Telecommunications companies

Deutsche Telekom AG

Rank: 5th
Score: 34%

Headquartered in Germany, Deutsche Telekom offers mobile, broadband, and other services in more than 50 countries in Europe, Africa, Asia, and the Americas, with a core customer base of about 236 million mobile users and 21 million broadband lines.

Deutsche Telekom ranked fifth among telecommunications companies. The company earned the highest privacy score of any telecommunications company evaluated in the RDR Index, but one of the lowest scores in freedom of expression category. In response to COVID-19, Deutsche Telekom partnered with SAP, Europe’s largest software company, to develop a contact-tracing smartphone app for Germany. It also started sharing users’ location data with national governments to help them assess whether people were moving around or congregating and thereby spreading the coronavirus. Both moves provoked public concern regarding data privacy. Although Deutsche Telekom was relatively transparent about how it handles user information, it failed to divulge whether or not it notified users of government demands to access their information (P12).

Key takeaways

  • While Deutsche Telekom continued to outperform all other telecommunications companies on its policies and practices affecting users’ privacy, it remained among the least transparent European telecommunications companies on policies affecting freedom of expression and information.
  • Deutsche Telekom lacked strong governance and oversight over human rights issues relative to its European peers and showed no evidence of engaging with multistakeholder initiatives on human rights issues.

Key recommendations

  • Improve governance of freedom of expression commitments. Deutsche Telekom should strengthen its governance and oversight over freedom of expression and information issues, including by disclosing evidence of senior-level oversight over these issues across the company’s operations.
  • Be transparent about policies affecting freedom of expression and information. Deutsche Telekom should be far more transparent about its policies affecting users’ freedom of expression and information by clarifying its rules and processes for responding to government and other third-party demands to block content or accounts.
  • Clarify data inference policy. Deutsche Telekom should be more transparent about the types of user data it infers, how, and for what purpose and should give users options to control what is inferred about them.

Services evaluated:

  • Operating company evaluated: Deutsche Telekom GermanyFor telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
  • Market cap: $86.42 billion (as of February 4, 2021)
  • Xetra: DTE
  • Website: https://www.telekom.com

The 2020 RDR Index covers policies that were active between February 8, 2019, and September 15, 2020. Policies that came into effect after September 15, 2020 were not evaluated for this Index.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Veszna Wessenauer, Afef Abrougui

Changes since 2019

  • Deutsche Telekom improved on governance by disclosing that its employee training includes freedom of expression issues.
  • Deutsche Telekom clarified its policies addressing data breaches.
  • Deutsche Telekom lost points in the privacy category because it stopped publishing data about government demands for user information that are submitted via court order.
+ 0.65 points

Gained 0.65 points on comparable indicators since the 2019 RDR Index.

Governance42%
Freedom of expression8%
Privacy48%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 42%

Deutsche Telekom lacked strong governance and oversight over human rights issues, in particular over freedom of expression and information, and it continued to lag behind all other European telecommunications companies in this category.

  • Commitment to human rights: While Deutsche Telekom published a clear commitment to respect users’ freedom of expression and privacy rights, its Guidelines for Artificial Intelligence gave no indication that the company commits to abide by human rights in its development and use of algorithmic systems (G1). Deutsche Telekom disclosed evidence of senior-level oversight over privacy issues but not freedom of expression (G2).
  • Human rights due diligence: Deutsche Telekom was one of the three telecommunications companies in the 2020 RDR Index (along with AT&T and Telefónica) to state that it conducts impact assessments on its use of algorithms (G4d). However, these assessments focused on identifying privacy risks, and did not cover freedom of expression or non-discrimination (G4d). Overall, the company failed to provide evidence that these assessments were robust. For instance, the company did not say whether it pursued more in-depth evaluations whenever initial assessments brought up concerns. Deutsche Telekom also gave no evidence of conducting risk assessments on the enforcement of its own policies (G4b) or of its targeted advertising practices (G4c).
  • Stakeholder engagement: Deutsche Telekom published no evidence of engaging with multi-stakeholder initiatives on human rights issues (G5).
  • Remedy: On its Human Rights page, the company stated that any complaints related to human rights should be submitted through the Tell Me portal, but did not clarify its process for providing remedy and offered little evidence it was responding to these complaints (G6a).

Freedom of expression 8%

Deutsche Telekom failed to disclose adequate information about its policies and practices affecting users’ freedom of expression and information, making it less transparent than most other companies in this category.

  • Content blocking and account restrictions: Deutsche Telekom’s terms of service were easy to find and access (F1a). The company’s policies provided some information about what types of content and activities were prohibited on its services (F3a) but the company reported no data about the volume of content and accounts restricted to enforce those rules (F4a, F4b).
  • Advertising content and targeting: Deutsche Telekom did not publish any policies outlining its ad content and targeting rules or how it enforces them (F1b, F1c, F3b, F3c). It also failed to disclose any data on the number of ads it restricted for violating these policies (F4c).
  • Censorship demands: Deutsche Telekom was unclear about how it handles government and private requests to restrict content and accounts (F5-F7). It disclosed nothing about its process for responding to government requests (F5a) and provided no data about the number of these requests it complied with (F6-F7). No laws or regulations appear to prohibit the company from being more transparent in this area.
  • Network management: In its 2019 Corporate Responsibility Report, Deutsche Telekom shared a commitment to "preserving an open internet," but the company maintained an active zero-rating program called StreamOn, which undermines its commitment to net neutrality (F9). It disclosed minimal information about the reasons it may restrict access to its networks or specific applications (F10) but did not provide any additional details, such as whether it commits to push back on network shutdown requests or whether it notifies users when it restricts access to the network or a service.

Privacy 48%

Deutsche Telekom came in first place on privacy among telecommunications companies we evaluated, narrowly beating out Telefónica.

  • Handling of user data: Deutsche Telekom was the most transparent company in the entire 2020 RDR Index in terms of how it handles user information (P3-P9). Still, the company failed to share any information about the types of data it infers, how, and for what purpose (P3b), or to give users options to control what is inferred about them (P7). Deutsche Telekom disclosed that it collects customers' creditworthiness from credit scoring agencies and debt collection agencies, but did not say whether it collects other types of information from third parties through non-technical means (P9).
  • Government and private demands for user data: Deutsche Telekom was relatively transparent about how it responds to government and private requests for user data (P10a-P11a). It clearly explained its process for responding to government demands for user data but provided only limited information about how it responds to private requests (P11b). Like all of its peers, it failed to disclose anything about whether or not it notifies users about third-party demands for their information (P12).
  • Security: Deutsche Telekom revealed more about its security policies than any of its peers apart from Vodafone. It disclosed that it monitors and limits employee access to user information and that it commissions third-party security audits (P13), although it did not clearly delineate how it addresses security vulnerabilities (P14). It published some information about its process for responding to data breaches (P15) and clarified that it reports such incidents to relevant authorities in a new policy on reporting of data breaches.