This is an advanced copy of the Contract for the Web which will be launched on Monday, November 25. Please do not share further. Any questions should be sent to contract@webfoundation.org.

Table of Contents

Governments will
Principle 1 – Ensure everyone can connect to the internet
Principle 2 – Keep all of the internet available, all of the time
Principle 3 – Respect and protect people’s fundamental online privacy and data rights
Companies will
Principle 4 – Make the internet affordable and accessible to everyone
Principle 5 – Respect and protect people’s privacy and personal data to build online trust
Principle 6 – Develop technologies that support the best in humanity and challenge the worst
Citizens will
Principle 7 – Be creators and collaborators on the web
Principle 8 – Build strong communities that respect civil discourse and human dignity
Principle 9 – Fight for the web

Annex


A Contract for the Web

The Web was designed to bring people together and make knowledge freely available. It has changed the world for good and improved the lives of billions. Yet, many people are still unable to access its benefits and, for others, the Web comes with too many unacceptable costs.

Everyone has a role to play in safeguarding the future of the Web. The Contract for the Web was created by representatives from over 80 organizations, representing governments, companies and civil society, and sets out commitments to guide digital policy agendas. To achieve the Contract’s goals, governments, companies, civil society and individuals must commit to sustained policy development, advocacy, and implementation of the Contract text.

Governments will

Principle 1 – Ensure everyone can connect to the internet

So that anyone, no matter who they are or where they live, can participate actively online.

1. By setting and tracking ambitious policy goals

  1. 1GB of mobile data costs no more than 2% of average monthly income by 2025.
  2. Access to broadband internet is available for at least 90% of citizens by 2030, and the gap towards that target is halved by 2025.
  3. At least 70% of youth over 10 years old and adults over 65 have ICT skills by 2025.

2. By designing robust policy-frameworks and transparent enforcement institutions to achieve such goals, through

  1. Fiscal and investment policies that stimulate investment in-and adoption of- connectivity solutions.
  2. Passive infrastructure sharing (towers, ducts on roads/rail/power lines), dig-once regulations and non-discriminatory and efficient management of radio spectrum to facilitate access to-and sharing of-spectrum for broadband connectivity.
  3. Open access rules on wholesale infrastructure in non-competitive areas, and access to license-exempt spectrum.
  4. Institutions with capacity to ensure compliance with laws and regulations designed to foster Internet adoption.

3. By ensuring systematically excluded populations have effective paths towards meaningful internet access

  1. Implementing national broadband policies with specific actions designed to target systematically excluded populations.
  2. Developing policies and providing funds for broadband strategies, including universal access and services definition, with effective technology neutral financing mechanisms for network development in unserved and underserved areas.
  3. Supporting the local production of content and applications, and the development of the necessary infrastructure and enabling environment for accelerating the growth of local digital businesses.
  4. Designing policies to increase internet access and digital literacy of women and other systematically excluded groups.

Principle 2 – Keep all of the internet available, all of the time

So that no one is denied their right to full internet access.

1. By establishing legal and regulatory frameworks to minimize government-triggered internet disruptions, and ensure they are only done in ways consistent with human rights law

  1. Engaging in national and international multi-stakeholder dialogues and mechanisms to ensure the maintenance of uninterrupted internet connections and promoting a Web that is not restricted by public policy at borders.
  2. Engaging in transparent and documented coordination with private sector actors to ensure that any attempts to restrict access to the internet are necessary and rely on means that are proportionate to achieving a legitimate end, while minimizing the unintended side-effects of legitimate actions on third parties.
  3. Researching and documenting the cost of service interruptions to the national economy, business and users.

2. By creating capacity to ensure demands to remove illegal content are done in ways that are consistent with human rights law

  1. Passing appropriate national laws and regulations to ensure the effective enforcement of established international treaty rights on the human rights to freedom of expression, of peaceful association and assembly, and the freedom to access information as applied to online speech, behavior, and online information.
  2. Funding research and engaging in multi stakeholder forums aimed at developing future regulation on moderation dispute resolution mechanisms and content take-down, including with the aim of limiting the impacts of misinformation and disinformation, to ensure these are aligned with human rights standards.
  3. Developing mechanisms to ensure all government content take-down requests are grounded in law, properly documented, comply with human rights standards of legality, necessity and proportionality, include proper notification to the poster and potential audience, and are subject to appeal and judicial review.
  4. Developing mechanisms to ensure meaningful transparency for political advertising.

