Telekom Logo
  • 2019 Corporate Responsibility Report

Who knows what
about me?

It’s a familiar story. You install a new app on your cellphone and a pop-up appears telling you authorizations are required. Just one click and the inconspicuous app gains access to contacts, images, or the microphone, even though it doesn’t actually need them. Is that even legal?

Data about data

The short answer is yes – but only if we agree. People who value their privacy should think carefully before doing so, though. If this data gets into the wrong hands, criminals can use it for illegal purposes. Consequently, applications should only be given the authorizations they actually need to work.

What’s more, people who think they aren’t paying for free online offerings are wrong. We pay with our data. It’s obviously difficult to check whether we’re paying a fair price for the service in question and, unlike money, our data is always linked to us. Find out more about this issue here.

Going all out for data privacy

Data privacy has top priority for the entire Deutsche Telekom Group. In addition to complying with legal requirements such as European data protection regulations, we’re also actively shaping data privacy. We work closely with privacy experts, ensure the ongoing further development of technical standards, and are committed to maximum transparency. This means you can always be sure that one thing is safe – your data.
Detailed information about what data of yours we hold and how we protect this at Deutsche Telekom is available here.

“Data privacy lays the foundation for the trust people have in our solutions. And this trust creates the basis for the company’s sustainable success.”

Dr. Clas Dieter Ulmer Dr. Claus-Dieter Ulmer, the Deutsche Telekom Group’s Global Data Privacy Officer

An outside perspective

Leading scientific, economic, and political experts and independent organizations hold regular meetings with the Deutsche Telekom management team to discuss data protection and data security. This provides an independent take on data privacy issues at Deutsche Telekom. Other aspects covered include digitalization, social developments, and ethical considerations. Our CEO Timotheus Höttges and Birgit Bohle, Board of Management member for Human Resources and Legal Affairs, have also been represented at these meetings since 2020.

The Data Privacy Advisory Board is made up of 13 independent experts and 5 leading Deutsche Telekom managers. A full list of members and the annual agenda can be found here.

Data privacy from
the outset

The PSA (Privacy & Security Assessment) process was devised to ensure technical security and data privacy are taken into account early on in Deutsche Telekom’s relevant development processes. PSA integrates the principles of privacy by design img and privacy by default img into all products, services, platforms, and IT applications. The Deutsche Telekom Telekom Smart Home is just one example. In other words, the company develops technical and organizational measures and uses default settings that are conducive to data privacy to maximize both data protection and data security.

See our PSA booklet for further details about the PSA process.

The Corona-Warn-App –
data privacy in action

At the request of the German government, we joined forces with SAP to develop a coronavirus contact tracing app, the Corona-Warn-App. Both the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security were involved in the development process. The GitHub platform also enabled all interested members of the public to download the program code, submit their comments, and suggest improvements. Critics such as the Chaos Computer Club examined the software, too. The resulting app shows how useful digitalization in the healthcare sector can be and demonstrates how data privacy is safeguarded in the context of such applications.

Use of the free app is voluntary. It records all contacts – including chance encounters, such as on the tram – provided that the contacts in question also have the app installed on their cellphone. Special Bluetooth technology enables the app to identify other devices that remain within a radius of two meters for a certain amount of time. The devices then share an encrypted code and store it for 14 days. Anyone testing positive for Covid-19 can disclose this in the app. Other people with the app who have been in close proximity of the infected person are then alerted on their smartphone.

To ensure
the protection
of personal data:

1
Storage

The encrypted codes are stored on the cellphones only – there is no central data storage.

2
Deletion

The data is deleted after 14 days.

3
Decision

People who test positive decide themselves whether to disclose their test result in the app.

4
Provided information

People who are alerted by the app that they have been in contact with an infected person do not find out who it is or when and where they met this person.

5
Data Protection

At no point is personal data collected or processed.


2018

Deutsche Telekom received
TÜViT accreditation in 2018.

External accreditation

Important as strict requirements are, they’re pointless unless compliance is also checked. Every year, we carry out several hundred data protection and data security checks at our company in the form of internal audits.

Furthermore, we arrange for processes, management systems, products, and services to be certified by independent bodies such as TÜV or DEKRA and also support the AUDITOR research project, which is developing a new certification standard for the data privacy of cloud services.

Telecommunications companies are also obliged to give new employees training on data privacy regulations. At Deutsche Telekom, we go beyond that and ensure our employees receive appropriate training every two years. In addition, we offer courses on specific topics such as data protection for employees.

Further details about audits, certifications, and training courses can be found here.

Looking
to the future

The Internet of Things (IoT) and artificial Intelligence (AI) are the key to connected cars and fully automated houses, factories, or even entire cities. This involves recording and evaluating huge volumes of data. If this also includes personal data, then data privacy is the top priority. For example, smart traffic management systems can reduce emissions by preventing congestion. To do so, however, these systems require data. This can be recorded by items such as cameras or detectors that receive signals from Bluetooth devices. It’s then vital to make sure this data can’t be misused. To operate such systems in compliance with data privacy requirements and for the benefit of our customers, we have defined data privacy guidelines. These guidelines describe how Deutsche Telekom aims to handle AI, loT and big data img, and how we will develop our products and services that are based on these technologies in the future.

Digitally secure

On the website www.digitallysecure.de we provide concrete answers to typical security questions from the everyday life of our customers - easily understandable and straightforward.  Among other things, it's about what you can do to prevent identity theft or how to protect your privacy in social media.
More information here.

How each of us
can do our bit

Sooner or later, everyone who makes regular use of digital technology will ask themselves what they personally can do to protect their data online? As we see it, Deutsche Telekom has a responsibility not only to protect our customers’ data, but also to help them protect themselves. After all, prevention is better than cure. That’s why we provide relevant information. The www.digitallysecure.de website answers typical security-related questions from our customers’ everyday lives in a way that is easy to understand and to the point. We cover aspects such as what you can do to prevent identity theft and how to protect your privacy when using social media. Incidentally, our sustainability magazine “We Care” also contains a lot of good security tips in the section on privacy. Our “Media, sure! But secure.” website provides details of all our initiatives to improve media literacy and offers support on the competent and secure use of digital media.

1,606

inquiries and requests for information about data privacy from customers and other sources outside the company were received and dealt with by us in 2019.

Greater transparency

On our data privacy websites, we keep you up to date and publish various reports.

Telecommunications companies are legally required to support security authorities and, for example, to provide information on subscribers. Our annual transparency report outlines how often we do this and in what form.

Our status report on data privacy also discloses all major data breaches. Information about other topics relating to data privacy that Deutsche Telekom is currently dealing with can be found in our activity report. This report, together with many other articles, documents, and details, is available here.