Telekom Logo
2020 Corporate Responsibility Report

Protection of personal data

Protecting our customers’ data is one of our top priorities. We also provide regular, sometimes up-to-the-minute information about all of our activities on our Group website under data protection and data security. The following are just a few examples of our recent activities during the reporting period.

In 2020, we joined with software company SAP to develop our contact tracing app, the Corona-Warn-App img. It informs users in Germany and several other countries about possible contact with people infected with coronavirus. Even before development began, the data protection and security concept was a topic of intensive discussion. To ensure maximum protection of personal data, the German Federal Government opted for a decentralized approach; the data remains on the user’s own phone and is not stored centrally. This concept has paid off: In Germany alone, the app has been installed as many times as similar solutions in other European countries combined – more than 23 million times through December 2020.

International cooperation for cybersecurity
In 2020, we once again promoted data security on an international level. Among other things, we are a founding partner of the Charter of Trust. One of its objectives is to establish general minimum standards for cybersecurity that are aligned with state-of-the-art technology. Together with our partners, we have identified ten action areas in this context which call for more activity in order to ensure cybersecurity. 

We already underscored our commitment to security in the digital world by signing the Paris Call for Trust and Security in Cyberspace in 2018. We thereby pledge to intensify collaboration in support of integrity and security in the digital world.

Knocking out botnets
An international comparison shows that Deutsche Telekom AG is the only network operator in Europe to actively suppress botnets (as of December 2020). Botnets are countless devices interconnected by an unauthorized entity that misuses them for a variety of criminal attacks. The bigger the network, the more extreme the impact of a cyberattack. To keep hackers from controlling the devices, Deutsche Telekom Security GmbH experts analyze the structures of the network and suppress communication with the controlling servers. It is possible for botnets to take over the devices of our customers. In 2019, we helped our customers 155,000 times in such cases and regained control of their systems.

Uncovering stolen identities
The “fraud scouts” (experts from the Deutsche Telekom security team) use a special application to search the world wide web and the dark web for stolen identities. If they find anything, we then warn and help our customers. 

Security on the go
Since 2017, we have partnered with the company Check Point Software Technologies to offer the „Protect Mobile“ security solution. Our consumer customers can use Protect Mobile for their smartphones: It provides reliable protection from cyberattacks through a combination of network protection and app – for instance, for downloading apps, doing online banking or surfing the browser. Deutsche Telekom customers can add this option free of charge to their existing mobile phone contract and download the app for Android or iOS for the most complete protection.

Smart can also be safe and transparent
We not only want to comply with legal guidelines, we want to actively ensure that our customers’ data is protected. To do so, we continue to enhance technical standards, and promote maximum transparency. 

For example, with our „SprachID“ service, we do not save our customer’s voice, but instead record a mathematical pattern that is calculated from characteristics in the voice. A person can therefore not be traced back through the voice pattern.

Another example is the “Magenta Speaker”, the first intelligent European voice assistant. When customers set up this smart speaker, they receive an explanation in simple language about the data we process and store and for what purpose. During use, customers can access their data in the smart speaker app at any time and delete it if needed.

Commendation for handling of customer data
For the fourth time, in 2020 we were commended by the independent testing authority TÜV Informationstechnik (TÜViT) for our handling of customer data. TÜViT certified that our processing of data, as it relates to billing, for example, is done in a secure and careful manner.

Building trust in the cloud
Together with Deutsche Telekom and other experts, the German Federal Ministry for Economic Affairs and Energy has developed a standard for the certification of cloud services in accordance with the General Data Protection Regulation (GDPR): AUDITOR. GAIA X, a European cloud project for high-performance and secure data infrastructure, will apply the standard to its project. As part of a pilot, we will also certify our cloud solutions Open Telekom Cloud and vCloud services in accordance with AUDITOR. Even though our standard is exemplary, the responsible supervisory authorities have yet to approve a uniform data protection certification for cloud services. However, Deutsche Telekom views this as essential for a protected data infrastructure in Germany and Europe. 

Simple data privacy statements for everyone
Data Privacy Notices are often incomprehensible to the layperson. We offer customers our “one-pager”: an easy-to-read, brief overview of the main data processing activities. It does not replace our formal data privacy statement which complies with legal requirements and to which we also link in the document. With this one-pager, we have followed an initiative launched by the National IT Summit, supported by the Federal Ministry of Justice and Consumer Protection.

Encryption for all
Together with the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), we launched the “Volksverschlüsselung” IT encryption solution in 2016. It is a simple, free way to encrypt emails. The keys are generated on the user’s device. The user is the only person with access to them; they are not sent to the infrastructure operator. To use the encryption, users only need to install the software and identify themselves as part of a simple one-time process. We operate the infrastructure at a high-security data center. This product supports the federal government’s digital agenda. What’s more, we fulfill the requirements of the “Charta zur Stärkung der vertrauenswürdigen Kommunikation” (charter for the promotion of trustworthy communications), which was proposed and signed by representatives from the business and scientific communities as well as by political representatives.

Other projects can be found in our CR facts.