You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

Archive for the 'corporate social responsibility' Category

Managing Corporate Risks in an E-Environment


My colleague Daniel Haeusermann and I just released a new paper entitled “E-Compliance: Towards a Roadmap for Effective Risk Management.” In the article, which is largely based on consulting work we’ve been doing, we argue that the widespread use of digital communication technology on the part of business organizations leads to new types of challenges when it comes to the management of risks at the intersection of law, technology, and the marketplace. In order to effectively manage these challenges and associated risks in diverse areas such as security, privacy, consumer protection, IP, and content governance, we call for an integrated and comprehensive compliance concept in response to the structural and substantive peculiarities of the digital environment in which corporations – both in and outside the dot-com industry – operate today. See also this post. The conclusion section of the paper reads as follows:

Through significant efforts, the legal system has adjusted to the changes in the information and communications technology of daily corporate life—changes at the intersection of the market, technology, and law. Organizations must make adjustments on their part as well in order to deal with the consequences resulting from these changes in the legal system. The observation that led to this essay was that these adjustments represent a greater challenge than the already decreasing entropy surrounding concepts such as “e-commerce law” or “cyberlaw” would suggest. Our initial foray into the concept, characteristics, responsibilities and organizational guiding principles of e-Compliance confirms this observation.

E-Compliance, as discussed in this article, is confronted with the phenomenon of a close interconnection between law and technology, a prominent dynamization of the law, massive internationalization of issues and legal problems, as well as a strong increase in the significance of soft law. These characteristics, which in part may also apply to traditional areas of compliance such as financial market regulation, call in their interplay for the further development of compliance concepts as well as adaptation of the affected aspects of corporate organization. Due to the increasing amalgamation of corporate organizational nexus and ICT, the symbiotic relations between traditional compliance and e-Compliance will be increasingly amplified. The view that e-Compliance represents merely a single risk area among the many of compliance is therefore outdated in our opinion. E-Compliance is actually a multidimensional and multidisciplinary task, although there are certainly areas of law that are particularly affected by digitization (or also which particularly impact digitization) and therefore are of particular importance for the field of e-Compliance.

Thus, in conclusion, the authors do not posit a special “e-Sphere” within or without existing compliance departments. Rather, we argue for an integrated and comprehensive compliance concept that appropriately makes allowance for the structural and substantive peculiarities of e-Compliance as outlined in this essay and stays abreast with the pace of digitization.

Please contact Daniel or me if you have comments.

Corporate Social Responsibility: What is the Meaning of “Sphere of Influence”?


I just returned from the Norwegian Government Pension Fund – Global Council of Ethic‘s Workshop on Corporate Complicity in Human Rights Violations, where I was participating in a session entitled: “In Search of Criteria for Corporate Complicity in Human Rights Violation: Responsibility for acts and omissions of entities outside the ownership structure but possibly within the ‘sphere of influence'”. It was a very interesting and productive workshop with a wonderful line-up of speakers and contributors, including former Secretary of State Madeleine Albright and Professor John Ruggie, UN Special Representative.

Several workshop participants asked me to make the manuscript of my speech available. Here it is (comments welcome):

Dear Colleagues,

I’ve been asked to approach the question of corporate social responsibility for acts and omissions of business entities outside the ownership sphere but possibly within the “sphere of influence” from a legal perspective. Please let me address four issues with emphasis on the second and third questions.

First, I comment briefly on the legal status and relevance of the “sphere of influence”-concept under current law, and provide in a nutshell a summary of the current state of the debate regarding its concretization and specification.

Second, I would like to address the question why, exactly, it is challenging — from a legal perspective — to make the “sphere of influence”-concept more concrete, for example by defining criteria or by establishing some sort of typology regarding situations of influence.

Third, I will map and discuss from a broader angle two alternative approaches to the definition problem: a top-down and a bottom-up approach.

Fourth, I would like to touch upon the question of the virtue of the “sphere of influence”-concept – despite its relative vagueness. The closing remarks will lead over to the ethical perspective — a debate Dr David Rodin will comment on.

