privacy and integrity
Tele2 is firmly committed to cyber security and digital resilience and to safeguarding our customers' and employees' privacy and integrity. Our commitment to privacy and security has been recognized by both consumers, businesses and authorities using our services.
Privacy and integrity
Protecting personal data and the fundamental right to privacy is a top priority for the Tele2 Group. We demonstrate our commitment by using personal data along the following principles: lawfully, fairly and transparently; collecting only necessary data for legitimate purposes; retaining data only as long as needed; and protecting confidentiality and integrity with appropriate security measures
Tele2 is dedicated to managing personal data securely and in compliance with data protection laws, at all levels of the organization. Our Data Protection Officers (DPOs) in all local operations support the organization in data protection matters, monitor operations, and ensure compliance.
Tele2 is committed to safeguarding customers' privacy, integrity, and freedom of expression, guided by international human rights principles and Tele2's Code of Conduct. Our privacy policy outlines how we handle privacy, supported by standards and guidelines for personal data management. This robust process mitigates risks and allows us to offer relevant services. Tele2 will continue to update its privacy and data protection policies, systems, and governance, implementing requirements from regulations like the GDPR.
Connecting human rights defenders
Tele2 strongly believes in freedom of speech. We are therefore proud to partner with Civil Rights Defenders and provide their important Natalia Project with our global IoT connectivity.
Read more about the Natalia Project and our partnership.
Safeguarding an open internet: Net neutrality
Net neutrality is a core part of the EU Regulation 2015/2120, known as the Telecoms Single Market Regulation. To ensure an open internet, the regulation contains both rights and obligations:
- The end user’s right to an open Internet, which cannot be limited through agreements or commercial offers.
- An obligation for suppliers of internet connectivity services to handle all traffic over the internet equally, however reasonable traffic guiding actions can under certain circumstances be allowed.
- Suppliers of internet connectivity services are able to apply traffic guiding actions outside of what could be considered reasonable, only if it is necessary to: a) Fulfil legal requirements, rulings or certain regulatory decisions, b) Maintain security and integrity in the network, the services that are forwarded and the end users’ terminal equipment, c) Prevent an imminent overload of the network or to ease the effects of exceptional or temporary overload of the network, under the condition that traffic from similar categories are treated similarly.
- The right of internet and content providers to provide other services than internet access services with optimized quality, under the condition that sufficient capacity is available in the networks.
- Transparency demands for online services.
We fully comply with net neutrality regulations, and the guidelines on interpretation and application of the regulation provided by “ BEREC Guidelines on the Implementation of the Open Internet Regulation”, BoR (22) 81.
Privacy and integrity are not only about how we use data
Governments may request access to our customers’ communications or data, for example to prevent terrorist attacks. We carefully consider such rules, prioritizing our customers' fundamental rights to privacy, integrity, and freedom of expression. We will fight for these rights if necessary.
For instance, the landmark European Court of Justice ruling on data retention, known as the Tele2 case, we were ordered to retain and provide access to detailed communication data of all our customers. We argued successfully that this was a disproportionate infringement on privacy. The law was overturned, marking a significant victory for our customers' privacy.
In October 2019, Sweden implemented a new data retention law, aligning it with the Tele2 judgement by limiting storage times, reducing the scope, requiring data storage within the EU, and necessitating a prosecutor's approval before accessing data.
Tele2 typically cooperates with authorities to combat crime and terrorism but insists on a legal basis and justified, proportionate requests. We will continue to defend our interests and those of our customers against disproportionate laws and requests incompatible with fundamental human rights.
Tele2 Privacy Policy
Tele2 customers can get more detailed information from their Tele2 operator on, for example, the local applicable privacy policy. For more information on privacy and data protection, feel free to read the Tele2 Sweden Privacy Policy.
Security
Tele2 is deeply committed to cyber security and digital resilience, recognizing the ongoing global trends of increasing tension and polarization. These trends continue to pose significant threats to societies and economies through cyberattacks, disinformation campaigns, and the weaponization of digital dependencies. To counter these threats, we adopt a systematic and collaborative approach to enhance our digital resilience.
Ultimate responsibility for Tele2’s security governance lies with the Board of Directors, with authority delegated to the Group Leadership Team (GLT). The Board of Directors has substantial expertise in security topics, exemplified by Sam Kini, who has served as Chief Data and Information Officer and has accumulated over two decades of experience in IT executive roles at prominent companies. The GLT, supported by the Director Group Security, oversees the implementation of security measures, manages the Security Management System (SMS) and sets the overall security strategy in line with Tele2's broader objectives. Quarterly update reports regarding security and security related topics are shared with the chairman of the Audit Committee.
Our strategy involves cooperation across our security functions, sharing threat intelligence with partners, and engaging with both private and public sectors. This collaboration helps improve the security maturity and capabilities within the markets we operate. Our commitment to security is unwavering, with a clear ambition to ensure that security underpins everything we do, protecting society and individuals in their digital lives.
We employ a holistic, risk-based approach to deliver comprehensive security, systematically enhancing security across our people, processes, technology, and partnerships. Our efforts span all company divisions and functions, fostering collaboration and continuous learning to tackle security challenges effectively. We continuously develop and refine our security governance in line with standards such as ISO/IEC 27001:2022 and the Payment Card Industry Security Standard (PCI-DSS). We also obtained ISO 27001 certification, which covers all Tele2 data centers in Sweden and several
To ensure ongoing compliance and improvement, we conduct annual external audits. These audits verify that robust security measures are in place and drive continuous enhancement across our security domain.