About the data
The WBA Digital Inclusion Benchmark measures and ranks the world's most influential companies on their efforts to advance digital inclusion, tracking how companies are expanding access to digital technologies, improving digital skills and literacy, and ensuring safe and inclusive digital environments for all. The 2026 edition assessed 200 companies across key sectors of the digital economy including telecommunications, software, hardware, and digital platforms. The benchmark is developed in close collaboration with an Expert Review Committee and partners including GRI, ITU, and the Alliance for Affordable Internet, with a methodology designed to incentivise companies to understand where digital exclusion risks are highest and act to bridge the digital divide, while keeping human rights and social impacts at its core.
More information can be found here.
More information can be found here.
Methodology
Companies routinely collect personal information on their clients and users. This data is used for various purposes, such as analytical insights, client contact and targeting paid advertisements. As custodians of personal data, companies play a critical role in ensuring the data is kept safe and not used for nefarious purposes.
Protection of personal data is a fundamental right linking to SDG target 16.10: ‘Protect fundamental freedoms.’ SDG target 16.10 calls for ‘public access to information’. In this regard, it is important for stakeholders to know about data breach incidents to better understand risk and how companies are dealing with it. Both the GRI and SASB global reporting frameworks recommend that companies should disclose the number of data breaches they experience.
Research Guidance:
The company publishes a statement thatdiscloses1) the number ofgovernmentdemands for user data it has received by country, including from their home and foreign governments, as well as from law enforcement and courts, 2) the number ofgovernments demands it hascomplied with. If the company is legally prohibited from publishing certain country-level data, it must include a note explaining the countries involved and the legal or regulatory reason for non-disclosure. If a companyoperatesin only one country anddisclosesrequests received in that country only, it can still meet the criteria.
Protection of personal data is a fundamental right linking to SDG target 16.10: ‘Protect fundamental freedoms.’ SDG target 16.10 calls for ‘public access to information’. In this regard, it is important for stakeholders to know about data breach incidents to better understand risk and how companies are dealing with it. Both the GRI and SASB global reporting frameworks recommend that companies should disclose the number of data breaches they experience.
Research Guidance:
The company publishes a statement thatdiscloses1) the number ofgovernmentdemands for user data it has received by country, including from their home and foreign governments, as well as from law enforcement and courts, 2) the number ofgovernments demands it hascomplied with. If the company is legally prohibited from publishing certain country-level data, it must include a note explaining the countries involved and the legal or regulatory reason for non-disclosure. If a companyoperatesin only one country anddisclosesrequests received in that country only, it can still meet the criteria.
License
Topics
Framework Mappings
Value Type
Category
Options
Yes
No
Not Applicable
Assessment
Steward Assessed
Report Type
Aggregate Data Report