1. What is the legal status of the “sphere of influence “concept?

The exact status of the concept and its legal relevance are the subject of an ongoing (and controversial) debate among the stakeholders. From a lawyer’s perspective, I would argue (as it has been argued by Professor Ruggie in the interim report on the issue of human rights and transitional corporations) that the concept — at least at this point in time — is a non-legal or eventually what we might call a pre-legal (“vorrechtliches”) concept. The “sphere of influence”-concept as introduced into the corporate social responsibility discourse by the UN Global Compact and now most prominently mentioned in Art. 1 of the Norms on the responsibilities of transnational corporations and other business enterprises with regard to human rights (“the Norms”) developed outside the legal system and evolved in the political environment. The fact that neither national nor international courts to date seem to have adjudicated on the concept within the corporate responsibility context (as extensive case law searches suggest) also speaks for its non-legal character — although, of course, the notion of “influence” as such plays an important role in many areas of law (including corporate liability law). Similarly, experts have not been able to find extensive definitions or explicit references to the concept in national legislation (except actually one reference in Indonesian environmental law).

However, the qualification of the “sphere of influence”-concept as non-legal does not mean that it is entirely irrelevant from a legal perspective. Even without having a clear legal meaning or being suited to serve as a basis for establishing binding obligations, the notion of “sphere of influence” is itself likely to influence, to some degree or another, the reasoning of law-/policy-makers and courts alike. Cases such as Doe v. Unocal on corporate complicity may serve as early examples in that respect. In addition, a possible future incorporation of the “sphere of influence”-concept in, for instance, international treaty law or at the level of national legislation would apparently change the current qualification.

Please let me turn now to the second question I would like to address:

2. What makes it so difficult to define the notion of “sphere of influence”?

The “sphere of influence”-concept is not defined by international human rights standards. In fact, a consensus about the definition has yet to be reached. Although the use of vague terminology is by no means new or foreign to law in general and international law in particular, some commentators have expressed some frustration with the continued lack of concrete meaning assigned to key terms in documents such as the UN Norms or Global Compact. Yet, the slow emergence of substantive discussion of the sphere of influence concept may also be linked to the supposition that the definition of each company’s sphere of influence depends on a highly fact-specific evaluation of that company’s operations. As the OHCHR Briefing Paper states, each company’s sphere of influence is in part a function of its political, contractual, economic, and geographical proximity to individuals. It also follows that larger companies will generally have a larger sphere of influence, since they will share proximity with a larger number of individuals (Briefing Paper, at 4). Additional factors that may impact the determination of a particular company’s sphere of influence are the exact nature of the company’s operations, the industry or industries it engages in, as well as its corporate structure. In this way, there is not only a quantitative aspect to a company’s sphere of influence that may be measured in miles or numbers of individuals, but also a qualitative aspect.

It may be useful to take a look at a case study to illustrate how subtle the factual differences with potential (legal and ethical) significance might be if it comes to a business’ sphere of influence.

Cisco, Yahoo!, Microsoft, and Google were all implicated in recent attention to alleged complicity in human rights violations perpetrated by the Chinese government. While the challenges faced by at least three out of the four U.S. corporations are similar – Yahoo!, Microsoft, and Google alike have to deal with issues of individual security and government control of Internet content in China – and although the situation with regard to the “sphere of influence” might appear to be comparable at first glance, the analysis gets much more complicated if one takes a closer look at some of the elements mentioned before, including, for instance, the different ownership structures of the three Internet service companies – as reported in news media – with regard to their Chinese business operations:

  • Yahoo!, for instance, formed a long-term strategic partnership in China with, a Chinese company that owns the Yahoo! China business. According to statements by Yahoo! executives, Yahoo! holds one of the four board seats, but does not have day-to-day control over Alibaba’s Yahoo! China division.
  • Microsoft’s China portal is operated by a local entity, Shanghai Alliance Investment Ltd. (SAIL), through a joint venture agreement. SAIL is reportedly operated by the Chinese government, while the servers which deliver Microsoft’s Chinese services apparently do not reside in China, but rather in the United States.
  • As for Google, it evidently operates its “” business under a license owned by a local company, The precise nature of the presumably merely contractual relationship between the two entities, however, has not been made public.