3. By promoting openness and competition in both internet access and content layers

  1. Supporting or establishing independent agencies with oversight, rule-making, and enforcement capacity to ensure internet access providers do not unreasonably discriminate against content, platforms, services, devices or users.
  2. Supporting effective enforcement of competition law at all layers of the network, including through the promotion of interoperability and open standards, as a means to ensure small actors and innovators have a fair chance to develop and successfully deploy content, new online businesses and new technologies.
  3. Funding research to determine the degree and character of competition and/or consolidation online, and its impact.

Principle 3 – Respect and protect people’s fundamental online privacy and data rights

So everyone can use the internet freely, safely and without fear.

1. By establishing and enforcing comprehensive data protection and rights frameworks to protect people’s fundamental right to privacy in both public and private sectors, underpinned by the rule of law. These frameworks should be applicable to all personal data — provided by the user, observed or inferred — and include:

  1. An appropriate legal basis for data processing. Where the legal basis is consent, it must be meaningful, freely given, informed, specific, and unambiguous.
  2. The right of access to personal data, including to obtain a copy of all personal data undergoing processing by an entity, so long as such access does not adversely affect the rights and freedoms of other users.
  3. The right to object or withdraw from processing of personal data, including automated decision making and individual profiling, subject to explicit limits defined by law.
  4. The right to rectification of inaccurate personal data, and erasure of personal data, when not against the right of freedom of expression and information or other narrow limits defined by law.
  5. The right to data portability, applicable to the personal data provided by the user, either directly or collected through observing the users’ interaction with the service or device.
  6. The right to redress through independent complaints mechanisms against public and private bodies that fail to respect people’s privacy and data rights.

2. By requiring that government demands for access to private communications and data are necessary and proportionate to the aim pursued, lawful and subject to due process, comply with international human rights norms, and do not require service providers or data processors to weaken or undermine the security of their products and services. Particularly, such demands should always be:

  1. Made under clearly defined laws subject to a competent and independent judicial authority that includes fair avenues for redress.
  2. Restricted to those cases where there is a legitimate public interest defined in law.
  3. Time-bounded, and not unduly restricted from disclosure to affected individuals and the public.

3. By supporting and monitoring privacy and online data rights in their jurisdictions, particularly:

  1. Minimising their own data collection to what is adequate, relevant, and necessary to achieve a clearly specified public interest.
  2. Requiring providers of public services and private actors to comply with existing relevant legislation and supporting strong enforcement —including administrative penalties— by independent, skilled, empowered, and well-resourced dedicated regulators.
  3. Mandating public registers to promote transparency of data sharing and/or purchase agreements in public and private sectors for profiling purposes, as well as for significant data breaches that are of public interest, to make users aware of when and how their data could be exposed.
  4. Requiring regular data security and privacy impact assessments, providing independent and transparent oversight of the assessments and independent audits for public and private sectors, and enforcing when appropriate.

Companies will

Principle 4 – Make the internet affordable and accessible to everyone

So that no one is excluded from using and shaping the web.

1. By crafting policies that address the needs of systematically excluded groups

  1. Designing gender responsive and inclusive data plans targeting women and other systematically excluded groups.
  2. Supporting the development of community networks, particularly in unserved and underserved areas.
  3. Ensuring user interfaces and customer service are effective, and offered in languages and mediums that are accessible to minorities and people with disabilities, including by respecting universal acceptance principles.

2. By working towards an ever-increasing quality of service

  1. Documenting and publishing their investments and best efforts approach towards ensuring the speed, reliability and performance of their networks.
  2. Adopting network neutrality guidelines that ensure citizens enjoy an open, unrestricted and non-discriminatory Internet experience through which they can be not only consumers, but creators and innovators.
  3. Making progress towards symmetric upload/download speeds to facilitate the work of online creators and the use of interactive applications.

3. By ensuring full use of the internet by all, through a close coordination with Government and Civil Society towards

  1. Crafting corporate policies that minimise access barriers created by differences in language, location, age and ability.
  2. Ensuring that applications and services are designed with potentially excluded groups.
  3. Designing gender inclusive strategies to increase internet access and digital literacy by women and other systematically excluded groups.

Principle 5 – Respect and protect people’s privacy and personal data to build online trust

So people are in control of their lives online, empowered with clear and meaningful choices around their data and privacy.

1. By giving people control over their privacy and data rights, with clear and meaningful choices to control processes involving their privacy and data, including:

  1. Providing clear explanations of processes affecting users’ data and privacy and their purpose.
  2. Providing control panels where users can manage their data and privacy options in a quick and easily accessible place for each user account.
  3. Providing personal data portability, through machine-readable and reusable formats, and interoperable standards — affecting personal data provided by the user, either directly or collected through observing the users’ interaction with the service or device.

