Data Ethics Policy

1.1 Our Approach

We strive to be transparent about our ethical decisions and to uphold our principles on ethics when processing data. We encourage all employees and business partners to voice any possible concerns and make suggestions that can improve our data processes. We will ensure that we have the required resources and skills to uphold this policy.

We will not engage in development or use of technologies that undermine political elections, freedom rights, democratic institutions, or public governance. When developing and using technologies, such as Artificial Intelligence, that may result in an unintended bias, we will ensure a fair, reliable and explainable approach. We will contribute to the development of a society with healthy and harmonious dissemination of new technologies by improving literacy of users and by service designs, which are universally design compliant.

1.2 Overall Data Integrity

We will uphold data integrity in our data handling to ensure data are processed fairly and with proper legal basis and that data minimization principles are enforced.

1.3 Data Processing

We will take measures to ensure that the use of data is unbiased and without discrimination. We will also ensure through our Global Information Security Policy that all data not intended for public disclosure are protected accordingly.

1.4 Our Solutions

We will take legal and ethical aspects into account when developing new solutions that process data through a formalized process. We will ensure diversity when creating user-groups for solution development of systems to process data. This is always the case when we launch solutions that process data that could be used for the following purpose:

▪ Limit the right to freedom of expression and information or the rights to free elections;
▪ Violate data protection rights;
▪ The right to privacy and family life;
▪ Fair elections, good public administration, access to justice and a fair trial;
▪ Create an unfair or unfavorable situation for vulnerable groups or individuals;
▪ Other unethical use;

We will ensure that we can revoke user rights if needed, to the extent that such legal remedies are available.

When working with AI, we will have a human-centered society approach in which humans and AI coexist. We will strive to make sure that any use or development of AI solutions are fair, reliable, and explainable.

In support of our data ethics policy, we have identified the activities for the current financial period which will ensure going forward that the policy becomes an integral part of our work with data ethics issues. This is especially true in areas where there is a risk of conclusions based on data containing significant bias, or where there may be a lack of transparency in our data use when making major decisions.

Our data security and compliance is based primarily on our existing ISAE 3402 Type 2 and ISAE 3000 (GDPR) Type 2, independent audit reports. In addition, we are in the process of establishing an ISO 27001 certified program, where we have completed the so-called phase 1 in the current accounting period. We expect final certification no later than the end of the calendar year 2023.

To further ensure a lasting implementation of the policy on data ethics, an internal working group will be set up to ensure continuous and systematic assessment of areas at risk of bias in data, as well as ensure the necessary breadth in test groups where necessary. Until this working group is formed, our Global Ethics Committee will be consulted where necessary. The policy will also be supported by internal campaigns, systems and procedures.