Data privacy and data security are very important to us. In 2008 we created a Board of Management department for Data Privacy, Legal Affairs and Compliance as well as the Group Privacy unit. The responsible Board member has been advised by the independent Data Privacy Advisory Council, which comprises renowned experts from politics, science, business, and independent organizations, since 2009. In addition, we were the first DAX company to have our data privacy organization reviewed and certified according to the IDW PS 980 standard in September 2014. At Deutsche Telekom, data protection and data security are subject to the Group’s Binding Corporate Rules on Privacy and the Group Policy on General Security. The Binding Corporate Rules on Privacy govern the handling of personal data. The related document Binding Interpretations contains specific recommendations and best practice examples for implementing the EU General Data Protection Regulation, which will be enacted in May 2018. The Group Policy on General Security includes significant security-related principles followed within the Group. Both guidelines set forth binding standards that are in line with international standard ISO 27001. These policies allow us to guarantee an adequately high and consistent level of security and data privacy throughout the Group. Deutsche Telekom has been publishing an annual transparency report for Germany since 2014, which covers the types and amount of information we disclose to security agencies. This way we comply with our legal obligations as a telecommunications company. Our international business units have also been publishing similar transparency reports since 2016. We also provide up-to-date and transparent information about all of our activities and measures regarding data protection and data security on our Group website.
Our products and services have always provided a high degree of data privacy and data security. Growing volumes of data require special precautions to protect the privacy of citizens, which is why we approved eight mandatory principles for handling big data, or large amounts of personal data, in 2013. In January 2015, we also approved specific measures to protect data and infrastructure in our "Ten-point program for increased cyber security." We also developed new protective products including our Mobile Encryption app designed to ensure end-to-end encryption of mobile communication.
Data privacy and security also play a key role in the development of our other products and services. Our Privacy and Security Assessment (PSA) procedure allows us to review the security of our systems in each step of the development process. This procedure applies to newly developed systems as well as existing systems that undergo changes in technology or in the way data is processed. We use a standardized procedure to document the data privacy and data security status of our products throughout their entire life cycle. Youth protection aspects are also taken into consideration in our product and service design. In Germany we involve our youth protection officer in all issues regarding planning and designing offers for young people. The youth protection officer can then recommend restrictions or changes. We have appointed a Child Safety Officer (CSO) at each of our national companies within the EU who is responsible for issues pertaining to the protection of minors. The CSO acts as a central contact for members of the community in the respective market. The CSO also plays a key internal role in coordinating topics related to the protection of minors. These measures increase the consistency and transparency of Deutsche Telekom's involvement in protecting minors.
Strategic approach to protecting minors from unsuitable media content
Our strategy to protect children and young people from harm when using digital media is based on three pillars. We
We also collaborate closely with prosecuting authorities and NGOs as well as other partners from business, politics, and society to ban online content that is harmful to children and young people. We have documented our commitment to protecting minors from unsuitable media content in Germany in relevant codes and introduced minimum standards. In 2007, we committed ourselves to fighting child pornography on the Internet throughout the European Union. At a global level, we have been a member of the global association of mobile providers, GSMA, since 2008, which pursues the same objectives. In order to better coordinate our activities within the Group, we also approved a list of general guidelines in October 2013 for our activities to help protect minors from unsuitable media content and made these guidelines mandatory at international level, thereby setting new standards in our markets. In consideration of their particular cultural situation and business model, each national company in the European Union can further specify these measures, adopt additional measures, and also determine their own strategic focal points.
Because protecting minors from unsuitable media content poses a challenge that affects many industries, we cooperate with different organizations for the protection of minors and participate in coalitions that coordinate the involvement of companies and organizations from the Internet and media sector. For example, we are a member of the “CEO alliance to better protect minors online”, whose goal is to make the Internet a safer place for kids. We also play a leading role in the ICTCoalition for the Safer Use of Connected Devices and Online Services by Children and Young People in the EU. In this coalition, we pursue a comprehensive cross-industry approach based on six principles that expressly includes helping young people learn media skills.
In January 2013, as part of both coalitions, we announced plans to implement an EU-wide set of measures based on the principles of the ICT Coalition. The ICT Coalition published an annual report in April 2014 on the implementation of corresponding measures at all of the companies represented in the ICT coalition. The report, which was written by an independent expert from the Dublin Institute of Technology, comes to the conclusion that Deutsche Telekom's approach to implementing the ICT Coalition's principles is exemplary.
