Handling access requests from authorities

In each country where Telenor operates, law enforcement agencies (LEAs) and other authorities have the legal power to access the personal data we possess or information from our networks.

Authority Request Disclosure Report 2023 (PDF)

Authorities typically require this information to solve criminal cases, prevent serious security threats or help find missing people. While the duty to protect human rights, such as privacy and freedom of expression, rests with the authorities, we must also acknowledge the challenges that may arise if authorities excessively use their powers. As a telecom operator it is our duty to respect privacy and freedom of expression and therefore we work to maintain and continuously develop our internal routines and discuss challenges we face with relevant stakeholders. This section provides further details on how we work to respect privacy and freedom of expression when we receive requests from authorities.

Privacy and freedom of expression are two rights that are key to our core business of telecommunication, and it is important to us that our customers and stakeholders know that we do what we can to respect these rights. Our long standing commitment and systematic work is guided by international frameworks such as the UN Guiding Principles on Business and Human Rights (UNGPs) and the Global Networking Initiative (GNI) Principles. At Telenor, we understand the significant opportunities that access to mobile and internet bring to people in all of our markets. At the same time, it is important for us to understand and address the risks we face that may impact human rights. We are dedicated to the professional, secure and respectful handling of our customers' data in our day-to-day business operations.

In all our markets, law enforcement agencies and other authorities have legal powers to access personal data or information we hold in our networks and to restrict communication. This means that as a provider of telecommunications, Telenor may have to assist law enforcement and other government agencies in ways that can impact people’s privacy and freedom of expression. This may involve disclosing customer information to government authorities and allowing law enforcement officials to hear phone calls or read electronic messages. This is often referred to as access to historical data and lawful interception, respectively. This is typically used to solve criminal cases, prevent serious security threats or help find missing people. We recognise that this serves vital societal needs, and that our networks and data can provide information that is important for the authorities. At the same time, we recognise that there may be circumstances in which otherwise legitimate rights to access may be misused by authorities.

This means that there are some instances in which it might be challenging to maintain a balance between privacy and the interests of authorities. When a conflict regarding requests arises, Telenor does its best to apply the higher standard, including pushing back, as outlined in the UN Guiding Principles for Business and Human Rights and the GNI Principles. In the section below you’ll find more information on how this is done.

Another type of request we may get from the authorities is to shut down the network. Telenor seeks to avoid the shutdown of its networks and believes that it is in the best interest of the customers to minimise disruption of services. However, in extraordinary circumstances a government may require a limited network shutdown to protect its citizens from terrorism or other serious safety or security threats.

Telenor may also receive censorship requests to block access to a website, for example. While we believe that blocking sites containing child sexual abuse material helps address a serious criminal activity, requests to block political content, for example, present challenges. Finally, we may be asked to send out information on behalf of the authorities, for example a flood warning via SMS. These types of messages can save lives for instance during natural disasters, and we believe it is important to support spreading this type of information. However, it is problematic if messages from authorities amount to political propaganda, something that we do not support. In order to respect human rights, including privacy and freedom of expression, authorities’ access to our data and networks should be clearly stipulated in law and regulations. In addition to the principle of legitimacy, requests should be based on an assessment of necessity and proportionality. This means that the measures should be no more intrusive than necessary.

Legislation should put in place safeguards to protect customers against arbitrariness and the risk of abuse. We find great value in independent authorisation and oversight mechanisms to monitor that requests are necessary, proportionate and in accordance with the spirit and purpose of relevant laws and regulations. Where a request is accompanied by a court order, Telenor will nonetheless push back if the request is manifestly unnecessary or disproportionate. We also encourage the public of the findings from oversight mechanisms.

For a more detailed description of the types of legal powers authorities have, please see:

Bangladesh
Denmark
Finland
Malaysia
Myanmar
Norway
Pakistan
Sweden
Thailand

In Telenor Group, we place importance on being open about how we address authority requests, the challenges we face, the requirements we have in place and the dialogue in which we engage. We are continually working to improve our disclosure of information and hope that you will find relevant information on this page.

You can find our annual reporting on human rights, including privacy and freedom of expression, in our latest Telenor Group Annual Report. Should stakeholders require additional information, Telenor is open to such requests.

More detailed reporting on how we work with privacy and freedom of expression (in the context of authority requests) can be found in our annual Authority Request Disclosure Reports (2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014).

We also believe that information on the legal frameworks that apply in our markets is valuable. To complement existing overviews by other operators and the GNI, we have provided such an overview for nine countries we are in. The research is conducted by international law firm Hogan Lovells.

Finally, we seek to be open about major events to the extent we are able. Typically, we communicate about interruptions to our companies’ services, due to authority requests. Our policy is to be open, but there are times when we are legally prohibited from sharing information about requests or in which the risk is found to be too great. We truly regret any inconvenience any such interruption may cause for our customers and society at large, and always work hard to restore services as soon as we can.

In Telenor Group, we believe that it is important to address challenges related to authority requests with external stakeholders.

As stipulated in the UN Guiding Principles on Business and Human Rights, governments have a duty to protect human rights. In Telenor we believe this duty extends to authority requests that impact privacy and freedom of expression. We recognise the legitimate needs on which these requests are based and see that good processes for releasing information are important to minimise risks to people’s rights. That’s why we place importance on the positive dialogue with relevant authorities in our markets, and we encourage authorities to join the international discussions on these issues.

We also believe that it is important to engage with a range of stakeholders. For example, intergovernmental organisations (IGOs) can play an important role in facilitating discussions on what good practice looks like in this space. Non-governmental organisations (NGOs), academics and others can, for example, bring important insight as to how current practice of laws actually impacts people on the ground. Telenor believes that in cases where laws are being drafted or revised, it is important to draw on these insights and views through public hearings.

Also, we find great value in working with peers, sharing experiences and learning about how other companies handle particular dilemmas. As a member of the GNI, we have experienced first-hand the importance of discussing challenges in this space and recognise that there is great value in discussing with and learning from other stakeholders.

Telenor is subject to periodical independent assessments of our compliance with the GNI Principles. You can learn about our performance through the latest assessment report published by GNI.