Transparency Report on Human Rights Risks in Telenor Shared services

Telenor Shared Services (TSS) is a part of Telenor Group and this transparency report in accordance with the Transparency Act is a supplement to the report by Telenor ASA which can be found here.

At TSS, we recognize the importance of addressing human rights risks and promoting responsible business practices in our global operations. As part of our commitment to promotion of human rights – an integral part of our mission in ‘connecting societies to what matters most’, this report aims to provide insight into our human rights and due diligence assessments, key findings, and how we work to respect and promote human rights throughout our business relations.

General

TSS is a subsidiary within Telenor Group. We provide shared services to Telenor companies. We focus on providing services that can be standardized and shared like finance, procurement, HR and elements within IT. We provide value through efficiencies and effectives to services that all of Telenor companies use.

We are located in offices in Norway (HQ), Sweden, Denmark, Finland, Pakistan and Portugal, operating as a fully owned subsidiary of Telenor ASA.

As part of Telenor Group, Telenor Shared Services adheres to Telenor’s governing policies through governance programmes and have developed internal guidelines and routines to address and mitigate negative consequences for human rights and decent working conditions. This governance framework guides our decision-making processes and ensures responsible business conduct throughout our operations.

To facilitate reporting and whistleblowing processes aimed at helping us uncover negative consequences and mitigate harm, we utilize Telenor’s hotline channel available here. These whistleblowing mechanisms provide opportunities for employees and other stakeholders to voice their concerns, helping us identify risks and contribute to our continuous improvement efforts.

Identified risks and impacts

Through our due diligence and risk assessments, we have identified human rights risks. These risks include:

Privacy and data protection

As an international company, providing services and tools to internal Telenor companies that operates across Asia and Nordic, we recognize the importance of safeguarding the privacy and personal data of our customers. However, in certain jurisdictions, there are risks associated with country-specific surveillance practices and other potential privacy infringements impacting the right to private life. These risks may include unauthorized access to communications data, monitoring of online activities, and restrictions on access to certain websites or platforms. Further, in countries of conflict, Telenor Shared Services has observed reports of human rights abusive actions being taken against vulnerable groups based on unauthorized surveillance and unlawful access to data.

Artificial Intelligence (AI)

AI is also a focus area for TSS. We are looking into this technology with the purpose of enhancing our services and optimizing our deliverables. AI will have a positive impact on our performance, but we also recognize that implementing AI without a proper governance and understanding, there is a risk that AI might affect personal and privacy data. In addition, there is a risk of training the AI on data that will make the AI bias leading to discriminatory practices in areas like hiring.

Freedom of Expression and Access to Information

Operating in diverse markets means we encounter varying degrees of restrictions on freedom of expression and access to information. In some jurisdictions, there may be challenges related to censorship, content filtering, or limitations on the free flow of information. We strive to navigate these risks while upholding our commitment to promoting open and safe communications and access to information.

Supply Chain Risks

Telenor Shared Services recognizes the importance of ensuring that promotion of decent working conditions and upholding labour rights extends throughout our supply chain. As we engage with suppliers internationally, we observe risks in some jurisdictions – predominantly relating to privacy and data protection. Through our business partner screening and monitoring processes, we seek to address those risks on a case-by-case basis deploying our mitigation toolkit described below.

Customer/Partner Risks

Through our international services, we sometimes engage with customers and business partners in jurisdictions where international human rights standards are not recognized or adhered to. Moreover, we have found cases where customers or business partners have track records which gives rise to human rights concerns. While identified risks are always sought to be mitigated, our engagement towards these partners is always considered on a case-by case basis as the risks must be considered also against the opportunity and promotion of human rights that our services entail.

Mitigation measures

In response to the risks identified, we have implemented- and are continually working with a range of measures to prevent, stop, or limit their impact. These measures can be split into general mitigations aimed at preventing and reducing human rights risks as a whole, and tailored mitigations based on specific risk elements identified. The general measures include:

Robust whistle blowing channels

Robust whistle blowing channels, including ‘speak up’ codes of conduct that allow us to foster transparency and identify risks throughout our operations. We thrive to promote these values both internally and externally to our partners in all our engagements.

Stakeholder engagement

Stakeholder engagement, particularly towards our business partners, customers, industry organizations, market peers, regulatory bodies and other broader stakeholder institutions. These engagements enable us to understand and adapt human rights measures specific to our industry and the services we deliver.

Due diligence processes

Due diligence processes, enable us to identify, assess and act on human rights issues on case-by-case basis, allowing us to take specific action as needed depending on the identified risks, including looking more into depth of more salient risks.

Secure connectivity

Secure connectivity, especially in areas of conflict. Recognizing that the confidentiality of communications data may be at risk in certain jurisdictions – Telenor Shared Services believes that securing the information and data is a vital mitigation to the protection of freedom of expression and to safeguard TSS customers data.

In combination with these general mitigations, we have implemented and are continually working to prevent, stop or limit the specific risk elements that we face within the industry and markets we operate. These measures are described in the following:

Privacy and data protection

Implementation of robust encryption protocols to secure communications and protect customer and company data.
Regularly review and update security measures to adapt to evolving threats, including adaption of industry best-practices.
Comply with relevant data protection laws and regulations, both at the international level (e.g., GDPR) and in specific countries to which we may be subject.
Establish partnerships with trusted service providers that prioritize data security and privacy.
Maintaining robust fraud prevention systems, securing quality of service, security and digital trust.
Implemented a governance framework, based upon EU AI act, to make sure that we have a responsible implementation and use of AI in TSS.
Challenge legal intercept requests. More information on how Telenor works towards authority requests can be found here.

Freedom of expression and access to information

Implementation of clear policies that promote freedom of expression, respect for users’ rights to access information.

Supply Chain Risks

Maintain close relationships with our suppliers and partners to ensure that supply chain risks are addressed.
Contractually require our suppliers to enter into Telenor’s supplier conduct principles to ensure our suppliers are committed to uphold international human rights and decent working conditions.
Monitoring of all suppliers to enable swift response to emerging risks.
Strong privacy and security supplier management measures, including audits, to ensure that the right to private life guarantees is sufficiently managed and maintained throughout our supply chain, including the suppliers’ sub-processors.

We believe that a key part of our societal responsibility is inherent linked to our mission, connecting societies to what matters most.

Fornebu, 02.07.2024

Signed electronically by the board of Telenor Shared Services

Jon Omund Revhaug- Chair of the Board

Janne Aalto – Member of the Board

Bente Kristine Mannseth – Member of the Board

Alexander Bøe – Member of the Board

Hans Jørgen Krogstie – Member of the Board

Stein K. Ingvaldsen – Member of the Board

Morten Dean Dunham – General Manager

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.