Aspect 3: Social concerns

We are finding new answers to many different challenges our society currently faces through the digital transformation. Since it affects every area of our lives, access to modern information technologies is an important key to participating in the information and knowledge society. As a telecommunications company, we are responsible for providing such access to as many people as possible and for promoting the competent use of ICT. The security of our customers’ data is a key concern. Used correctly, ICT can also contribute to sustainable development and help us achieve the SDG goals.

 

DEPLOYMENT OF ICT PRODUCTS TO THE BENEFIT OF SOCIETY

One of the biggest challenges we must face is climate change. We want to help limit global warming to less than two degrees Celsius, which is why we are working to reduce our own CO2 footprint. We can make a much larger contribution with our products and services. According to the GeSI study SMARTer2030, ICT products have the potential to save almost ten times as much CO2 emissions in 2030 in other industries as the ICT industry itself produces. For further information, please refer to the section “Risk and opportunity management.” We can also use our products, services, and activities to participate in managing many other ecological and social challenges, as was made clear in a comparison with the 17 sustainability goals (SDGs) put out by the United Nations. For instance, ICT solutions can help reduce resource consumption in agriculture and increase harvests, help get cities ready for the future in terms of sustainability, stabilize power supply grids, or improve access to education and medical care. 12 These areas of application carry market potential for us. In order to evaluate the concepts described in this NFS, it is important to also look to the opportunities that digitalization opens up for sustainable development. We are thus addressing the topic at this point, even though it is not a holistic concept in the meaning of the CSR Directive Implementation Act. The individual national companies are responsible for developing new products and solutions.

Since 2014, we have been analyzing the scope of the sustainability benefits offered by select products. These advantages include benefits in health care. In Greece, a telemedicine network was set up in 2016 to connect health care centers on the Aegean islands with the mainland. As examinations can be transmitted via live stream directly to hospitals in Piraeus, expensive medical transports from the islands to the mainland are necessary only when the patient actually needs to be treated in a hospital. 3 In South Africa, a smart water meter offered by T-Systems South Africa helps reduce the consumption of scarce water resources. It helps optimize consumption in private households and makes occupants aware of hidden pipeline leaks. 6 ICT can even help better understand illnesses and improve treatment – like our cell phone game Sea Hero Quest, which is helping with dementia research. Overall, we have subjected 22 of our product groups to a detailed investigation of how they contribute to sustainability. We use the Sustainable Revenue Share ESG KPI to determine how much revenue (excluding T-Mobile US) we generate with these products; in the reporting year this share was approximately 40 percent. For detailed information about the methods used in our analysis, please refer to the CR report.

We also calculate the positive CO2 effects facilitated for our customers through the use of our products. We combine this figure with our own CO2 emissions, then use this enablement factor to measure our overall performance in relation to climate protection. According to this figure, the positive CO2 effects facilitated for our customers in Germany were 71 percent higher in 2017 than our own CO2 emissions (enablement factor of 1.71 to 1). 13

Sustainable products are another key competition factor at our Company. In order to highlight these sustainability benefits for our customers, we aim to have our products certified by recognized environmental labels such as the Blue Angel. The majority of Telekom Deutschland’s fixed-network devices carry the Blue Angel seal of approval. The strict requirements for these environmental awards not only provide us with ways to further improve our products, but also encourage us to do so.

ACCESS AND PARTICIPATION IN THE KNOWLEDGE SOCIETY

All around the world, having access to modern information technologies is a requirement for economic performance and participation in the knowledge and information society. That is why we continue to rapidly expand our infrastructure and improve transmission speeds with new, secure technology. At the same time, we use our social initiatives to reduce potential obstacles to ICT use. Responsibility for shaping the digital transformation has to be assumed by society as a whole. The Board of Management of Deutsche Telekom AG plays an active role in this discussion.

Demand for fast data services with full-coverage availability is growing continuously. Each year we invest around EUR 5 billion in Germany alone in building out our network infrastructure. This has made us the biggest investor in this sector for several years. For further information on our investment activities, please refer to the “Statement of the Board of Management on business development in 2017." This network build-out is based on the goals of our Europe-wide integrated network strategy, which we use to help achieve the network build-out goals of the EU Commission and the Federal Government’s Digital Agenda and broadband strategy. Our strategy is based on four pillars: LTE, optical fiber, VDSL vectoring, and hybrid technology. As one component, we plan to upgrade our mobile networks with 4G/LTE technology to offer greater network coverage with fast mobile broadband. In 2017, we supplied 94 percent of the population of Germany with LTE. We continued to build out the fiber-optic network in 2017, covering around 46 percent of households in Germany with high-speed Internet (at least 50 Mbit/s) by the end of the year. In addition to vectoring technology, we are also using other innovative products, like our hybrid router, which combines the transmission bandwidths of fixed-network and mobile communications, thus enabling much higher transmission speeds, in particular rural areas. For further details on our build-out goals, please refer to the section “Group strategy.”   9