What are the consequences of these rather small, but in our context important differences with regard to the “sphere of influence” analysis? Naturally, we can only speculate about it at this point, but a few questions might illustrate some of the issues up for discussion.

  • To what extent, for instance, does the corporate separateness between Yahoo! and that operates Yahoo!’s China businesses limit Yahoo!’s sphere of influence compared to other instances where Yahoo! has direct control over a subsidiary located elsewhere? What does it mean for the sphere of influence analysis that Yahoo! holds one seat out of four on the board of the local partner?
  • How is Microsoft’s sphere of influence affected if Reuters’ reports were correct and the Chinese government in fact operates Microsoft’s joint venture partner, Shanghai Alliance Investment Ltd.?
  • To what extent is Google’s sphere of influence vis-à-vis the Chinese government larger or smaller given its model of a relatively loose contractual relationship with a local partner — as compared to alternative approaches taken by its competitors?

All of these factors, among many others, weigh into the determination of each company’s sphere of influence. Therefore, the meaning of “sphere of influence” for each company must be analyzed in detail and on a case by case basis with a holistic view of the company, its partnerships and relationships with other entities and governmental agencies, its legal structure and organization as well as its physical property and operations.

It is this highly fact-specific nature of the “sphere of influence”-concept that makes it so challenging to define it in general terms and on an abstract level. This conclusion leads to the next question:

3. What are possible approaches to the definitional problem given the outlined characteristics of the “sphere of influence”-concept?

Essentially, one might distinguish between two approaches aimed at giving the concept a clear meaning. A top-down approach seeks to address the definition problem authoritatively (or quasi-authoritatively) by introducing a set of criteria such as, for example, the size of a company, and/or to provide a typology of situations that allows the determination of whether an act or omission is within a business entity’s sphere of influence or not. A top-down approach along these lines was apparently envisioned in the Human Rights Resolution 2005/69 by the Commission on Human Rights, where it included in the mandate of the Special Representative [on the issue of human rights and transnational corporations and other business enterprises] the task “to research and clarify the implications … of concepts such as ‘complicity’ and ‘sphere of influence’.”

This leaves open, however, the ways in which criteria or constitutive elements can be identified. One common way to deal with such situations – at least seen from a legal perspective – is to analyze frameworks dealing with structurally similar problems or issues in previous situations and other areas of law, and to derive criteria from these discourses based on their similarities. Such an analogy has recently been proposed in a brief on corporations and human rights in the Asia-Pacific region. The authors of the report, members of Allens Arthur Robinson, argue that the doctrine of duty of care as used in the realm of corporate civil liability is analogous to the concept “sphere of influence”. (Brief, p. 13)

It seems worthwhile to further explore the merits of this analogy and take a closer look into the common law concept of duty of care and its doctrinal counterpart in the civil law system. The rich body of case law on corporate liability for acts and omissions of subsidiaries, for instance, provides a tentative list of criteria and factors that might be considered in the context of the human rights’ “sphere of influence”-concept. These criteria include, among other things,

  • profit sharing,
  • contributions towards financing the subsidiary,
  • degrees of oversight and/or joint control, or
  • masterminding a venture,
  • etc.

Similarly, case law on third party liability in the context of joint ventures sets forth criteria that may be useful in the corporate social responsibility context. Among the criteria are:

  • Shared common interest in the subject matter of the venture;
  • shared profits and losses; and
  • joint control or the joint right of control over the venue.

