Hostname: page-component-848d4c4894-tn8tq Total loading time: 0 Render date: 2024-07-04T01:43:40.622Z Has data issue: false hasContentIssue false
  • English
  • Français

Downstream Human Rights Due Diligence: Informing Debate Through Insights from Business Practice

Published online by Cambridge University Press:  10 July 2023

Benn F. Hogan Open the ORCID record for Benn F. Hogan [Opens in a new window]  and
Joanna Reyes Open the ORCID record for Joanna Reyes [Opens in a new window]
Benn F. Hogan*
Affiliation:
Director, The Global Business Initiative on Human Rights; Visiting Researcher, Trinity Business School, Trinity College Dublin, Ireland
Joanna Reyes
Affiliation:
Chief Operating Officer, The Global Business Initiative on Human Rights, United Kingdom
*
Corresponding author: Benn Hogan; Emails: behogan@tcd.ie
Rights & Permissions [Opens in a new window]

Abstract

The United Nations Guiding Principles on Business and Human Rights conceive of human rights due diligence (HRDD) as covering potential impacts across value chains, including downstream. The proposed EU Corporate Sustainability Due Diligence Directive and the revision process of the OECD Guidelines for Multinational Enterprises have sparked renewed discussion on how and whether companies should conduct HRDD downstream to identify and prevent or mitigate adverse human rights impacts. Whilst some debate has occurred previously on downstream HRDD, this has predominantly centred on specific sectors, products and services where the links to egregious human rights harms may be more readily identifiable. This piece seeks to inform the current debate by broadening the examples of sectors, products and services and current business practice which demonstrate the critical need for, and ability of, companies to consider human rights risks downstream.

Keywords

Business practiceDownstream human rights due diligenceEmerging regulatory requirementsRisk identificationRisk mitigation
Type
Developments in the Field
Information
Business and Human Rights Journal , Volume 8 , Issue 3 , October 2023 , pp. 434 - 440
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - SA
This is an Open Access article, distributed under the terms of the Creative Commons Attribution-ShareAlike licence (http://creativecommons.org/licenses/by-sa/4.0), which permits re-use, distribution, and reproduction in any medium, provided the same Creative Commons licence is used to distribute the re-used or adapted article and the original article is properly cited.
Copyright
© The Author(s), 2023. Published by Cambridge University Press

I. Introduction

Contentious debate has arisen of late surrounding the extent of companies’ human rights due diligence obligations downstream. This has been sparked by policy discussions within the European Union (EU) over the proposed Corporate Sustainability Due Diligence Directive (CSDDD) and at the Organisation for Economic Co-operation and Development (OECD) in respect of the revision of the Guidelines for Multinational Enterprises (the OECD Guidelines). Some emergent narratives have supported confining the requirements for downstream due diligence to a restricted set of circumstances or eliminating it altogether.

The United Nations Guiding Principles on Business and Human Rights (UNGPs) emphasize the importance of human rights due diligence (HRDD) across the entire value chain of a company, establishing a responsibility to identify and address downstream risks associated with company operations, products, services and business relationships.Footnote 1 The responsibility of companies to exercise human rights due diligence in relation to downstream human rights impacts thus arises independently of regulatory requirements and flows directly from international standards.Footnote 2

In this piece, we argue that downstream risks arise in a broad range of sectors and advance arguments and examples which challenge the merits of limiting or eliminating the downstream HRDD expectation within emerging legal standards. We do so based on practical examples taken from business experience. Our findings are based on work undertaken directly with the business community through the Global Business Initiative on Human Rights (GBI), the members of which undertake peer learning across diverse sectors and geographies with input from GBI’s subject-matter specialists.

Learning from Business Practice

In 2020, GBI established a working group on downstream due diligence to examine how companies can identify, assess and mitigate or prevent risks to people emanating from their products and services and from their business relationships, with a particular focus on customers and end-users.Footnote 3 This work culminated in a roundtable in November 2022 and a subsequent report released in February 2023.Footnote 4

Our findings in this work – alongside several recent reports from others referred to in this piece – demonstrate that examining a broad range of sectors, products and services, business models and types of downstream relationships can reveal critical trends, red flags and helpful practices for identifying and addressing a company’s human rights risks. They show that, regardless of whether oncoming regulatory developments explicitly include downstream HRDD, for many companies downstream impacts are salient and cannot be ignored.

