business and Human Rights.

Our duty to respect and promote human rights is focused on the risks to our customers. We aim to limit potential harm to individuals by seeking active measures to support the rights of our customers where we believe that these are at risk. The Group Policy addresses our commitments in relation to requests or demands with potentially serious impacts on freedom of expression and surveillance privacy in telecommunications (“unconventional requests”). A group instruction sets out practical steps regarding assessments and escalation whenever a local company receives a potentially serious request or demand. Guidance is provided in a form for assessments and escalation.

We publish periodically a Law Enforcement Disclosure Report which covers statistics on requests from the police and other authorities (‘transparency reporting’), links to national laws that provide governments with direct access to information about our customers and their communication without having to request information from Telia Company, as well as further information on ‘unconventional requests’.

More information can be found in our Annual and Sustainability Report.

Freedom of expression and the right to privacy in times of covid-19 – up-dated information on related initiatives and government requests (latest up-date September 1st 2020)

(Originally published April 30th, 2020. This is the third up-date.)

The disruptions caused by the covid-19 crisis has highlighted Telia Company’s special responsibility as part of the backbone of society. Keeping the networks up and running is of the utmost importance, since many important services, including health care, rely on our network. Despite significantly increased use of digital services during the covid-19 crisis, we have been able to maintain speeds and coverage thanks to already extensive capacity. In addition, governments have turned to Telia Company and asked for assistance in the fight against the pandemic. This reporting is to be transparent about related initiatives and government requests.

Requests from governments and authorities received between March 2020 an onwards have concerned such as the provision of data to monitor the spread of the virus, blocking of sites with e.g. fraudulent information, the sending of mass-sms’s, and initiatives for new legislation. Telia Company is commitment to respect the privacy and freedom of expression of users, including being transparent about how we do that, and this applies also when governments make requests in relation to Covid-19.

Since the outbreak of the pandemic, Telia Company experts have analyzed how we can secure that we respect and promote human rights when taking measures to fight Covid-19. In this process we continue working closely with peers such as the multi-stakeholder initiative Global Network Initiative (GNI), the industry organization GSMA, and others.

In late April 2020 Telia Company also published a position paper on the use of data to help fight Covid-19, available here.

Below you find a list of Covid-19 related initiatives and requests up until the end of August 2020, and how Telia Company decided to handle them. Telia Company’s ambition is to update this list after Summer.

Denmark – Telia Denmark was requested to voluntarily block a handful of sites that were taking fraudulent advantage of the pandemic. Telia Company supports and promotes the general principle that a court order is required for blocking. However, due to the urgency of the situation, an exception was decided upon and we blocked the sites according to the request. Subsequently, few weeks later, a new legislation about blocking with reference to covid-19 was passed through Parliament in a fast process. According to this law, police orders to block must be confirmed, or rejected, by the Courts. The legislation only covers sites relating directly to the Covid-19 crisis. (Link to applicable legislation here.)

Status up-date September 1st: Telia Denmark is blocking 21 sites based on court order or police order awaiting court order. Blocking of sites set up prior to the legislation mentioned above has been removed or converted to blockings based on court order under the current legislation.

Denmark (new) – In March Telia assisted the Police in sending out an SMS to all customers, reminding everyone to keep social distancing. The SMS was clearly marked as being from the Police.

Denmark –The Danish health authority ‘Statens Serum Institut’ contacted mobile operators by reaching out to the telco industry association with a request for anonymized, aggregated data about movement patterns and location of customers. Telia Denmark, from April until end of June, provided the Crowd Insights service to the health authority ‘Statens Serum Institut’.

Status up-date September 1st: The authority June 30th stopped asking for data, and Telia discontinued providing data.

European Commission – The European Commission (EC) asked operators throughout the EU to provide fully anonymous and aggregated data to fight the pandemic. Telia Company’s intention is to assist in the fight against Covid-19, while ensuring highest quality and compliance with GDPR and privacy laws, providing our crowd insights service to Governments in the Nordic and Baltics, and also to the EC. Telia Company is continuously working with peer companies within the industry organization GSMA coordinating the industry response to the EC, including the aim to ensure timely feedback from the EC how the data will have been used.

