The relevance of the UNGPs for responsible business conduct in the technology sector

This blog post is based on the interventions of Isabel Elbert in the webinar on Corporate Due Diligence and Digital Transformation organised as part of the First Annual Conference of the Nova Centre on Business, Human Rights and the Environment with the support of PLMJ, the Portuguese Chamber of Commerce and IndustryCEDIS, as well as NOVA 4 The Globe on the 24th of November 2021.


About the authorIsabel Elbert is a Senior Research Fellow at the Institute for Business Ethics, University of St. Gallen and holds a PhD in Organizational Studies. Her PhD focused on digital companies’ managerial response process to data disclosure requests by governments. She also serves as a strategic advisor to the United Nations on Business & Human Rights in the technology sector, the B-Tech Project. Isabel has been a visiting researcher at the Oxford Internet Institute (2019-2020). She has been part of a Swiss National Science Foundation research project on workplace monitoring (2018-2020). Isabel served as the EU Representative of the Business & Human Rights Resource Centre in London (2014-2018).


What does it mean to talk about due diligence in the context of human rights, and what precisely do the UNGPs mean for corporations in the EU?

When you speak about due diligence in a more general sense, the term is usually used to describe an assessment of risk to the business. In line with the United Nations Guiding Principles on Business and Human Rights (UNGPs), due diligence relates to human rights. Here it is really about the risk to people that is the focus when you are assessing the impact, and those impacts are business impacts on Human Rights stemming from or being connected to the activities of the business.

The UNGPs followed a value chain approach, calling for all businesses to carry out Human Rights due diligence to identify, prevent and mitigate adverse impacts on Human Rights. Usually, the processes are clustered into four steps. Although there are different interpretations, most of the approaches cover the same elements. It starts with identifying and assessing the impacts to understand the nature and extent of the Human Rights risks. Secondly, it means acting to prevent or mitigate risks to people. That also includes integrating those risk management processes into internal functions and across the respective units. Thirdly, companies should track the effectiveness of these risk mitigation systems over time, also make sure that they respond to risks that might be emerging while the due diligence process is going on. And, very importantly, they should also, fourthly communicate about problems appropriately, about the performances on those identified risks, and then try to have due diligence processes as an ongoing exercise that can also serve as a learning experience inside the company, and contribute to remedy adverse impacts.

So, while doing the impact assessment, you might discover issues that you would not have anticipated, particularly in the technology sector: as you roll out certain technologies, you might discover unintended consequences that you could not predict ex-ante. So that is why due diligence has that ongoing nature that I would like to emphasize.

The principles were not made up in a void; there were based on a several yearlong process – a global consultation process where besides States also business participated, civil society participated, trade unions, and then they all endorsed the UNGPs that we have been using for ten years.

And when it comes to the conduct of tech companies in the European Union, it follows that same approach.

So, the UNGPs are a global framework and valid in the EU.

Some of you might have followed this ongoing debate on the EU mandatory due diligence law that would then, besides Human Rights, encompass environmental due diligence. And so, the way we should think about the UNGPs is that they are a global normative framework with a solid political foundation and a pragmatic approach. It’s not that we would assume that businesses can never harm Human Rights, but that they should responsibly identify, prevent and mitigate those adverse impacts that might occur. But at least you should manage them, and of course, the ideal goal would be that businesses do no harm. So that is what we are driving towards.

Since those ten years, the uptake by business has been quite significant. You can also see that most big tech companies now have an Human Rights policy in place.

The other question is then how does it boil down to actual practice, and I think there are some differences. We have set up a UN project working on implementing the UNGPS in the tech sector. The B-Tech Project was launched to translate the cross-sectoral Guiding Principles to the management practices of the tech industry. And we have come out with guidance on how companies can respect Human Rights, in particular in tech, and how they can also be incentivized to do so by the State –through regulation but also via incentivizing mechanisms – such as access to export credits for companies that demonstrated that they have better processes in place than others might have.

So it’s that belief to cultivate the knowledge about Human Rights as this universal baseline when you are doing business.

And again, in order not to act in a void, we also have set up a Company Community of Practice as part of B-Tech where we are bringing together the big players in the tech industry to speak about human rights due diligence processes. What is going well, what is not going so well, how can that be improved? The ultimate goal is to translate the UNGPS to the specific challenges of the tech industry.

We have recently published some outputs to reflect on the current state of human rights due diligence, mainly deriving from this conversation with tech businesses.


What are the main challenges you see for the tech sector, specifically in terms of contributing to a more responsible and rights-respecting environment, whether on the internet or elsewhere?

In a nutshell, I would say we have seen that, in shaping the digital transformation, the private sector is obviously the one that is de facto the key actor. In particular, when it comes to global internet governance. That relates from where the UNGPs come from – they were adopted because the UN realised that the power of States does not equal the de facto power that global business has. So it closed that governance gap of power that also today Big Tech has, bringing them into the conversation about the type of economy where we want to live and conceptualizing the corporate responsibility to respect human rights.

In that regard, it is a bit concern that some tech companies continue to dodge aside their responsibility as agents because we know that humanity is dependent on that type of connectivity structure and communication structures that tech offers. At the same time, while we are so dependent, it is complex to find an inclusive way of governing those structures without cutting access to freedom of expression- or not using those potentials that innovation can bring, particularly when you think about remote communities or all the types of solution of AI that might be coming up in the health sector.

At the same time, one of the key issues, why it is so hard to govern the tech space, is the speed: the adverse impacts might spread so quickly that it is really hard to get them “back into the box” once the adverse impacts have been “unleashed”. We have seen this particularly with the incitement to violence on social media platforms, among other examples.

I was speaking about connectivity – there are also telecommunication companies among the ones that we work with. And they are so vital for improving connectivity and connecting the social with the infrastructure layer, and providing the digital services that many other platforms are offering online.

When we then witness this global increase in network shutdowns, it is a good example to demonstrate that State interests and corporate interests sometimes really collide. Some governments are keen on cutting access because they want to maintain their power. Still, the citizens would like to continue to mobilize and exchange ideas on how they would like to live together and how their country should be run. In this equation, the telecommunications companies are an important actor to ensure network connectivity.

So, again I think that the role of the private sector in shaping our digital transformation is essential. It is absolutely vital that the private sector is participating in this conversation, but it needs to be clear on what type of minimum consensus it is operating. From our point of view, it is the UN Guiding Principles and business respect for human rights. It’s about not doing harm and managing the adverse impacts stemming from business conduct.


Reflections On the Status of Business Respect For Human Rights in the Technology Sector

Strategic Aspects of Business Respect for Human Rights – Part One: Overview and Reflections on Current Practice

Strategic Aspects of Business Respect for Human Rights – Part Two: Themes for Further Attention

COP meeting with Special Rapporteurs


Suggested citation: Isabel Elbert, ‘The relevance of the UNGPs for responsible business conduct in the technology sector’, Nova Centre on Business, Human Rights and the Environment Blog, 19th January 2022.