New strategic Cyber Defense and Security Operation Center
In October 2017, the Telekom Security unit expanded the Cyber Defense Center in Bonn into an integrated Cyber Defense and Security Operation Center (SOC). This new defense center is one of the largest and most modern ones of its kind in Europe, analyzing one billion pieces of security-relevant data from 3,000 data sources every day in a nearly fully automated process.
Almost one-third of all Germans are afraid of their data being misused and of insufficient data security in general. These were the findings of the 2016 Security Report that we commissioned from the Allensbach Institute. However, we are by far the most trusted company in the ICT industry when it comes to handling personal data. And we are proud of it, because protecting our customers' data is one of our top priorities.
We also provide up-to-date information about all of our data protection activities on our Group website at https://www.telekom.com/en/corporate-responsibility/data-protection-data-security. The following are just a few examples of our activities during the reporting period.
Competition on digital data protection tools
At the beginning of 2017, we launched a worldwide idea competition. The competition called on participants to create a privacy bot - an intelligent, digital data protection tool. The bot had to be useful for all sorts of web services, not just aimed at individual providers such as Facebook or travel portals. The award ceremony took place in July in Berlin. A team from Germany was the winner. This team developed a privacy bot that automatically verifies the Privacy Notices of Internet services based on individual preferences specified by the user. The privacy bot also provides a variety of other information relating to data privacy, such the number of data privacy incidents affecting the relevant Internet provider in the past.
There were 12 entries, five of which advanced to the final round, with the top three being awarded prize money. The jury was made up of data privacy experts as well as specialists from the Internet economy and the world of corporate communications. Among its most prominent members was Peter Schaar, former German Federal Commissioner for Data Protection and Freedom of Information.
According to the 2016 Security Report, about half of smartphone owners in Germany have no software installed on their phone to protect it from cyber attacks. Since November 2017, we have partnered with the company Check Point Software Technologies to offer the Protect Mobile security solution for smartphones to our consumer customers. Protect Mobile detects and wards off cyber attacks in the mobile communications network, before they can even get to the smartphone. This protection is automatically integrated into Deutsche Telekom's mobile communications network. The Protect Mobile app detects additional cyber attacks when browsing the Internet on a WLAN or using hotspots as well as when downloading apps, doing online banking or surfing in the browser. Deutsche Telekom customers can add this option on to their existing mobile phone contract. For the most complete protection, the free app is available for Android and IOS from app stores.
Simple data privacy statements for everyone
Data Privacy Notices are often incomprehensible to the layperson. Our one-pager provides our customers with an easy-to-read overview of data privacy at our company. It contains simple, condensed information on the basics behind our data processing activities. It does not replace our formal data privacy statement, to which we link in the document and which complies with legal requirements. Instead, it provides users with transparent information on how and to what extent we process and use personal data. With this one-pager, we have followed an initiative launched by the National IT Summit, supported by the Federal Ministry of Justice and Consumer Protection.
Encryption for all
Together with the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), we launched the "Volksverschlüsselung" encryption solution in mid-June 2016. It is a simple, free way to encrypt emails. We operate the solution at a high-security data center. The keys are generated on the user's device. The user is the only person with access to them; they are not sent to the infrastructure operator. To use the encryption, users only need to install the software and identify themselves as part of a simple one-time process. This product supports the federal government's digital agenda. What's more, we fulfill the requirements of the Charter for the Promotion of Trustworthy Communications (Charta zur Stärkung der vertrauenswürdigen Kommunikation), which was proposed and signed by representatives from the business and scientific communities as well as by political representatives. For more information, go to www.krypto-charta.de/.
Other examples of our comprehensive data security offering
We want to create a safe, positive online experience for children and young people. We offer them attractive, exciting content on age-appropriate websites.
Promotion of standardized child protection offers
In August 2016, we joined the non-profit organization JusProg e.V.. The organization operates the child protection program JusProg. The software, which can be installed on any computer, allows parents to decide which content their children can see. The system works with filter lists, among other things, which block many websites with unsuitable content and content that may even impair the development of minors. The system also allows you to enter customized settings based on age for the display of age-appropriate content.