Although the proposed analogy might prove to be helpful to further develop and clarify the “sphere of influence” concept, the analogy should in my view not be overstretched. In particular, further research is needed to determine to what extent duty of care mechanisms are normatively appropriate to assess the potential scope of a corporation’s legal sphere of influence in the human rights context as proposed by the authors of the above-mentioned brief on corporations and human rights in the Asia-Pacific Region.

An alternative type of approach aimed at clarifying the meaning of the notion “sphere of influence” would not operate top-down, but bottom-up. Outside the legal realm, corporate policies on human rights issues are the key drivers of such an approach. As pointed out in the interim report by the Special Representative, nearly 8 out of 10 Fortune Global 500 companies report to have an explicit set of principles or management practices regarding the human rights dimensions of their operations (interim Report, para. 33). These policies usually also encompass third parties such as suppliers, contractors, distributors and joint venture partners. A thorough analysis, evaluation, and multi-stakeholder discussion of this evolving body of norms could ultimately result in broadly accepted industry best practice standards, which may serve as “testing ground” for further norm-setting projects, for instance in the context of the U.N. Global Compact initiative.

The ongoing efforts of leading global providers of information and communication services and technology to create a code of conduct on freedom of expression and privacy in the aftermath of the above-mentioned human rights violations in China illustrate the dynamic as well as the complexity of such a bottom-up process. In these processes, issues like the “sphere of influence” are typically addressed in multi-stakeholder consultations and, eventually, even in negotiations with governmental agencies. Against this backdrop, it does not come as a surprise that a recent consultation draft by key players of the Internet industry explicitly, for instance, addresses their responsibility vis-à-vis business partners in joint ventures or commercial relationships with legal entities where they do not have management control of the operations and may not have final authority for business decisions to apply principles regarding freedom of expression and privacy as they relate to the use of information and communication technologies worldwide.

The structural advantage of a bottom-up approach in the specific context of the “sphere of influence”-concept is straightforward: Emerging industry standards based on respective corporate policies would be grounded in “real world scenarios” and more likely to reflect the actual reach of the businesses involved. Further, businesses are arguably better suited to identify and analyze criteria aimed at clarifying the abstract concept of “sphere of influence,” either by introducing substantive criteria or developing procedural obligations that would ensure that they take into account the scope of their human rights responsibilities while planning and executing their operations. On the other hand, of course, such a bottom-up approach carries an inherent risk that companies aim for the lowest common denominator rather than realistic and best practice-oriented definitions and assessments of their respective “sphere of influence”, or that a consensus cannot be reached at all.

Alternatives to a corporate-policy-driven approach to the “sphere of influence”-concept include, among others, civil litigation over corporate human rights violations. The promises of this alternative type of bottom-up approach largely depends on the question whether the notion of “sphere of influence” itself enters the legal arena or not – for instance in the context of legally binding obligations. While litigation-based mechanisms of making abstract concepts more concrete over time are obviously well-known in law in general and statute-based jurisdictions in particular, this approach has significant drawbacks from the perspectives of some stakeholders (including corporations), because it naturally creates legal uncertainty and bears no guarantee that, in fact, important interpretative issues will ultimately be clarified by courts. In addition, it might be difficult to distill shared criteria and common standards from the jurisprudence of various courts that operate in different jurisdictions and legal cultures.

In closing my remarks, please let me turn now to the fourth and open question I would like to raise at this workshop:

4. Given the discussed uncertainty regarding the contours of the “sphere of influence”-concept and its questionable feasibility in the legal context, does that mean it lacks any virtue?

In my view, the answer to this question is no. The “sphere of influence”-concept has not only what we might call a “factual” or “empirical” dimension that has gained much attention in many of the heated discussions so far, but also an important – probably an even more important – discursive function. From such a normative perspective, the “sphere of influence”-concept is not only the expression, but also among the drivers of the seismic shift from a state-oriented paradigm of human rights to a broader, holistic approach aimed at ensuring and fostering human rights (among private actors). The debate among the stakeholders about the concept’s status, its concretization, and its institutional and procedural implications at various policy levels suggest that the concept “sphere of influence” has indeed “taken on a life of its own” as expressed in the Special Representative’s interim report (para. 40), although it remains to be seen in what direction this evolutionary process will take us.