In general, we want to make our network infrastructure and our products as efficient and as environmentally and health-friendly as possible. That is why we are committed to addressing the topic of mobile communications and health responsibly. Our Group-wide EMF Policy (EMF = electro-magnetic fields) has played a key role in this process since 2004: It includes uniform minimum requirements for mobile communications and health which go far beyond applicable national regulations. For more detailed information, please refer to the section “Risk and opportunity management.”   3

However, simply having access to technology is not enough to ensure everyone can participate in the knowledge and information society. People also need to know how to use media safely, competently, and responsibly. More and more, this issue not only has a private dimension – the protection of personal data – but also a social and political one. Incorrect information and hate posts shape public opinion and can even influence elections. That is why we are working to build media literacy skills in broad swaths of society. Group Corporate Responsibility is in charge of managing this topic at Group level. The individual national companies are responsible for developing and implementing media literacy projects as this allows them to make much greater provision for local conditions. We present all of our initiatives in Germany on the German-language website “Medien, aber sicher!” (Media, sure! But secure) (www.medienabersicher.de). With our award-winning Teachtoday initiative (www.teachtoday.de), we teach children and young people how to confidently and expertly navigate the digital world. Many of our national companies are also working to improve media literacy: For instance, Telekom Romania has been offering programming workshops for children and young adults since 2011. The Deutsche Telekom Foundation is one of Germany’s largest corporate foundations working to improve education in the field of digital learning and teaching. Children are not the only ones, however, who need support in navigating the digital world, which is why we offer information and materials for every age and user group. 4

Data security is another focal point of our efforts. Our German-language online advisory service www.sicherdigital.de and our “We care” app magazine in German and English offer practical hints and tips on how to use digital media safely and securely. Being able to tell the difference between reliable information and intentionally misleading statements is a key aspect of media literacy in our view. That’s why we invited all of our employees in Bonn to attend the first “1001 Truths – Trust and opinion-forming online” event which was held in July 2017. We provided interesting insights and practical suggestions related to the topic of “fake news” in workshops, panel discussions, and events. For detailed information, please refer to our 2017 CR report.

We measure the impact of our social commitment with a set of three Group-wide ESG KPIs. The Community Investment ESG KPI maps our social engagement in terms of financial, human, and material resources: a total of EUR 57 million.

The Beneficiaries ESG KPI indicates the number of people engaged and people reached. This figure totaled 19 million in the reporting year. The Media Literacy ESG KPI determines the percentage of people in our target group we actually reached with measures to enhance media literacy as part of our social engagement. At 41 percent, this metric was slightly higher than the prior-year figure of 40 percent. We aim to reach 45 percent by 2020. The ESG KPI values for the Deutsche Telekom Group in Germany are EUR 32 million (Community Investment), 18 million people reached (Beneficiaries), and 44 percent (Media Literacy).

Our efforts to help refugees is another building block in promoting a diverse society. After concentrating on comprehensive initial aid in response to the large numbers of refugees in 2015, we are now focusing on integrating these refugees into the labor market. Based on current figures, around 86 percent of refugees do not have any formal professional qualifications that are recognized in Germany. That is why, in 2016, we founded the “Internship PLUS direct entry” initiative together with the Deutsche Post DHL Group, Henkel, and the Federal Employment Agency. We also hold special applicant days to provide easier access to internships. Through recruitment measures, communication on social media, and volunteer work, we increased the number of applications received from refugees, bringing the number of applicants per vacant position up from around two to five. In 2017, around 340 refugees benefited from work options offered by our Company, such as internships, training, “Internship PLUS direct entry,” or direct entry. We have helped these people enter the German labor market. 4

DATA PRIVACY AND DATA SECURITY

The process of digitalization comes with new kinds of threats, such as hacker attacks on the sensitive data of private individuals or companies. People will only actually use new ICT solutions if they trust the security of their personal data – and only then can these solutions show their true potential for more sustainable development. As an ICT company, the trust of our customers is extremely important to our business success. That is why the privacy and security of their data is so important to us. For detailed information, please refer to the section “Risk and opportunity management.” 16

In 2008 we set up a Board of Management department for Data Privacy, Legal Affairs and Compliance as well as the Group Privacy unit. The responsible Board member has been advised by the independent Data Privacy Advisory Council, which comprises renowned experts from politics, science, business, and independent organizations, since 2009. In addition, we were the first DAX company to have our data privacy-related compliance management system reviewed and certified according to the IDW PS 980 standard in September 2014. It describes the measures, processes, and audits we use to ensure compliance with laws, regulations, and voluntary commitments to data privacy in our Group.

