Consistent with our mission to help build a better Internet, Cloudflare has long recognized the importance of conducting our business in a way that respects the rights of Internet users around the world. We provide free services to important voices online - from human rights activists to independent journalists to the entities that help maintain our democracies - who would otherwise be vulnerable to cyberattack. We work hard to develop internal mechanisms and build products that empower user privacy. And we believe that being transparent about the types of requests we receive from government entities and how we respond is critical to maintaining customer trust.

As Cloudflare continues to expand our global network, we think there is more we can do to formalize our commitment to help respect human rights online. To that end, we are excited to announce that we have joined the Global Network Initiative (GNI), one of the world's leading human rights organizations in the information and communications Technology (ICT) sector, as observers.

Business + Human Rights

Understanding Cloudflare’s new partnership with GNI requires some additional background on how human rights concepts apply to businesses.

In 1945, following the end of World War II, 850 delegates representing forty-six nations gathered in San Francisco to create an international organization dedicated to preserving peace and helping to build a better world. In drafting the eventual United Nations (UN) Charter, the delegates included seven mentions of the need for a set of formal, universal rights that would provide basic protections for all people, everywhere.

Although human rights have traditionally been the purview of nation-states, in 2005 the UN Secretary-General appointed Harvard Professor John Ruggie as the first Special Representative for Business and Human Rights. Ruggie was tasked with determining whether businesses, particularly multinational corporations operating in many jurisdictions, ought to have their own unique obligations under international human rights law.

In 2008, Ruggie proposed the "Protect, Respect and Remedy" framework on business and human rights to the UN Human Rights Council. He argued that while states have an obligation to protect human rights, businesses have a responsibility to respect human rights. Essentially, businesses should act with due diligence in all of their operations to avoid infringing on the rights of others, and remedy any harms that do occur. Moreover, businesses' responsibilities exist independent of any state's ability or willingness to meet their own human rights obligations.

Ruggie's framework was later incorporated into the UN Guiding Principles on Business and Human Rights, which was unanimously endorsed by the UN Human Rights Council in 2011.

Cloudflare + Human Rights

With Cloudflare's network now operating in more than 100 countries, with more than a billion unique IP addresses passing through Cloudflare's network every day, we believe we have a significant responsibility to respect, and a tremendous potential to promote, human rights.

For example, privacy is a protected human right under Article 17 of the International Covenant on Civil and Political Rights, which means that the law enforcement and other government orders we periodically receive to access customer's personal information affect the human rights of our customers and users. Twice a year, we publish a Transparency Report that describes exactly how many orders, subpoenas, and warrants we receive, how we respond, and how many customers or domains are affected.

In responding to law enforcement requests for subscriber information, Cloudflare has relied on three principles: due process, respect for our customer's privacy, and notice for those affected. As we say often, Cloudflare's intent is to follow the law, and not to make law enforcement's job any harder, or easier.

However, as Cloudflare expands internationally, relying on due process and transparency alone may not always be sufficient. For one thing, those kinds of protections are dependent on good-faith implementation of legal processes like rule of law and judicial oversight. They also require a government and legal system that carries some political legitimacy, like those established through democratic processes.  

To improve the consistency of how we work with governments around the world, Cloudflare will be incorporating human rights training and due diligence tools like human rights impact assessments into our decision-making processes throughout our company.  

We recognize that as a company there are limits to what Cloudflare can or should do as we operate around the world. But we are committed to more formally documenting our efforts to respect human rights under the UN Guiding Principles on Business and Human Rights, and we've partnered with GNI to help us get there.

Who is GNI?

GNI is a non-profit organization launched in 2008. GNI members include ICT companies, civil society organizations (including human rights and press freedom groups), academic experts, and investors from around the world. Its mission is to protect and advance freedom of expression and privacy rights in the ICT sector by setting a global standard for responsible decision making and serving as a multistakeholder voice in the face of government restrictions and demands.

GNI provides companies with concrete guidance on how to implement the GNI Principles, which are based on international human rights law and standards, and are informed by the United Nations Guiding Principles on Business and Human Rights.  

When companies join GNI, they agree to have their implementation of the GNI Principles assessed independently by participating in GNI’s assessment process. The assessment is made up of a review of relevant internal systems, policies and procedures for implementing the Principles and an examination of specific cases or examples that show how the company is implementing them in practice.

What's Next?

Cloudflare will serve in observer status in GNI for the next year while we work with GNI's staff to implement and document formal human rights practices and training throughout our company.  Cloudflare will undergo its first independent assessment after becoming full GNI members.

It's an exciting step for us as a company. But, we also think there is more Cloudflare can do to help build a better, more sustainable Internet. As we say often, we are just getting started.