I now leave it to the next speaker, Dr Rodin, to further comment on this complex theme that oscillates between law and ethics, and I’m looking forward to our open discussion thereafter.

Thank you very much for your attention.

EU Parliament Calls For Code of Conduct For Internet Intermediaries Doing Biz In Repressive Countries


With the usual time-lag, the debate about Internet censorship in repressive countries such as China and the role of Internet intermediaries such as Google, Microsoft and Yahoo! has now arrived in Europe. The EU Parliament now confirms what many of us have argued for months, i.e., that the problem of online censorship is not exclusively a problem of U.S.-based companies and is not only about China.

The recent resolution on freedom of expression on the Internet by the European Parliament starts with references to previous resolutions on human rights and freedom of the press, including the WSIS principles, as well as international law (Universal Declaration of Human Rights) and opens with the European-style statement that restrictions on online speech “should only exist in cases of using the Internet for illegal activities, such as incitement to hatred, violence and racism, totalitarian propaganda and children’s access to pornography or their sexual exploitation.”

Later, the resolution lists some of the speech-repressive regimes, including China, Belarus, Burma, Cuba, Iran, Libya, Maldives, Nepal, North Korea, Uzbekistan, Saudi Arabia, Syria, Tunisia, Turkmenistan and Vietnam. The resolution then makes explicit references to U.S.-based companies by recognizing that the “…Chinese government has successfully persuaded companies such as Yahoo, Google and Microsoft to facilitate the censorship of their services in the Chinese internet market” and “notes that other governments have required means for censorship from other companies.” European companies come into play with regard to the sale of equipment to repressive governments, stating that

“… equipment and technologies supplied by Western companies such as CISCO Systems, Telecom Italia, Wanadoo, a subsidiary of France Telecom have been used by governments for the purpose of censoring the Internet preventing freedom of expression.” (emphasis added.)

The resolution, declaratory in nature, in one of its probably most significant parts calls on the European Commission and the Council “to draw up a voluntary code of conduct that would put limits on the activities of companies in repressive countries.” The policy document also stresses the broader responsibility of companies providing Internet services such as search, chat, or publishing to ensure that users’ rights are respected. Hopefully, the Commission and the Council will recognize that several initiatives aimed at drafting such code of conducts are underway on both sides of the Atlantic (I have myself been involved in some of these processes, including this one), and will engage in conversations with the various groups involved in these processes. In any event, it will be interesting to see how the Commission and the Council approach this tricky issue, and as to what extent, for instance, they will include privacy statements in such a set of principles – a crucial aspect that, interestingly enough, has not been explicitly addressed in the Parliament’s resolution.

The resolution also calls on the Council and Commission “when considering its assistance programmes to third countries to take into account the need for unrestricted access by their citizens.” Further coverage here.

Update: On the “European Union’s schizophenric approach to freedom of expression”, read here (thanks, Ian.)

Global Online Freedom Act of 2006: Evil is in the Details


I’ve just read Rep. Chris Smith’s discussion draft of a “Global Online Freedom Act of 2006,” which has been made available online on Rebecca MacKinnon’s blog. Rebecca nicely summarizes the key points of the draft. From the legal scholar’s rather then the activist’s viewpoint, however, some of the draft bill’s nitty-gritty details are equally interesting. Among the important definitions is certainly the term “legitimate foreign law enforcement purposes,” which appears, for instance, in the definition of substantial restrictions on Internet freedom, and in sec. 206 on the integrity of user identifying information. According to the draft bill, the term ”legitimate foreign law enforcement purposes” means

“for purposes of enforcement, investigation, or prosecution by a foreign official based on a publicly promulgated law of reasonable specificity that proximately relates to the protection or promotion of health, safety, or morals of the citizens of that jurisdiction.”

