Will the EU Give Companies Selling Spyware and Stalkerware a Free Pass?
Will European Union institutions allow corporations to spy on children online, enable abusers by allowing partners or family members to use stalker ware, or sell spyware to abusive governments to crackdown on human rights defenders?
The answers hinge on how forthcoming EU legislation on corporate sustainability due diligence will define value chains. The proposed legislation is in the final phase of negotiations—trilogues—among the European Council, Parliament, and Commission.
A company’s value chain doesn’t consist only of its production networks. It also includes product development, transportation, logistics, marketing, sales, foreseeable use and misuse, and disposal of end-of-life products. If policymakers define “value chains” narrowly as simply the production of goods, it would create a massive loophole that limits the scope of legal scrutiny using the legislation.
This isn’t just a theoretical debate without real-life consequences. When it comes to technology, for example, women, children, those from marginalized communities such as LGBT people, and political dissidents will pay the price for dangerous loopholes allowing companies to skirt scrutiny.
Studies in Canada and Australia have shown how technology facilitates stalking and intimate partner or family violence. Companies selling surveillance technologies to authoritarian regimes enable human rights abuses. Education technology companies developing and selling online education services have failed to safeguard children’s rights and mitigate foreseeable risks of online abuse and surveillance.
If the proposed law embraces a wider view of value chains, requiring companies to assess human rights risks across their operations, it would protect more people from harm, as called for under The UN Guiding Principles on Business and Human Rights (UNGPs). The UN Special Rapporteur on freedom of opinion and expression said, in relation to the commercial spyware industry, there is “no public information suggesting that human rights assessments are a routine component of due diligence during sales … [or] that these assessments continue throughout the life cycle of the product and any contract for after-sales support.”
The proposed EU legislation should give legal teeth to the UNGPs so that more companies implement them. Policymakers shaping the proposed legislation should not create gaping loopholes that give companies free license for dangerous technology to be developed and sold without human rights safeguards. Ignoring foreseeable human rights harms, such as contributing to stalking, intimate partner violence, or other gender-based violence, and crackdowns against human rights defenders would not just be a blow for corporate accountability, but also for children’s rights, gender justice, and rights defenders around the world.