Telia confirmed to the EC our intention to provide our crowd insights to the EC, emphasizing e.g. that the fully anonymous and aggregated data is provided exclusively to the EC, can be used by the EC solely for the purposes to fight COVID-19 as defined by the EC in writing, and that the data cannot be shared with any third party without Telia Company’s prior written consent.

Telia Company delivers to the Joint Research Centre of the EC fully anonymous and aggregated data from Sweden, Finland, Norway, Denmark starting from February 4th, 2020 and from Estonia starting from February 14th, 2020. The EC further confirmed to Telia that the data is only being used to deliver insights to help fight COVID-19, necessary security and confidentiality measures are applied, and the anonymous nature of the data is maintained throughout this process. Telia will continue to seek reassurances about the safeguards and results from the EC during the duration of this initiative. The first delivery of anonymous and aggregated data was sent to the EC on May 4th, and we are providing weekly updates since. The cooperation and dialogue with the EC are on-going.

Status up-date September 1st: On July 14th the EC published first findings from the initiative, including three reports, explaining the relationship between human mobility and the spread of coronavirus, as well as the effectiveness of mobility restriction measures to contain the pandemic. More detailed information about the initiative from the EC and the reports are available here: https://ec.europa.eu/jrc/en/news/coronavirus-mobility-data-provides-insights-virus-spread-and-containment-help-inform-future

Latvia – Latvia, see press-release here, became the first country to launch a contact tracing app using the newly-available exposure notification APIs by Apple and Google. The ‘Apturi Covid’ (Stop Covid) application, which is voluntary, decentralized and GDPR-compliant, was developed by representatives of the Latvian ICT sector and launched on the 29th of May. The aim is for the app to be used by 400,000 people. A voluntary MoU, available here, to develop and support the implementation of the app was signed by the private initiative group, and is supported by Telia Latvia and many more.

Status up-date September 1st: More than 100.000 users have downloaded the app so far.

Lithuania – A new draft law was proposed introducing a requirement for operators to disclose mobile location data on individual level to competent authorities in explicitly defined cases. Telia Company is advocating the importance of transparency and the protection of human rights.

Status September 1st: After a few rounds of discussions and several failed voting instances due to robust opposition stance, the final voting was postponed. It is still unclear when Parliament will return to this question. (Link to the legislative proposal - here.)

Lithuania (new) – On August 7th, the Minister of Foreign Affairs requested all operators in Lithuania to send ‘welcome-back’ SMS’s, including a form to fill in, to citizens returning to the country from abroad. Telia Lietuva has informed the authorities that it does not have the technical capabilities for sending of such messages.

Norway Telia Norway have offered the Crowd Insights service to local authorities who needed updated information on movements across municipalities and knowledge about the number of visitors present in their geographical area.

Status September 1st: Telia Norway has provided the Crowd Insights service to a number of municipalities and authorities, including the Norwegian Institute of Public Health, from April and onwards. And also to media, such as NRK and local newspapers.

Sweden - Telia reached out to the Swedish ‘Folkhälsomyndigheten’ (FHM) to present the Crowd Insights commercial service for consideration of the authority, given the interest observed in other countries. Since early April, Telia has been providing a variant of the existing Telia Crowd Insights that visualizes the anonymized and aggregated volume of trips and general movement patterns of the population. FHM is able to use this to observe changes in population movement at national, municipal and local levels, in particular in relation to travel guidance.

Status September 1st: Telia continues to provide the Crowd Insights service, from early April and onwards.

Issues closed by September 1st 2020

Denmark – An executive order for the collection of data, updating the Danish legislation in cases of epidemics, was passed by Parliament without any ordinary hearing, and the executive order was then also issued without a hearing. Some weeks later, however, the executive order was repealed.

April 28thIssue closed: Actual requests for data based on the executive order never materialized.

Estonia – The Estonian governmental agencies requested anonymized or pseudonymized traffic data, instead of data insights, from the mobile networks operators in Estonia and based on the Electronic Communications Act.

April 28th: Telia Eesti offered an alternative approach and proposed the authorities to solve the request based on the Telia Company Crowd Insights platform and to use Telia’s existing service for providing anonymous and aggregated mobility insights.

Status up-date June 1st Issue closed: This proposal was accepted by the authorities and relevant cooperation based on providing mobility insights delivered by Telia Company Crowd platform continued until the end of the emergency situation in Estonia (17th May 2020).