Failing to conduct HRDD downstream may result in significant blind spots, harmful to the human rights of those impacted by the company’s products, services or business model. This may lead, if not to legal liability or penalty for regulatory breach, to equally damaging results in respect of a company’s reputation with customers, consumers and prospective business partners. It may also risk affecting a company’s social licence to operate and ability to enter new markets. Significant out-of-court settlements or provision for large-scale remediation may also be required where adverse impacts occur. Accordingly, quite apart from the fact that a value chain approach is a core expectation of the UNGPs, and irrespective of the final form of the CSDDD or revised OECD Guidelines, there are important reasons for companies to look downstream.

II. Downstream Risks Arise in a Broad Range of Sectors

Downstream human rights risks can be divided into several groups. These include risks related to the misuse of products and services or use that is irresponsible or unintended by the producer,Footnote 5 as well as risks stemming from the company’s business model, sales and marketing practices, transport and logistics, and end-of-life product disposal and recycling.Footnote 6 Thinking through the diverse nature of potential downstream risks is useful for practitioners as their touchpoints with business personnel and corporate processes, and thus the approach to HRDD required, can be quite different.

Discussions on the downstream HRDD responsibilities of companies have, to date, centred predominantly on specific sectors, products and types of impacts. For instance, very large online platforms, such as social media companies, have been scrutinized for their downstream impacts. These relate to the gathering, use and commercialization of personal data; impacts on freedom of expression; facilitating the spread of hate speech, misinformation, political extremism, terrorism, electoral manipulation and the suppression of democratic dissent; the impacts of content moderation and encryption; discrimination and other human rights abuses resulting from algorithmic bias; and impacts on at-risk groups including human rights defenders and children.Footnote 7 In respect of this latter point, an inquest in the United Kingdom found that a 14-year-old girl ‘died from an act of self-harm whilst suffering from depression and the negative effects of on-line content’ she consumed on Meta’s Instagram platform.Footnote 8

In addition to social media companies, the responsibility of the financial sector in respect of client actions has received significant attention,Footnote 9 as have responsible marketing practices, in relation to impacts arising from discrimination, bias and children’s rights.Footnote 10 Whilst exploration of these cases has been useful, such examples offer a highly sector-specific understanding of downstream risk in a context where such risks are arguably the most salient ones facing companies. Failing to explore the potential impacts which a larger range of sectors, products and services can have – and their far-reaching consequences on individual rights-holders and society at large – by-passes an important opportunity to learn from the wide range of challenges companies face downstream and, crucially, how it is possible to address these risks.

III. Companies Are Being Held Liable for Their Downstream Human Rights Impacts

Several recent settlements and ongoing cases have highlighted that parties to litigation, as well as courts and non-judicial grievance mechanisms around the world, are increasingly recognizing that corporate liability may arise where a company knew or ought to have known that human rights impacts could have occurred downstream. For example, in Begum v Maran (UK) Ltd, the Court of Appeal of England and Wales has refused to dismiss a claim seeking damages from a UK-based company that sold a ship for scrappage to a third party who disposed of the ship in an unsafe manner resulting in loss of life.Footnote 11 In France, a case is pending against a surveillance technology company alleged to have been complicit in torture in Libya under the regime of Muammar Gaddafi.Footnote 12

The opioid epidemic’s impact on communities across the United States, with devastating consequences for public health and individual wellbeing, has seen efforts to hold accountable those responsible for contributing to the crisis. Whilst legal action has been taken against drug manufacturers, it is particularly of note that settlements have been reached with pharmacy chains which plaintiffs argued should reasonably have been aware of the risks associated with the dispensing of opioids in the communities that were most affected by the epidemic.Footnote 13 Additionally, a management consultancy firm commissioned to boost the sales of products known to be both addictive and harmful reached a settlement totalling US$573 million with 47 state attorneys general.Footnote 14 Such large settlements are not new as the high-profile In Re Agent Orange Product Liability Litigation case from 1984 demonstrates.Footnote 15

