Data Ethics Policy

Purpose

The Data Ethics Policy is about responsible and sustainable use of data, new technologies and complements e.g., the principles of transparency and data minimization in FOSS’ Global Personal Data Protection Policy as well as rules on integrity and confidentiality. The policy also supplements policies on handling of personal data, use of cookies etc.

FOSS is a responsible employer and a trusted partner to our customers and business partners. We do our utmost to ensure that data is used in a safe and responsible manner.

At FOSS we have taken a strategic approach to data ethics and have established an initial global policy regarding use of data and new technologies. FOSS will continue its proactive work with data ethics based on the four principles set out below.

Target Group

This policy applies globally to all employees in FOSS.

Data Ethics Principles

We operate by the following four principles with respect to data protection and data ethics in general:

Principle 1 – Lawfulness, fairness and transparency

These cookies enable the Websites to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.

Principle 2 – Data accuracy and quality

Data shall be accurate and kept up to date. Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Principle 3 – Integrity and confidentiality

Data and new technologies shall be processed and used in a manner that ensures appropriate security, privacy and ethics by design, including securing a high level of integrity and protection against unauthorized or unlawful use.

Principle 4 – Responsible use

Collection of data and use of new technologies shall take place in a responsible manner, ensuring that the data and technology in question does not deliver results that may be biased or discriminatory.

Use of Data and New Technologies

At FOSS data is an integrated part of our work and our product offering.

When we use data, we only use data when relevant, with a proper legal basis to do so, e.g. in accordance with agreement, applicable data privacy laws and regulations, court or authority decisions. Privacy Policy describes in detail how, when and why we use certain datatypes, including the use of consent for marketing purposes, where relevant. Our use of Cookies is described in our Terms of use.

In our use of new technologies, we strive to ensure that such technologies do not deliver results that may be biased or expose humans to discrimination or stigmatization.

Third Party Data Policy

When we use data from third parties, we expect that third parties are in lawful possession of this data, can legally give FOSS the right to use this data, and that they otherwise prioritize the efforts for data protection and demonstrate ethically correct handling of data. When using third parties, we always ensure a Data Processing Agreement (or similar) is in place, to enforce this issue.

In cases where we use third party data, we expect that the third-party data provider works with data ethical considerations, and if possible, has a data ethics policy in place. This expectation is reflected in our Supplier Code of Conduct.

Awareness About Data Ethics in FOSS

At FOSS we strive to ensure that our employees are well-informed about data ethics and that they handle data and new technologies in accordance with our Data Ethics Principles. This includes mandatory training in both GDPR, Business ethics and Information Security for employees. FOSS continuously support the understanding of the importance of data ethics across the organization.
We have an open and honest culture about errors and problems, so that we continuously improve our use of data and technology. In FOSS, it is possible to communicate anonymously via our whistleblower system.

Data Ownership and Governance

Data and technology ownership at FOSS is decentralized according to type of data and technology. The decentralized ownership is essential for effective governance, and it is the responsibility of Corporate Management to appoint data and technology owners.
The respective business areas are responsible for escalation of data ethical dilemmas to the Information Security Committee or the Data Privacy Function.

Revision 2.0 (1. July 2024)