Finland – The Finnish Prime Minister’s Office asked Telia Finland to provide anonymized and aggregated mobility insight data via Telia’s Crowd Insights service. Telia has agreed to provide the service from 3rd April onwards. On 28th April, The Finnish Chancellor of Justice concluded after requesting clarification from the Prime Minister’s Office regarding the Government’s use of Telia’s Crowd Insights service that the use does not violate anyone’s right for privacy.

Telia Finland provided the Crowd Insights service to the Finnish Prime Minister’s office from 3rd April to the end of June.

July 1stIssue closed:: The contract with the Prime Minister’s Office elapsed end of June according to the agreement.

Sweden – The Swedish Embassy in Washington, USA, submitted a request to Telia through the Swedish NRA (PTS) to deliver to the Embassy statistics on the number of Telia customers roaming in the US. PTS approved the request. (The request was not based on legislation.)

April 28th: Requested statistics are delivered on a weekly basis from the end of March 2020. The information does not include personal data.

Status up-date June 1stIssue closed: On May 12th the Embassy informed Telia that they no longer needed the information and delivery of statistics was discontinued.

Sweden – The Swedish Civil Contingencies Agency (MSB) requested the main operators in Sweden to prepare for a mass-SMS to all its respective subscribers with a message from the authorities in relation to Covid-19. Telia Company responded positively but asked the Authorities to confirm the legality of the full set-up, including checking with the national Data Inspection Board. (The request was not based on legislation.)

April 28th: MSB has not yet requested the operators to send an SMS.

Status up-date June 1stIssue closed: The issue will not be pursued by the authority.

 

Sweden – The Swedish Civil Contingencies Agency (MSB) on May 28th asked Telia Sweden to consider the following. Tourists arriving to Sweden and Telia’s network all receive a ‘welcome-to-Sweden-SMS’. The MSB-proposal is to add a sentence to such SMS’s with something like the following; Follow the latest updates from Swedish authorities regarding covid-19: krisinformation.se/en. (It was noted that the proposal was not based on legislation.)

July 1st: Issue closed. Telia declined the request at this time due to uncertainties around the legal basis for the activity.

 

More information about Telia’s work within this area

Telia Company’s transparency commitment has been further defined in our Group Policy on Freedom of Expression & Surveillance Privacy. We provide additional context and statistics in our Annual and Sustainability reports, most recently in the Telia Company Annual and Sustainability report 2019, page 51. Telia Company’s full Law Enforcement Disclosure Report 2019, published in March 2020 and with more detailed context, definitions, etc., is available here.

 

Context of Telia Company’s transparency commitment as to freedom of expression and surveillance privacy

According to Telia Company’s statement of materiality we are committed to a number of international guidelines on human rights, including the UN Guiding Principles on Business and Human Rights. Accordingly, we are to ‘Know and Show’ that we respect human rights, including individuals’ right to freedom of expression and to surveillance privacy. Therefore, we seek to know our human rights impacts, risks and opportunities, and we seek to show how we address them. It is in this context that we publish information on requests or demands from governments during the covid-19 crisis and how we have handled them. Our transparency commitment has been further defined in our Group Policy on Freedom of Expression & Surveillance Privacy (principle 4). We provide additional context and statistics in our Annual and Sustainability reports, most recently in the Telia Company Annual and Sustainability report 2019, page 51. Telia Company’s full Law Enforcement Disclosure Report 2019, with more detailed context, definitions, etc., is available here.

Global Network Initiative (GNI)

All over the world companies in the ICT-sector face increasing government pressure to comply with domestic laws and policies in ways that may conflict with the internationally recognized human rights of freedom of expression and privacy.

In response, a multi-stakeholder group of companies, civil society organizations (including human rights and press freedom groups), investors and academics – together some 50 entities - have joined together in a collaborative approach to protect and advance freedom of expression and privacy in the ICT sector, and formed this Global Network Initiative (GNI). More information about the GNI is available here.

Telia Company is an active member of the GNI. Our active participation stimulates shared learning on how to best respect freedom of expression and privacy and provides leverage to advocacy promoting freedom of expression and privacy in the ICT industry.