OECD Watch and others have documented how cases brought before the OECD National Contact Points (NCPs) have pertained to downstream issues as various as the sale of construction machinery utilized in the service of illegal occupation; the sale of surveillance, arms and tear gas to authoritarian governments; the provision of turbines to a hydroelectric dam with adverse social and environmental impacts; the sale of drugs used in lethal injections for capital punishment; multi-stakeholder certification schemes involved in human rights violations; alleged downstream links to a terrorist organization; financing of companies and projects with adverse human rights impacts; and divestment of a subsidiary or asset to a buyer with links to adverse human rights impacts.Footnote 16

IV. How Companies Are Conducting HRDD Downstream

To elucidate why companies should be placing greater focus on downstream HRDD beyond the imperatives of regulation and legal liability, it is useful to explore how companies are already approaching this work. Preventing and mitigating downstream risks requires a comprehensive approach that considers the nature of the business, the products and services being offered and their potential impact on human rights. Whilst the findings from GBI’s working group and roundtable demonstrated that implementation necessitates an element of sectoral specificity, some general trends and approaches were observed cross-sectorally.

It is particularly important to understand HRDD as a continuous and dynamic, iterative process that has both proactive and reactive components in the downstream context. The complexity of this part of the value chain means that there is a higher degree of uncertainty than in upstream (i.e., supply chain) contexts and, by implication, not all impacts on human rights will be foreseeable. Companies can proactively identify and assess some potential risks and take steps to prevent or mitigate them. There may also be situations where a company is called upon to react to new or unanticipated risks that arise, and to cease or mitigate their impact and prevent their recurrence.

Identifying and Assessing Downstream Human Rights Risks

Certain risks and potential impacts are likely to be identifiable independent of a given transaction. This is true both for a company’s existing portfolio of products and services and any new product or service development. Some companies seek to identify such risks through the conduct of human rights impact assessments (HRIAs) that consider the impacts of products, services and the company’s business model.Footnote 17 Embedding a human rights approach in research and development teams can also help to ensure that risks are considered. Ensuring that operational-level grievance mechanisms are a source of continuous learning, and conducting human rights due diligence on mergers or acquisitions that covers potential downstream impacts were also highlighted by participants in GBI’s working group.Footnote 18

Companies have existing ways to address transaction-specific risks which can be extended to cover human rights risks. For example, an assessment of customer human rights risk may be integrated within Know Your Customer checks established to address anti-bribery and corruption risk. Companies may also stand up a separate process. For instance, ING’s Environmental Social Risk Framework considers the risks arising from both the nature of a transaction in question and the risk stemming from the individual client.Footnote 19 In another industry, Siemens has developed a tool to ‘support business decisions on the customer side via the early risk identification and assessment of possible environmental and social risks’.Footnote 20

GBI’s working group discussed how a system of warning flags could be implemented in customer relationship management software to mandate due diligence on the sale of products known to present a heightened risk of potential misuse or irresponsible or unintentional use. Building an understanding of how a customer or downstream business partner operationalizes their own responsibility to respect human rights could also help to assess the risk of downstream human rights impacts.

In addition, local context is an important factor to consider. For example, GE Healthcare, a major supplier of ultrasound machines, had to consider the impact of the use of its products in India when ultrasound access was discovered to be correlated with higher levels of sex-selective abortions in the country.Footnote 21 It is often the case that local sales teams will have the greatest understanding of such dynamics. Sales teams should therefore be empowered to make decisions on transactions in line with the company’s human rights policy. Training can help such colleagues understand what risks to consider. Companies can also leverage their sales teams to provide feedback on observed risks, so that these can be systematically monitored.

Taking Action to Prevent and Mitigate Downstream Risks

Taking action to prevent and mitigate downstream risks requires creativity in terms of where and how interventions are made. First, it was recognized by GBI’s working group that preventing and mitigating downstream risks should be considered from the product or service design phase onwards. Integrating ‘human rights by design’ into the research and development cycle has advanced in the technology industry in relation to user privacy.Footnote 22 GBI’s working group considered how this approach could be relevant to many other industries and contexts to help mitigate downstream risks.

