In June 2014, Vodafone published a set of country-by-country analyses of the legal powers available to government authorities seeking to access user data or restrict communications in its countries of operation. Vodafone’s reports, which were developed together with the legal advisory firm of Hogan Lovells International LLP, were published under a Creative Commons License and were soon followed by a similar set of reports from Telenor Group. These initial reports established a methodology for analyzing and describing the pertinent legal powers, which became the foundation for the CLFR.
The Telecommunications Industry Dialogue (TID), a group of telecommunications operators and vendor companies working on privacy and freedom of expression issues, subsequently commissioned further research using this methodology, publishing reports on countries with legal frameworks with particular salience for global freedom of expression and privacy. Millicom, a TID member, also independently commissioned a series of reports for a number of the markets in which they operate.
This body of work was absorbed into the Global Network Initiative (GNI) when seven of the former TID companies joined GNI in March 2017. Since 2015, updates to existing reports have been commissioned episodically. GNI hopes to continue facilitating updates and producing additional reports. Updates on these efforts will be announced on this website.
Methodology: The Country Legal Frameworks Resource contains reports on the legal frameworks of over 50 countries, organized around a common (although not uniform) set of categories. The first three categories cover the legal authorities for governments to demand access to user data, including laws and regulations authorizing: (1) requests for interception of users’ communications, including in real time; (2) requests to disclose the non-content data of users’ communications; and (3) supplemental powers for national security purposes — as defined in domestic laws and regulations — including certain intelligence capabilities. Category (4), censorship-related powers, covers powers to order ICT companies to block or restrict access to either entire networks and services or specific websites, and in some instances, authorities for taking control over a companies’ network. Finally, the reports include sections on (5) oversight of access-related powers and (6) oversight of censorship-related powers. In some reports, supplemental categories of laws pertaining to encryption or publications of data on government requests are also included.
Disclaimer: The reports should not be viewed as a comprehensive overview of governmental authorities to access user data or restrict communications. We acknowledge that not all relevant laws and regulations fit within these six categories, but we hope this methodology proves replicable and accessible for interested users. We also note there may be instances where laws are not available or may have changed since the latest publication, and we encourage users’ to flag any missing or outdated information on our feedback form.