Deutsche Telekom AG
Headquartered in Germany, Deutsche Telekom offers mobile, broadband, and other services in more than 50 countries across Europe, Africa, Asia, and the Americas, with a core base of more than 273 million mobile customers, 24 million fixed-network lines, and 22 million broadband customers.
Deutsche Telekom held on to fourth place in this year’s ranking, strengthening certain governance and privacy disclosures while continuing to lag significantly on freedom of expression and information.
The company expanded its human rights commitments to explicitly cover AI systems and published a more detailed, seven-step grievance and remedy process. It also improved its transparency about third-party data sharing by publishing a detailed partner list specifying what data is shared and with whom.
Deutsche Telekom and partner telcos supported the launch of a “privacy-first” advertising platform in the UK that relies on telecom network signals for deterministic ad targeting rather than browser cookies. While the platform is framed as a consent-based alternative to traditional tracking, Deutsche Telekom still does not publish a clear policy explaining how it governs advertising content or targeting practices, nor does it clearly demonstrate that it assesses the human rights impacts of such systems. At the same time, the company’s updated privacy policies weakened assurances that targeted advertising is off by default, creating ambiguity about whether users must opt into or opt out of profiling.
Deutsche Telekom entered into multiple AI partnerships between 2024 and 2025, ranging from a five-year AI integration deal with Google Cloud to a collaboration with Perplexity on an “AI phone” with a built-in chatbot. Numerous additional partnerships followed in early 2026. The company’s own algorithmic transparency remained very limited, but it still outperformed most other telcos in this area.
Our research once again found no policy describing how Deutsche Telekom handled government or private requests to restrict content or accounts, no statistics on such requests, and no data on how often it enforced its own rules through account suspensions or other restrictions.
Since 2020, RDR has highlighted the tension between Deutsche Telekom’s stated commitment to “preserving an open internet” and its continued operation of the StreamOn zero-rating program, which undermined that commitment. Following a 2021 Court of Justice of the European Union ruling and the 2025 enforcement action by Germany’s Federal Network Agency, StreamOn was discontinued. With zero-rating now phased out and a formal non-prioritization commitment in place, this long-standing inconsistency appears to have been resolved, an outcome RDR has consistently called for.
The 2026 RDR Index: Telco Giants Edition covers policies that were active on August 31, 2025. Policies that came into effect after August 31, 2025 were not evaluated for this ranking.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Deutsche Telekom performed relatively strongly on formal human rights commitments but continued to show gaps in oversight and external accountability. The company maintained explicit commitments to freedom of expression, privacy, and human rights, extending these commitments to AI and other algorithmic systems (G1). It strengthened its grievance and remedy framework by publishing a structured, seven-step complaint process and aggregate data on tip-offs and confirmed misconduct (G6a). However, the company did not demonstrate clear Supervisory Board oversight of digital rights risks (G2) and disclosed no meaningful engagement with independent stakeholders or multi-stakeholder initiatives on digital rights issues (G5). While it conducted human rights and environmental risk assessments under the German supply chain law (G4a), its disclosures did not transparently extend due diligence to enforcement of its own rules (G4b), or targeted advertising systems (G4c).
Deutsche Telekom continued to rank near the bottom in this category. The company disclosed no policy describing how it evaluated and responded to government or private requests to restrict content or accounts (F5a, F5b), and published no data on the number of such requests it received or complied with (F6, F7). Further, it did not provide data on how often it enforced its own rules through account suspensions or other restrictions (F4a, F4b, F4c). Following the discontinuation of its StreamOn zero-rating program, Deutsche Telekom received full credit for clearly committing not to prioritize, block, or delay traffic beyond what is necessary to assure network quality and reliability (F9). However, it continued to provide only limited technical explanations regarding traffic management practices and did not disclose a clear policy governing government-ordered shutdowns or app blocking (F10). The company provided some information about how it notifies users about certain account restrictions and specific misuse scenarios (F3a, F8), but these commitments did not extend to all cases of restriction.
Once again, Deutsche Telekom was the second most transparent telco on privacy, behind only Telefónica. It improved its transparency by publishing a detailed list of third-party partners and specifying what categories of data are shared with each (P4). It also strengthened its vulnerability disclosure framework by clearly defining a structured, multi-domain bug bounty program (P14), and continued to provide comparatively robust disclosures regarding data collection (P3a), sharing (P4), retention (P6), and security governance (P13, P14, P15). However, it also created a new blind spot on user control over targeted advertising, as its updated privacy policies no longer clearly guaranteed that advertising was off by default (P7). The company also no longer clearly specified the categories of data users could obtain when exercising their right of access (P8). Deutsche Telekom still has yet to disclose whether or how it infers sensitive user attributes (P3b) and how it handles data requests from private parties, such as when another company sends a request for “non-public information” about one of its users (P10b, P11b).