And the next paragraph clarifies that

“the control, suppression, or punishment of peaceful expression of political or religious opinion does not constitute a legitimate foreign law enforcement purpose.” [Emphasis added.]

While the first part of the definition makes a lot of sense, the second part is more problematic to the extent that it suggests, at least at a glance, a de facto export of U.S. free speech standards to the rest of the world. Although recent Internet rulings by U.S. courts have suggested an expansion of the standard under which U.S. courts will assert jurisdictions over free speech disputes that arise in foreign jurisdiction, it has been my and others impression that U.S. courts are (still?) reluctant to globally export free speech protections (see, e.g. the 9th Circuit Court of Appeal’s recent Yahoo! ruling.)

Indeed, it would be interesting to see how the above-mentioned definition would relate to French legislation prohibiting certain forms of hatred speech, or German regulations banning certain forms of expression—black lists, by the way, which are also incorporated by European subsidiaries of U.S. based search engines and content hosting services.

While the intention of the draft bill is certainly a legitimate one and while some of the draft provisions (e.g. on international fora, code of conduct, etc.) deserve support, the evil—as usual—is in the details. Given its vague definitions, the draft bill (may it become law) may well produce spillover-effects by restricting business practices of U.S. Internet intermediaries even in democratic countries that happen (for legitimate, often historic reasons) not to share the U.S.’ extensive free speech values.

Addendum: Some comments on the draft bill from the investor’s perspective here. Note, however, that the draft bill also includes foreign subsidiaries of U.S businesses to the extent that the latter control the voting shares or other equities of the foreign subsidiary or authorize, direct, control, or participate in acts carried out by the sbusidiary that are prohibited by the Act.

Information Ethics: U.S. Hearing, but Global Responsibility


Today, the US House of Representatives’ IR Subcommittee on Africa, Global Human Rights and International Operations, and the Subcommittee on Asia and the Pacific are holding an open hearing on the question whether the Internet in China is a Tool for Freedom or Suppression. My colleague Professor John Palfrey, among the foremost Internet law & policy experts, has prepared an excellent written testimony. In his testimony, John summarizes the basic ethical dilemmas for U.S. corporations such as Google, Microsoft, Yahoo and others who have decided to do business in countries like China with extensive filtering and surveillance regimes. John also raises the question as to what extent a code of conduct for Internet intermediaries could guide these businesses and give them a base of support for resisting abusive surveillance and filtering requests and the role academia could play in developing such a set of principles.

I’m delighted that our Research Center at the University of St. Gallen in Switzerland is part of the research initiative mentioned in John’s testimony that is aimed at contributing to the development of ethical standards for Internet intermediaries. Over the past few years, a team of our researchers has explored the emergence, functionality, and enforcement of standards that seek to regulate the behavior of information intermediaries. It is my hope that this research, in one way or another, can contribute to the initiative announced today. Although the ethical issues in cyberspace are in several regards structurally different from those emerging in offline settings, I argue that we can benefit from prior experiences with and research on ethics for international businesses in general and information ethics in particular.

So far, the heated debate about the ethics of globally operating Internet intermediaries has been a debate about the practices of large and influential U.S. companies. On this side of the Atlantic, however, we should not make the mistake to think that the hard questions Palfrey and other experts will be discussing today before the above-menioned Committees are “U.S.-made” problems. Rather, the concern, challenge, and project – designing business activities that respect and foster human rights in a globalized economy with local laws and policies, including restrictive or even repressive regulatory regimes – are truly international in nature, especially in today’s information society. Viewed from that angle, it is almost surprising that we haven’t seen more constructive European contributions to this discourse. We should not forget that European Internet & IT companies, too, face tough ethical challenges in countries such as China. In that sense, the difficult, but open and transparent conversations in the U.S. are in my view an excellent model for Europe with its long-standing human rights tradition.

Update: Rebecca MacKinnon does a great, fast-speed job summarizing the written and oral testimonies. See especially her summary of and comments on the statements by Cisco, Yahoo!, Google, and Microsoft.

Log in