Second, it is often – although not always – the case that companies have reduced leverage in downstream contexts compared with upstream. How much leverage there is varies by industry and position in the value chain. It is apparent that leverage over customers is likely to be strongest before the sale is completed. Accordingly, strategies to prevent or mitigate any potential risks to people should be implemented at an early stage of negotiation and certainly prior to the conclusion of a transaction. In addition to contractual clauses that aim to prevent misuse and unintended use, companies can make use of after-sales service, support or warranties to provide an additional source of leverage, as well as offering training and guidance to end-users. In the GE Healthcare example mentioned above, enhanced training to ultrasound practitioners formed a part of the company’s response.Footnote 23

Third, clear governance structures can help prevent risks from materializing. For example, Ericsson has established a sensitive business framework which includes both a dedicated team and a sensitive business board to which transactions can be escalated for review.Footnote 24

V. Conclusion

The debate surrounding downstream HRDD has gained momentum in recent years, driven by emerging regulatory developments. This piece aims to contribute to the discussion by emphasizing the critical need for companies to consider human rights risks downstream, independent of regulatory outcomes. However, it also stresses the need for downstream HRDD to be included in mandatory approaches, to ensure normative frameworks are effective, and in line with international standards. Finally, it highlights the importance of examining a broad range of sectors, products and services to understand downstream risks fully.

Recent settlements and cases demonstrate that companies can be held accountable for downstream human rights impacts, regardless of their actual knowledge of the potential risks. Proactive identification and assessment of human rights risks downstream, together with measures to prevent and mitigate them, are therefore crucial.

Integrating human rights considerations into areas such as product design and early in negotiations, establishing clear governance structures, empowering sales teams and providing training both to such teams and to end-users can all assist with risk identification and mitigation. Our findings demonstrate that companies can – and do – conduct human rights due diligence on risks downstream in their value chains. This is consistent with UNGP 13, calling on companies to ‘seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts’.

Regardless of the current policy debates, companies will continue to cause, contribute to and be directly linked to downstream human rights impacts. The saliency of these risks and impacts will often be too great to ignore. Limited, ambivalent or divergent approaches to downstream HRDD within and between international standards and EU legislation is likely to be detrimental to rights-holders, businesses and governments, and would fail to align with companies’ experiences, existing HRDD best practices, and human rights risk concerns.

Competing interest

Both authors are employees of the Global Business Initiative on Human Rights Ltd. J.R. is a legal director of the company.

Financial support

The authors do not report receipt of any funding for this work.

References

1 Human Rights Council, ‘Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework’, A/HRC/17/31 (21 March 2011), Guiding Principle 13 and Commentary.

2 Office of the High Commissioner for Human Rights, ‘Mandating Downstream Human Rights Due Diligence’ (13 September 2022), https://www.ohchr.org/sites/default/files/documents/issues/business/2022-09-13/mandating-downstream-hrdd.pdf (accessed 16 May 2023).

3 GBI’s peer learning conversations on this topic focused primarily on human rights due diligence as described in principles 17–21 of the UNGPs. Accordingly, issues pertaining to the remediation of downstream human rights impacts were not expressly addressed.

4 The Global Business Initiative on Human Rights, ‘Effective Downstream Human Rights Due Diligence: Key Questions for Companies’ (14 February 2023), https://gbihr.org/updates/Effective_downstream_HRDD_Key_questions_for_companies (accessed 7 April 2023).

5 Jonathan Drimmer and James Tunkey, ‘Responsible Product Usage Risk Factors Ahead of the EU Corporate Accountability and Due Diligence Directive’, https://www.paulhastings.com/insights/international-regulatory-enforcement/responsible-product-usage-risk-factors-ahead-of-the-eu-corporate (accessed 7 April 2023).

6 Gabrielle Holly, Sarah Tansey and Jumpei Nagaoka, ‘Due Diligence in the Downstream Value Chain: Case Studies of Current Company Practice’ (20 February 2023), https://www.humanrights.dk/publications/due-diligence-downstream-value-chain-case-studies-current-company-practice (accessed 16 May 2023).