This software is the only general child protection program in Germany that has been officially recognized by Freiwillige Selbstkontrolle Multimedia-Diensteanbieter e.V. (FSM, association for the voluntary self-monitoring of multimedia service providers) pursuant to statutory requirements (Interstate Treaty on the Protection of Human Dignity and the Protection of Minors in Broadcasting and in Telemedia). The software was most recently evaluated in March 2017.
We decided in 2016 to donate the rights to the program code behind our child protection software (Windows) and our child protection app, Surfgarten, (iPhone/iPad) to JusProg e.V. in order to expand our involvement in child protection efforts.
Teachtoday in the Aktionsbund Digitale Sicherheit (Digital Security Action Alliance)
In addition to these solutions, we also promote secure and responsible media use among children and young people with our Teachtoday initiative. The initiative supports children and their families with practical and everyday tips and materials.
We consider it our obligation to take rigorous action against depictions of child abuse on the Internet. We have been involved in an EU-wide fight against the depiction of child abuse since 2007 in the European Framework for Safer Mobile Use by Younger Teenagers and Children. Since 2008 we have been committed to combating the spread of such content together with other mobile providers in a global association.
Since 2013 we have been actively participating in two cross-industry coalitions committed to fighting child abuse on the Internet, the "CEO Coalition to make the Internet a better place for kids" and the "ICT Coalition for the Safer Use of Connected Devices and Online Services by Children and Young People in the EU."
New structures for cooperation on child safety on the Internet
We were involved in the work of the Centre for Child Protection on the Internet (I-KiZ) until the end of 2016. The I-KiZ was dissolved at the end of 2016. However, the important fields of activity of the forum were assumed by existing networks. The safer-internet.de association, for example, took over the jugend.support advice and help system. The No Gray Areas project is now being coordinated by jugendschutz-net – with the assistance of Freiwillige Selbstkontrolle Multimedia-Diensteanbieter e.V. (FSM, association for the voluntary self-monitoring of multimedia service providers). We are actively supporting this initiative as well.
As part of our e-safety strategy, T-Mobile Czech Republic issued a brochure called “Safely on the Net” that will be distributed to our customers for free in the shops. The illustrated and lifestyle-like publication was written in cooperation with a specialist on e-safety. It is intended for all users of the internet but with the main focus on parents. It includes tips on avoiding risks when using computers, the internet, and social networks in particular.
The main part is dedicated to tips on how to protect children from potential abuse and the Školák (“Schoolchild”) package is a special offer for parents of schoolchildren. Independently of the child’s mobile credit, parents can purchase the package to keep an eye on their children’s movements, protect them against inappropriate content on the internet and keep track of their mobile credit. The package is linked to the “Surfie” application. This app is provided free of charge and makes it possible to track the location of children and restrict viewing of internet content.
The app is in the Czech language, works with iOS and Android operating systems, and includes three licenses. These can be used to protect three children or they can be installed on three different devices. The app requires internet access and the bundle therefore contains a 10 MB data allowance per month for the child. After the data allowance has been used up, the internet access speed slows down. However, children will still be able to use the app.
In the area of IT and e-safety, we held 4 seminars for senior citizens on “How to use mobile phones” and “Internet and apps” at the Centre for seniors in Prague. The seminars were run for 25 participants by T-Mobile employees.
Our Computerhilfe Plus service offers reliable protection from cyber bullying and competent assistance in the event of libel on the Internet. Consumers, especially families with children, can get tips and instructions here about safe handling of data in social networks and messaging services.
If a customer is affected, Deutsche Telekom experts will help them delete insults, disreputable slander or other defamatory content on the Internet. This involves researching the appropriate contacts, initiating exchanges between the conflicting parties and compiling replies. Our services are tailored to meet the needs of each case. In addition to a digital service, a service phone number (0800-330 1473) has also been set up where Deutsche Telekom experts provide assistance.
Since the introduction of Computerhilfe Plus, the need for security and support for digital topics has risen steadily. That's why the Digital Schutzpaket (Digital Protection Package) will replace Computerhilfe Plus in the spring of 2018. This package offers comprehensive preventive measures such as home network security and data backup. It also provides assistance in case of damage, such as financial losses due to online purchases, data retrieval or cyber bullying.