Shareholders are concerned by Microsoft’s announced plans1 to expand datacenter operations to locations identified by the US State Department’s Country Reports on Human Rights Practices as presenting significant human rights challenges, in particular the plan to locate a Microsoft datacenter in Saudi Arabia. The State Department report2 details the highly restrictive Saudi control of all internet activities and pervasive government surveillance, arrest, and prosecution of online activity. Saudi authorities have even recruited spies inside US Twitter operations to extract personal information and spy on private communications of exiled Saudi activists with one such operative recently convicted in federal court of spying for Saudi Arabia.3

Microsoft stated that this installation would be consistent with Microsoft’s commitment to protecting fundamental rights and claims that the company’s commitment to the Trusted Cloud Principles are an assurance of human rights protection yet has refused to disclose how these assurances will be enacted or enforced as there is no recognized oversight body for the Principles. The Principles require Microsoft to “Support laws that allow governments to request data through a transparent process that abides by internationally-recognized rule of law and human rights standards.” Yet the Saudi government’s laws and cloud computing regulations4 are in no way aligned with international human rights standards. Anti-cybercrime and data protection laws severely undermine the right to privacy, enable unchecked state surveillance, and empower Saudi state agencies to access data allowing for a sweeping crackdown on online expression.

The company has provided no evidence that it has conducted a human rights impact assessment, or engaged impacted stakeholders as required under the United Nations Guiding Principles on Business and Human Rights (UNGPs). There has been no disclosure of an assessment or mitigation plans. The company’s decisions to locate cloud datacenters in human rights hot spots occur behind closed doors, without transparency.


1 https://news.microsoft.com/en-xm/features/microsoft-announces-intent-to-expand-cloud-regions-through-saudi-arabia-datacenter/

2 https://www.state.gov/reports/2023-country-reports-on-human-rights-practices/saudi-arabia/

3 https://www.nbcnews.com/tech/security/former-twitter-employee-sentenced three-years-prison-spying-saudi-arab-rcna61384

4 https://www.cst.gov.sa/en/RulesandSystems/RegulatoryDocuments/Documents/CCRF_En.pdf

https: //www.datacenterdynamics.com/en/news/17-more-human-rights-groups-call-for-microsoft-to-suspend-data-center-plans-in-saudi-arabia/

A report sufficient to fulfill the proposal’s essential objectives would examine the scope, implementation, and robustness of the company’s human rights due diligence processes on siting of cloud computing operations. It would assess, with an eye toward the rights enshrined in the Universal Declaration of Human Rights, the standards established in the UNGPs and in the Global Network Initiative Principles, the priorities and potential impacts on people, any mitigating actions, any tracking of outcomes, and whether the company identifies and engages rights-holders to ensure its human rights efforts are well informed.