FEM and partners have written to the CEO of Ooredoo global to urge the company to conduct human rights due diligence on any potential sale, vet any potential buyers, safeguard users, and engage with stakeholders. 

The letter

We, the undersigned organizations, work to protect, promote and defend human rights in Myanmar, particularly in the digital arena.

We are writing regarding reports emerging about the sale of Ooredoo Myanmar. We seek constructive engagement and dialogue with your office to support you in upholding your responsibility to respect human rights and risk assessment in the course of this sale.

We agree with Ooredoo’s public statement that you have an important role to play in bridging the digital divide in Myanmar. Disposal of your operations in Myanmar without a thorough and consultative human rights due diligence process will, however, place the people in Myanmar at serious risk and worsen this digital divide by failing to facilitate remedies for rights violations and allowing for continuing and increased transgressions by a potential successor operator. 

This could not only result in potential human rights violations, but will likely lead to reputational costs for Ooredoo, and not necessarily end Ooredoo’s association with its assets in Myanmar. This was evident from the exit of Telenor Myanmar – which led to criticism from its investors, Norwegian Members of Parliament, Norwegian press and civil society, international legal experts. Telenor remains engaged in accountability processes for their failure to comply with responsible business conduct principles.  

To avoid this, we urge Ooredoo to immediately conduct human rights due diligence in line with the UN Guiding Principles for Business and Human Rights and the OECD Guidelines for Multinational Enterprises. In conducting this assessment, we strongly urge Ooredoo to directly engage with representatives from civil society who have been monitoring and pushing back against digital rights challenges in Myanmar – including our organizations who have expertise with respect to the ICT sector on human rights compliance and international standards. We are keen to speak with your office and also share contacts with other stakeholders who can provide advice and direction on human rights safeguards. 

To guide this engagement and assessment, we encourage Ooredoo to take the following points into account.

Recommendations to Ooredoo

Consistent with your responsibility to respect human rights, Ooredoo should take measures to protect its workers, including those in its supply chain; its customers/users, and the communities where they operate their offices and infrastructure (collectively referred to here as “stakeholders”). In doing so, we recommend the following approach: 

1. Public policy commitment to international human rights and responsible business standards, including, in particular, acknowledgment of the corporate obligation to avoid causing or contributing to adverse human rights impacts and attempt to prevent or mitigate negative impacts when exiting Myanmar. These should be set out in publicly available human rights policies, in accordance with Principle 16 of the UN Guiding Principles for Business and Human Rights (‘UNGPs’) and reference rights set out in, amongst others, the Universal Declaration of Human Rights; the International Covenant on Economic, Social and Cultural Rights; the International Covenant on Civil and Political Rights; and the International Labour Organization’s Declaration on Fundamental Principles and Rights At Work.

2. Conduct heightened human rights due diligence to comply with your corporate responsibility to respect human rights in a conflict-affected context such as Myanmar. The risk of gross human rights abuses is heightened in a conflict-affected context.  Ooredoo’s human rights due diligence in relation to the ongoing talks to sell its Myanmar operations must therefore be heightened and involve four components, in accordance with Principles 17 to 21 of the UNGPs: 

• Assessing actual and potential adverse human rights impacts of a decision to sell, including assessment of the nature of potential buyers;
• Integrating and acting upon the findings of such an assessment, including appropriate action to address adverse impacts;
• Tracking the effectiveness of responses, including through engagement with stakeholders; and
• Communicating externally on how adverse impacts are addressed, in a regular, transparent and accessible manner to all stakeholders.

3. Engage with stakeholders in a continuous and transparent dialogue, including disclosing to them how Ooredoo will respect the people’s rights to privacy, expression, information, association and security. This engagement may include collaboration on and disclosure of steps that stakeholders can take to protect themselves from potential rights violations, including in connection with their customer data, that may arise as a consequence of the sale. 

4. Immediately establish an effective, secure and easily accessible communication platform where stakeholders can raise risks, threats, and other urgent concerns that may arise in relation to a potential sale of Ooredoo’s operations in Myanmar. This mechanism should be supported by a transparent commitment to immediately engage with concerned stakeholders to come up with mitigation or remedial measures to address potential adverse human rights risks, threats and other urgent concerns.

In particular, these following measures should guide Ooredoo in a potential exit from Myanmar:

5. Thoroughly vet potential buyers to ensure that the buyer has:

• A demonstrated commitment to operating responsibly in accordance with international human rights standards, including transparent engagement with stakeholders;
• No record of being involved or implicated in human rights abuses or corruption;
• No links to sanctioned individuals, members of the military junta or their families, or individuals whose investment is obtained through illegal activity, including sanctioned activity;
• A demonstrated ability and commitment to ensure uninterrupted, accessible, affordable, and effective rights-respecting service to the people of Myanmar, including a commitment to pursue legal means to push back against military orders when these do not comply with the international legal principles of legality, necessity, and proportionality.

6. Take immediate steps to set in place adequate and effective safeguards to protect the rights of Ooredoo’s customers within Myanmar, ahead of any exit. These include:

• Setting in place operational, technical or other safeguards to prevent personal data of Ooredoo’s customers from being transferred to the control of the Myanmar military;
• Implementing data protection and privacy safeguards which are effective and adequate to protect against military orders for illegitimate access to customers’ data prior to or during a sale process;
• Publicly and transparently informing customers and the public about the due diligence, management, and protection measures that are in place or which will be instituted to protect user data during and after the cessation of Ooredoo’s operations in Myanmar, including transparent engagement with stakeholders to discuss or advocate for possible legal reforms that comply with international law and human rights standards;
• Setting in place operational, technical or other safeguards to protect against the abuse of any surveillance technologies which currently or are reasonably foreseeable to be abused for illegitimate surveillance by the Myanmar military – including intercept and/or dual use technologies.

7. Commit to provide support, remedy, and compensation for adverse human rights impacts arising from a sale, in accordance with Principle 22 of the UNGPs. This should be based on a clear mapping by Ooredoo of all possible adverse human rights impacts imminent from a sale, informed by, and in collaboration with stakeholders, and address current and potential sanctions. Such a commitment should include:

• Setting up grievance mechanisms that are independent, impartial, effective, accessible and secure for complainants, with clear provisions on compensation, reparations, and protection, and where mechanisms are made available publicly to customers and the public at large. Such grievance mechanisms should be in jurisdictions with stronger civil and political protections; and
• Implementing measures preventing reprisals against complainants or staff, including through consultation with independent experts and civil society on potential adverse incidents, security training and data protection and privacy best practices.