– Limiting access to enabling services may restrict access to other critical products that depend on those services and have significant impacts on individuals’ rights. – The decision not to provide services to a specific company, government, or market may impact the rights of workers whose jobs are dependent on that service (i.e., the workforce that has been formed around a specific SaaS service) and impact economic opportunity. Relevant Human Rights Instruments Depending on what use case or purpose it is used for, a SaaS service can impact all human rights. Therefore, all of the rights enumerated in the International Bill of Human Rights are in scope for impacts that may arise from customer end-use. Relevant human rights instruments include: • The Universal Declaration of Human Rights and its implementing treaties • The International Covenant on Civil and Political Rights • The International Covenant on Economic, Social and Cultural Rights • The International Labour Organization Declaration of Fundamental Principles and Rights at Work Assessment of Severity and Management Factors Because it is impossible to assess the severity and management factors for an individual SaaS service without knowing the specificities of the service or its use cases, we focus on the salience of the human rights issue for the sector as a whole. We also discuss how different characteristics of SaaS services may influence the likelihood and management of impacts. Severity: Impacts related to customer end-use are arguably most salient for the SaaS sector. This impact area is relevant for all types of SaaS services, and the scope includes all SaaS end-users. The scale of impact can be very high depending on the specific use case, and impacts are not always remediable. Likelihood and Management Factors: The likelihood and management of impacts related to 23 customer end-use may change based on different characteristics , such as: • Level of interoperability: If a SaaS service can easily be integrated with others, the combined use of these services may increase the likelihood of human rights impacts, and they may be less foreseeable by the SaaS provider. Interoperability also reduces technological barriers to integration for complicated software processes, such as facial recognition, making it easier for users to access or deploy capabilities such as surveillance activities, which may increase the likelihood of human rights violations. • Cloud versus on-premises deployment: SaaS cloud services are likely more easily integrated with other services than on-premises solutions, increasing the likelihood of risk. However, cloud deployment models also offer greater visibility into customer use; therefore, risks related to end-use are arguably more foreseeable in cloud deployments. This indicates that when software is deployed on the cloud, the provider is more closely connected to potential human rights impacts. Furthermore, in cloud deployments, SaaS providers are responsible for the management of the software, giving them greater leverage to address potential impacts. 21 Human Rights Assessment of the Software-as-a-Service Sector
Human Rights Assessment of the Software-as-a-Service Sector Page 21 Page 23