Data privacy and data security are subject to our Group policies for data privacy (Binding Corporate Rules Privacy) and security. The former regulates how personal data is handled, and a supplementary document entitled Binding Interpretations sets forth concrete recommendations and best-practice examples for implementing the EU General Data Protection Regulation which takes effect in May 2018. The second Group policy includes significant security-related principles valid within the Group, which are based on international standard ISO 27001. These policies allow us to guarantee an adequately high and consistent level of security and data privacy throughout our entire Group.

We have been publishing an annual transparency report for Germany since 2014, which covers the types and amount of information we disclose to security agencies and allows us to fulfill our legal obligations as a telecommunications company. Our national companies have also been publishing similar transparency reports since 2016.

In order to ensure even better data privacy and data security within our Group, our corporate units are audited and certified regularly by internal and external professionals. This includes regular Group-wide internal security checks as well as audits of individual Group units as part of our Security Maturity Reporting. This helps us evaluate the maturity of the security status quo in our Group, based on a self-assessment.

We use two surveys – the Group Data Privacy Audit (GDPA) and Online Awareness Survey (OAS) – to measure our employees’ awareness of data privacy and security by means of annual random checks. We use the GDPA to survey 50,000 Deutsche Telekom employees on topics related to data privacy and data security. We use these results to calculate the Data Protection Award indicator, which quantifies the level of data protection in the units on a scale of 0 to 100 percent. It is based on what the employees said they thought, did, and knew about data protection. In 2017, the Data Protection Award indicator was 75 percent (excluding T-Mobile US, prior year: 70 percent). The Online Awareness Survey, which we have been conducting since 2005, surveys roughly 40,000 employees and provides key data on their awareness of security. Scientific advisers help us use its results to determine the Security Awareness Index (S.A.I.). In 2017, the index was 78.4 (excluding T-Mobile US, prior year: 78.2) of a maximum of 100 points, higher than in any other company. The S.A.I. for Deutsche Telekom in Germany is currently 79.8. We also have our processes and management systems as well as products and services certified by external, independent organizations such as TÜV, DEKRA, and auditing firms. TÜV North has once again confirmed in 2017 that Telekom Deutschland’s IT systems are secure.

Telecommunications companies are required to train their employees on issues related to data protection law when they begin their employment. Deutsche Telekom goes above and beyond these legal requirements: Every two years, we train all of our employees in Germany and commit them to data privacy and telecommunications secrecy. We have also implemented corresponding requirements in our international companies. In addition, we provide training in units where there is a higher risk that data may be misused – i.e., in the customer and HR units – in the form of online training designed for self-study, data privacy presentations, and classroom training on specialized topics such as data privacy in call centers. This helps to ensure that all employees have in-depth understanding of the relevant data privacy policies.

We launched the Telekom Security entity effective January 1, 2017 to focus on internal security issues and develop security solutions for consumers as well as business customers. This allows us to provide our customers with the perfect security solutions along the entire value chain, from product development and secure, high-performing networks through to high-security data centers, applications, and individual consulting. On top of this, we opened our new Cyber Defense and Security Operation Center in October 2017. It is one of the largest and most modern defense centers in Europe. Around 200 experts work there around the clock to monitor our and our customers’ systems.

We react to new threats and continuously develop innovative processes to defend the systems against attacks. Since 2016, for instance, we have been offering a drone shield for business customers with critical infrastructure like data centers, stadiums, or official agencies as a solution for protecting against the growing danger posed by private drones. We worked with the German air traffic control service to raise awareness of this problem at the 2017 Drone Detection Day in the Hesse city of Langen. We also invited partners and customers to the Telekom Security Conference in Munich for the second time in June 2017. The conference centered on understanding new trends and solutions relevant to security. Our consumers and business customers can find information on the topic of security on our new web portal launched in 2017 (https://security.telekom.com/).

We work with research institutes, industry partners, initiatives, standardization bodies, public institutions, and other online service providers worldwide with the goal of fighting cyber crime and increasing security on the Net. For instance, we collaborate with the German Federal Office for Information Security throughout Germany and with the European Union Agency for Network and Information Security at a European level. 17

Data privacy and security have always played an important role in the development of our products and services. We review the security of our systems at every step of development using the Privacy and Security Assessment process both for new systems and for existing systems when the technology or method of data processing is modified. We use a standardized procedure to document the data privacy and data security status of our products throughout their entire life cycle.

Youth protection aspects are also taken into consideration in our product and service design. When we develop services that could be relevant in terms of youth protection in Germany, we consult our Youth Protection Officer for suggestions of restrictions or changes. In 2014, we appointed a Child Safety Officer (CSO) in each of our national companies in Europe. The CSO acts as a central contact for members of the community, and plays a key internal role in coordinating issues relevant to youth protection. Since protecting minors is a challenge across many different industries, we cooperate with different youth protection organizations and participate in alliances such as the “CEO alliance to better protect minors online,” which tries to make the Internet a more secure place for children and young people. 17