2. By supporting corporate accountability and robust privacy and data protection by design, carrying out regular and pro-active data processing impact assessments that are made available to regulators which hold companies accountable for review and scrutiny, to understand how their products and services could better support users’ privacy and data rights, and:

  1. Minimizing data collection to what is adequate, relevant, and necessary in relation to the specified, explicit and legitimate purposes for which the data is processed, and limiting further processing of the data to what is compatible with those purposes.
  2. Supporting independent research on how user interfaces and design patterns ⁠—including processes for obtaining consent and other relevant user controls⁠— influence privacy outcomes, and ensuring those follow good privacy practices.
  3. Enabling controls over how personal data is collected and used ⁠—including third-party and persistent tracking⁠— that could be reviewed and adjusted at the user’s convenience, and making those easy to locate and use.
  4. Developing and adopting technologies that increase the privacy and security of users’ data and communications.

3. By making privacy and data rights equally available to everyone, giving users options to access online content and use online services that protect their privacy, and:

  1. Providing dedicated and readily available mechanisms for individuals to report adverse privacy and data protection impacts directly linked to the company’s operations, products or services — which the company should address and mitigate as required by law.
  2. Promoting innovative business models that strengthen data rights, respect privacy, and minimise data collection practices.
  3. Providing clear and understandable privacy policies and consent forms, where the types of personal data processed are listed, and the purposes of data collection and use are explained.
  4. Clearly and effectively communicating any updates and changes regarding privacy policies, as well as changes to products and services where the impact on individuals’ privacy rights is not in line with the privacy policies in place.

Principle 6 – Develop technologies that support the best in humanity and challenge the worst

So the Web really is a public good that puts people first.

1. By being accountable for their work, through regular reports, including how they are

  1. Respecting and supporting human rights, as outlined by the UN Guiding Principles on Business and Human Rights.
  2. Establishing policies designed to respect and promote the achievement of the Sustainable Development Goals, particularly those pertaining to education, gender equality, systematically excluded groups, climate, and socio-environmental justice.
  3. Assessing and addressing risks created by their technologies, including risks associated with online content (such as misinformation and disinformation), behavior, and personal well-being.

2. By engaging with all communities in an inclusive way:

  1. Establishing effective channels for consultation both during development of technologies and after their release, as a means to ensure the rights and interests of the full breadth of communities, in terms of gender, race, age, ethnicity, and other intersectionalities, are taken into account.
  2. Ensuring a diverse workforce: releasing periodic reports including metrics that show progress towards a more representative workforce.
  3. Ensuring their workforce is prepared in a holistic manner through periodic trainings that help employees understand their responsibilities toward the communities they affect, help them identify and tackle common blind spots, and reflect on the impact of their work.

3. By investing in and supporting the digital commons:

  1. Upholding and further developing open Web standards.
  2. Promoting interoperability, open-source technologies, open access, open knowledge, and open data practices and values.
  3. Ensuring that the terms of service, interfaces and channels of redress are accessible and available in local languages and properly localized, use formats that allow, encourage, and empower a diverse set of users to actively participate in and contribute to the commons, including open and free culture, science, and knowledge.

Citizens will

Principle 7 – Be creators and collaborators on the web

So the Web has rich and relevant content for everyone

1. By being active participants in shaping the Web, including content and systems made available through it, such as by

  1. Leveraging and promoting the use of open licenses to share information of public interest.
  2. Sharing best practices and guidelines to help create and develop a Web focused on the needs of citizens.
  3. Advocating for standard technology that is open and accessible to all persons, regardless of their abilities.
  4. Producing or translating content into local minority languages.

Principle 8 – Build strong communities that respect civil discourse and human dignity

So that everyone feels safe and welcome online

1. By working towards a more inclusive Web:

  1. Adopting best practices on civil discourse online and educating the next generation on these matters.
  2. Committing to amplify the messages of systematically excluded groups, and standing up for them when they are being targeted or abused.
  3. Taking steps to protect their privacy and security, and that of others, by choosing products and services thoughtfully, and articulating privacy preferences accordingly.
  4. Refraining from participating in the non-consensual dissemination of intimate information that breach privacy and trust.

Principle 9 – Fight for the web

So the Web remains open and a global public resource for people everywhere, now and in the future.

1. By being active citizens of the Web:

  1. Creating awareness amongst peers regarding threats to the open Web.
  2. Opposing the Web’s weaponization by nation states or any other entity.
  3. Supporting organizations, processes and people who promote the open Web.
  4. Supporting startups and established companies that espouse the Web’s future as a basic right and public good.
  5. Engaging political representatives and companies to ensure support and compliance with this Contract and support for the open Web.

Annex

The Annex includes links to a selection of human rights and other frameworks that relate to the Contract’s substance, and a Glossary that provides references aimed at supporting the understanding of the Contract.