Data handling
Data are fundamental to all digital processes. The opportunities offered by digitalisation cannot be used without data access and data processing. In a digital society, ethical handling of data and the consumer-friendly implementation of legal requirements are of key importance – for both taking advantage of opportunities and avoiding risks. To this end, we pursue in particular the following objectives identified by the CDR Initiative:
Working actively to counter bias in data analysis
For consumers, the use of algorithmic systems gives rise to a risk of unintended systemic bias whose effects cannot be predicted in advance and which therefore cannot reliably be avoided. We actively counter these risks in the design of technologies and processes of algorithmic systems.
Potential measures
- raising awareness among our employees (including at the management level) of the ethical risks of potential bias so that they can avoid or counter them as far as possible,
- analysing potential bias when using algorithmic systems, documenting the results internally in a transparent and easily accessible manner and assessing them for acceptability,
- ensuring that the algorithmic systems we use and the parameters they apply do not perpetuate an unfair status quo,
- designing the algorithmic systems we use in such a way that the people responsible for them retain control and are able to intervene if necessary.
Responsible, fair and transparent profiling
The rapid growth in available data, computing capacity and new classes of algorithmic systems, in particular in the area of machine learning, is creating new opportunities for profiling consumers. In individual cases, profiling can have relevant effects on consumers. We put responsibility, transparency and fairness at the centre of a human-centric approach.
Potential measures
- informing our customers when we use customer data for profiling,
- taking measures to prevent certain groups of people from being systematically excluded from our services or facing other negative consequences through the use of algorithmic systems without a legitimate, rational reason,
- not using any data or analyses that in the specific context would be counter to the expectations of typical customers, for example because they would permit conclusions about their sexual orientation or mental health.
Ensuring consumer sovereignty and autonomy
Digitalisation and rapid growth in the availability of data create many opportunities for consumers. By the same token, however, these opportunities are offset by the risk of information asymmetry in favour of the companies processing the data. We design processes and products in such a way that consumers can take sovereign, autonomous decisions in the relevant situations.
Potential measures
- giving our customers not only a complete set of contract terms and conditions, but also a summary of the essential information on data processing,
- additionally explaining in an easily intelligible way (using e.g. summaries, diagrams and pictograms) what data we collect, what our data protection policy looks like and for what purposes we use the data of our customers,
- seeking to provide our customers with technical solutions that the customers can use to see and influence how their data may be used,
- making it possible for our customers, where feasible, to demand, obtain and reuse personal data easily on request.
Promoting responsible design of technology in data handling
The implementation of ethical data handling requires advanced technical solutions, ranging from the general infrastructure through product design down to customer interfaces. We encourage the development of responsible technology design as far as possible.
Potential measures
- seeking to guarantee a state-of-the-art level of protection that is appropriate for the risks arising from processing and for the nature of the personal data to be protected,
- designing our data-based products in such a way that our customers do not have to disclose any personal aspects or aspects of their lives that are not relevant to the customer relationship.
Ensuring responsible data handling in the company
As a signatory to this declaration, we commit ourselves to our responsibility for ethical handling of data. In this context, we regard the due consideration of ethical issues as a company-wide cross-sectional task. We ensure that responsible data handling plays a central role in the company and in our processes.
Potential measures
- defining ethical standards and making them part of our internal codes of conduct,
- being extremely alert to problems arising from organisational silo structures and striving to overcome forms of "silo mentality",
- ensuring that personal data are only used by individuals with the requisite authorisation,
- conducting regular reviews of complex models that can have significant effects on our customers to ensure they are working correctly,
- supporting our employees according to their functional roles in detecting ethical and related technical challenges, e.g. by providing training,
- in cases where risks are identified, ensuring that they are communicated to qualified internal contacts and a solution can be found for them in this way.
Taking responsibility for data handling beyond our own company
The data economy, too, has increasingly complex value chains involving several companies, e.g. in digital ecosystems and platform models. In our sphere of influence, we also assume responsibility in the value chain as far as possible.
Potential measures
- buying data from third parties that meet our company's requirements for external service providers and provide reliable and transparent information about their data gathering and usage practices,
- in cases where we use data and/or models of other companies for our applications, obtaining the necessary information from these companies so that we can use them in an ethically justifiable way.
Systematically enhancing data and cyber security
As the extent of interconnectedness increases, both the number and the impact of cyber attacks have been rising. In the common interest of consumers, the economy and society, all involved parties have to take comprehensive and coordinated measures for data and cyber security. We systematically enhance our security systems, including any subsystems, by, among other things, taking data and cyber security into account in system and product development right from the start, systematically avoiding security gaps during roll-out and operation, and setting up powerful management systems.