In January 2020, ARTICLE 19 and DIHR began work to carry out a human rights assessment workshop with domain name registry PIR. Such a process has only, to our knowledge, been conducted by two other internet registries and registrars before: the Dutch Internet domain registry SIDN and Blacknight Internet Solutions LTD. PIR is the first generic top-level domain (gTLD) registry to undergo this assessment. Our work with PIR has now been completed. Our key observations are below.
UN Guiding Principles on Business and Human Rights and Internet Infrastructure Providers
In 2011, the United Nations Human Rights Council endorsed the UN Guiding Principles on Business and Human Rights (UNGPs), which apply to all companies, including internet infrastructure providers. Generally, it is expected that all companies exercise due diligence in their efforts to respect human rights and thereby avoid causing or contributing to adverse impacts on human rights. This requires companies to proactively monitor their operations and impacts for human rights concerns and provide remedies in case such concerns do arise.
Assessing Gaps and Impacts
We would like to thank PIR for agreeing to participate in the project and for its cooperation during the review. As with prior assessments conducted, our observations and recommendations were submitted in a report to PIR. Through our collaboration, PIR will continue their efforts to further prevent and mitigate any adverse human rights impacts, as our observations include recommendations on how PIR can do so. Apart from considering potential impacts related to PIR’s provision of services, our methodology looks at the full range of human rights impacts. Therefore, it also included looking at PIR as an employer and procurer of goods and services, as well as its role in relation to the environment and local communities.
Our methodology involved a high-level gap analysis of PIR’s policies, operations, and safeguards therein to assess what is incomplete, missing, or could be improved. This analysis involved reviewing PIR’s public and internal documents and holding a workshop together with PIR staff and management. During the workshop, DIHR and ARTICLE 19 conducted a session with PIR staff on the basics of corporate human rights due diligence and discussed initial findings with responsible PIR staff to assess their relevance.
Our Findings in the PIR Assessment
First, our findings determined that PIR had already set clear statements around ethics and morals as well as clear commitments to privacy and due process. However, it did not have a human rights policy or an explicit commitment to international human rights in its existing policies, an important first step toward proactive human rights due diligence as prescribed by the UNGPs.
Second, we found that PIR as an employer often goes beyond state and national legal requirements, and generally lives up to international standards and recommendations. This particularly includes matters relating to labour law, especially on issues of working hours, wages, and leave.
Third, PIR has yet to draft a partner and supplier code of conduct to create a structured approach for consideration of human rights in its procurement processes and supplier relationships.
Fourth, PIR was aware of its impact on the environment and the potential related human rights impacts and was working to mitigate them (e.g. in relation to extensive travel) and has begun taking a more structured approach to its impacts.
Fifth, we found that PIR has a number of policies aimed at reducing negative impacts of its own measures in relation to domain suspensions and takedowns, as well as policies aimed at limiting the potential harms caused by registrars or registrants, e.g. in relation to child sexual abuse materials (CSAM). While aspects of human rights due diligence are in place in practice, human rights is not explicitly mentioned in policies or in contracts with third parties related to the provision of services.
Additionally, we found that, at the time of the assessment, there could be more involvement of external stakeholder groups, including rights holders, in the assessment of impacts of products, services, and policies.
Some of our recommendations include the following, which cut across the entire organization:
- PIR should develop and incorporate a human rights policy or an explicit commitment to international human rights in its existing policies.
- PIR should update its employee handbook and related policies to explicitly address human rights and restate its privacy protections and expectations.
- PIR should develop up a Business Partner/Supplier Code of Conduct that clearly sets out PIR’s expectations around human rights and that can be used to improve the practices of the third-parties with whom PIR engages.
- PIR should ensure that its annual report has data shared with a human rights focus.