Telecommunications company

Deutsche Telekom AG

Domicile: Germany
Website: www.telekom.com 
Operating company evaluated: Deutsche Telekom Germany
Download company report: English | Deutsch

5

Key findings

  • Deutsche Telekom earned the highest privacy score in the Index, disclosing significantly more than other telecommunications companies about policies affecting users’ privacy.
  • It failed to disclose adequate information about policies and practices affecting users’ freedom of expression, including how it handles government demands to block or filter content or deactivate accounts.
  • It also lacked strong governance and oversight over human rights issues relative to its European telecommunications peers.
Services evaluated

Analysis

Deutsche Telekom ranked fifth out of the 12 telecommunications companies evaluated, scoring lower than Telefónica, Vodafone, AT&T, and Telenor.1 The company—a newcomer to the RDR Index—earned the highest privacy score of any company evaluated, but lacked transparency about its policies affecting users’ freedom of expression. Deutsche Telekom is the only European telecommunications company in the RDR Index that is not a member of the Global Network Initiative (GNI). As such, Deutsche Telekom lacked evidence of strong governance and oversight over human rights issues relative to its European peers in the RDR Index (Orange, Telefónica, Telenor, and Vodafone). Still, it disclosed significantly more about its policies affecting privacy than any company in the RDR Index, and in ways that surpassed its obligations under the EU’s General Data Protection Regulation (GDPR).


Deutsche Telekom AG offers mobile, broadband, and other services in Europe, Africa, Asia, and the Americas.

Market cap: USD 79.5 billion2
Xetra: DTE

  • Be transparent about policies affecting freedom of expression: Deutsche Telekom should be far more transparent about its policies affecting users’ freedom of expression by clarifying its rules and processes for responding to government and other third party demands to block content or accounts.
  • Improve governance of freedom of expression commitments: Deutsche Telekom should strengthen its governance and oversight over freedom of expression issues, including by disclosing evidence of senior-level oversight over these issues across the company’s operations.
  • Clarify security policies: Deutsche Telekom should publish more information on how it addresses security vulnerabilities and how it responds to data breaches.

Governance

Deutsche Telekom lacked strong governance and oversight over human rights issues—and in particular over freedom of expression—and scored lower than all other European telecommunications companies in this category. While it published a clear commitment to respect users’ freedom of expression and privacy rights in accordance with international human rights standards and principles (G1), it only disclosed evidence of senior-level oversight over privacy issues but not freedom of expression (G2). Likewise, it clearly disclosed employee training and whistleblower programs for privacy issues, but left unclear whether the scope of those programs covered freedom of expression (G3). Deutsche Telekom was one of the few companies in the RDR Index (along with Microsoft and Telefónica) to disclose that it conducts impact assessments associated with its use of automated decision-making technologies—but focused on identifying impacts on users’ privacy rights and not on freedom of expression rights (G4). It disclosed mechanisms for users to submit freedom of expression and privacy related complaints, but did not clarify its process for providing remedy and offered little evidence it was responding to these complaints (G6).

No score changes

New to RDR Index.

Freedom of Expression

Deutsche Telekom failed to disclose adequate information about policies and practices affecting users’ freedom of expression, and was among the least transparent of any company in the RDR Index. The company disclosed little about what types of content or activities are prohibited across its services (F3) and provided no data about any actions it took—such as blocking content or disabling accounts—due to user violations of rules (F4). Like most of its peers, Deutsche Telekom disclosed almost nothing about how it handles government or other types of third-party requests to restrict content and accounts (F5-F7): it disclosed nothing about its process for responding to government requests (F5), and provided no data about the number of these requests it complied with (F6-F7)—although there appear to be no legal reasons prohibiting the company from being more transparent.

Deutsche Telekom also disclosed nothing about its network management policies, and failed to publish a commitment to not prioritize certain types of traffic, applications, protocols, or content over others (F9). It disclosed minimal information about the reasons it may restrict access to its networks or specific applications (F10), but did not provide any additional details, including whether or not it commits to push back on government shutdown requests, or if it notifies users when it restricts their access to the network or a service.

No score changes

New to RDR Index.

Privacy

Deutsche Telekom earned the highest privacy score in the RDR Index, disclosing significantly more than other telecommunications companies. It was far more transparent than any other telecommunications company about how it handles user information (P3-P8), clearly disclosing the types of user information it collects (P3), shares (P4), and its reasons for doing so (P5). It disclosed more about its data retention policies than any of its peers (P6). It was the only company in the Index to clearly disclose that targeted advertising is off by default, and that users can control how the company uses their information to deliver targeted ads (P7). However, it disclosed limited options for users to delete their information and no options at all for them to control the information that Deutsche Telekom collects on them (P7).

Deutsche Telekom also had relatively strong disclosure of how it responds to government and private requests for user data (P10-P12), although it disclosed less than AT&T and Telefónica. It clearly disclosed its process for responding to German government requests, but provided only limited information about how it responds to private requests and requests submitted by governments in foreign jurisdictions (P10). Like all of its peers, it failed to disclose anything about whether or not it notifies users of third-party requests to access their information (P12).

It also disclosed more about its security policies than the rest of its peers. It revealed that it monitors and limits employee access to user information and that it commissions third-party security audits (P13)—although it lacked clear disclosure about how it addresses security vulnerabilities (P14). It disclosed some information about its process for responding to data breaches (P15), but its disclosure was less comprehensive than that of Vodafone (P16).

No score changes

New to RDR Index.

Footnotes

[1] The research period for the 2019 Index ran from January 13, 2018 to February 8, 2019. Policies that came into effect after February 8, 2019 were not evaluated in this Index.

[2] Bloomberg Markets, Accessed April 18, 2019, www.bloomberg.com/quote/DTE:GR