STATEMENT
INTRODUCTION
The FOSS Data Ethics Policy has been prepared as an overall framework and it applies to the FOSS Group.
The Data Ethics Policy is about responsible and sustainable use of data and new technologies and complements e.g., the principles of transparency and data minimization in FOSS’ Global Data Protection Policy as well as rules on integrity and confidentiality.
The policy also supplements policies on handling of personal data, use of cookies etc. FOSS is a responsible employer and a trusted partner to our customers and business partners. We do our utmost to ensure that data is used in a safe and responsible manner.
At FOSS we have taken a strategic approach to data ethics and have established an initial global policy regarding use of data and new technologies. FOSS will continue its proactive work with data ethics based on the four principles set out below.
DATA ETHICS PRINCIPLES
We operate by the following four principles with respect to data protection and data ethics in general:
Principle 1 – Lawfulness, fairness and transparency
Data and technology shall be used in a lawful, fair and transparent manner ensuring fair and non-discriminatory efforts to eliminate harmful biases.
Principle 2 – Data accuracy and quality
Data shall be accurate and kept up to date. Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
Principle 3 – Integrity and confidentiality
Data and new technologies shall be processed and used in a manner that ensures appropriate security, privacy and ethics by design, including securing a high level of integrity and protection against unauthorized or unlawful use.
Principle 4 – Responsible use
Collection of data and use of new technologies shall take place in a responsible manner, ensuring that the data and technology in question does not deliver results that may be biased or discriminatory.
DATA ETHICS POLICY
USE OF DATA AND NEW TECHNOLOGIES
At FOSS data is an integrated part of our work and our product offering. When we use data, we only use data when relevant, with a proper legal basis to do so, e.g. in accordance with agreement, applicable data privacy laws and regulations, court or authority decisions. Our Data Privacy Policy describes in details how, when and why we use certain datatypes, including the use of consent for marketing purposes, where relevant. Our use of Cookies is described in our Terms of use. In our use of new technologies, we strive to ensure that such technologies do not deliver results that may be biased or expose humans to discrimination or stigmatization.
THIRD PARTY DATA POLICY
When we use data from third parties, we expect that third parties are in lawful possession of this data, can legally give FOSS the right to use this data, and that they otherwise prioritize the efforts for data protection and demonstrate ethically correct handling of data. When using third parties, we always ensure a Data Processing Agreement (or similar) is in place, to enforce this issue.
In cases where we use third party data, we expect that the third-party data provider works with data ethical considerations, and if possible, has a data ethics policy in place. This expectation is reflected in our Supplier Code of Conduct.
AWARENESS ABOUT DATA ETHICS IN FOSS
At FOSS we strive to ensure that our employees are well-informed about data ethic and that they handle data and new technologies in accordance with our Data Ethics Principles. This includes mandatory training in both GDPR, Business ethics and Information Security for employees. FOSS continuously support the understanding of the importance of data ethics across the organization.
We have an open and honest culture about errors and problems, so that we continuously improve our use of data and technology. In FOSS, it is possible to communicate anonymously via our whistleblower system.
DATA OWNERSHIP AND GOVERNANCE
Data and technology ownership at FOSS is decentralized according to type of data and technology. The decentralized ownership is essential for effective governance and it is the responsibility of Corporate Management to appoint data and technology owners.
The respective business areas are responsible for escalation of data ethical dilemmas to the Information Security Committee or the Data Privacy Function.
FOSS Corporate Management is the owner of the Data Ethics Policy. Corporate Management together with the Board of Directors will ongoingly evaluate the need for updating the policy.
rev.1.0
Approved 24-03-2022 by the FOSS Board of Directors