7 Claire Methven O’Brien, Rikke Frank Jørgensen and Benn F Hogan, ‘Tech Giants: Human Rights Risks and Frameworks’ (15 December 2020), https://ssrn.com/abstract=3768813 (accessed 7 April 2023).

8 Merry Varney, ‘A Family’s Battle Against the Tech Giants – Molly Russell’s Inquest’, Leigh Day, https://www.lexology.com/library/detail.aspx?g=285b536a-6dde-421a-bb7b-6718ffb018d4 (accessed 7 April 2023).

9 John G Ruggie, ‘Comments on Thun Group of Banks Discussion Paper on the Implications of UN Guiding Principles 13 & 17 in a Corporate and Investment Banking Context’ (21 February 2017), https://www.hks.harvard.edu/sites/default/files/centers/mrcbg/programs/cri/files/Thun%2BFinal.pdf (accessed 7 April 2023).

10 Holly, Tansey and Nagaoka, note 6; James E Post, ‘Assessing the Nestlé boycott: Corporate Accountability and Human Rights’ (1985) 27:2 California Management Review 113.

11 [2021] EWCA Civ 326.

12 FIDH, ‘Surveillance and Torture in Libya: The Paris Court of Appeal Confirms the Indictment of Amesys and its Executives, and Cancels that of Two Employees’ (21 November 2022), https://www.fidh.org/en/impacts/Surveillance-torture-Libya-Paris-Court-Appeal-indictment-AMESYS (accessed 16 May 2023).

13 Jan Hoffman. ‘Walmart to Pay a Settlement of $3.1 Billion in Opioid Suits’, The New York Times (16 November 2022) B3; Jan Hoffman, ‘Drug Chains Near Deal in Opioid Lawsuits’, The New York Times (3 November 2022) B1.

14 Michael Forsythe and Walt Bogdanich. ‘McKinsey Will Pay $573 Million for Role in Driving Opioid Sales’, The New York Times (4 February 2021) A1.

15 In Re Agent Orange Product Liability Litigation, 597 F. Supp. 740 (E.D.N.Y. 1984).

16 OECD Watch, Swedwatch, ECCJ, ECCHR and SOMO, Downstream Due Diligence: Setting the Record Straight (December 2022), https://www.oecdwatch.org/wp-content/uploads/sites/8/2022/12/Downstream-due-diligence.pdf (accessed 16 May 2023).

17 Rikke Frank Jørgensen, Cathrine Bloch Veiberg and Niels ten Oever, ‘Exploring the Role of HRIA in the Information and Communication Technologies (ICT) Sector’ in Nora Götzmann (ed.) Handbook on Human Rights Impact Assessment (Cheltenham: Edward Elgar, 2019), 205.

18 The Global Business Initiative on Human Rights, note 4.

19 ING, ‘Environmental and Social Risk (ESR)’, https://www.ing.com/Sustainability/Sustainable-business/Environmental-and-social-risk-ESR.htm (accessed 18 May 2023).

20 Siemens, ‘Sustainability Report 2022’, https://assets.new.siemens.com/siemens/assets/api/uuid:c1088e4f-4d7f-4fa5-8e8e-33398ecf5361/sustainability-report-fy2022.pdf, 137 (accessed 16 May 2023).

21 Jared Harris, ‘Case in Point: Engage the Larger Social Issues Behind Product Misuse’, The Washington Post (3 September 2011); Human Rights and Business Dilemmas Forum, ‘Product Misuse’, https://hrbdf.org/dilemmas/product-misuse/#.Y-EwVezP2Al (accessed 16 May 2023).

22 The concept of ‘human rights by design’ stems from an earlier focus on protecting user privacy in the design of digital products. The principles are equally applicable to all human rights. See, for example: International Conference of Data Protection and Privacy Commissioners, ‘Resolution on Privacy by Design’ (29 October 2010), https://edps.europa.eu/sites/edp/files/publication/10-10-27_jerusalem_resolutionon_privacybydesign_en.pdf (accessed 16 May 2023); Information and Privacy Commissioner of Ontario, ‘Privacy by Design: The 7 Foundational Principles’ (January 2011), https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf (accessed 16 May 2023).

23 Harris, note 21.

24 Holly, Tansey and Nagaoka, note 6.