Due to the increasing digitalization of our business operations, data protection forms another pillar – besides the prevention of violations of media law – of the management system (CMS), which additionally includes the sub-areas of anti- and antitrust law and is described in detail in the non-financial section Compliance (Fig. 058). The Group has also set out rules relating to product responsibility issues in its .
A large part of ProSiebenSat.1 Group’s business activities involves processing personal data of various different stakeholder groups. This especially applies in the context of growing digitalization in the media environment. These stakeholders particularly include customers, online users, viewers, applicants, employees, and business partners. For this reason, we see data protection as an important competitive factor with a lasting impact on trust in ProSiebenSat.1 Group’s products and brands and thus also on the economic success of the Group. In 2017, we identified two cases of information leakage as well as data theft or loss.
The overarching goal of the Group’s data protection is a consistent, adequate level of data protection within ProSiebenSat.1 Group in line with national and international provisions. This is to be ensured on the basis of a risk-oriented data protection management system (DPMS) and standardized processes, guidelines, and specifications, some of which apply throughout the Group. In 2017, ProSiebenSat.1 started on the first steps to achieve compliance with the General Data Protection Regulation (GDPR). In addition to legal provisions, the Company’s internal guidelines on handling personal data and its automated collection, processing, and use are also applied. ProSiebenSat.1 has set out its data protection principles and processes in the Global Data Protection Standard (GDPS), the Data Protection Policy, the Code of Conduct, and other data protection regulations. (Fig. 057)
057 / DATA PROTECTION PROCESSES
Performance of a risk analysis including a compliance check in the context of introducing/changing automated procedures for processing personal data in accordance with section 4f of the German Federal Data Protection Act (BDSG) in order to address data protection law requirements at an early stage.
Order data processing
Process for legally compliant preparation of agreements on order data processing and for the performance of the legally stipulated preliminary check in accordance with section 11 BDSG.
Information to public authorities
Process for legally compliant disclosure of personal data to public authorities.
Rights of persons affected
Legally compliant processing of requests from persons affected:
- Complaints management
- Information rights (section 34 BDSG)
- Right to correction (section 35 BDSG)
- Right to deletion (section 35 BDSG)
- Objection rights (section 35 BDSG)
Data breach notification
Process for legally compliant reporting of data breaches (= third parties unlawfully obtaining personal data) in accordance with section 42a BDSG and section 15a of the German Telemedia Act (TMG).
ProSiebenSat.1 Group has implemented processes and measures to protect personal data from misuse. No processing of personal data takes place unless compliance with the applicable laws has been ensured. We grant each individual the right to object to use of their personal data and to demand that their personal data be deleted or blocked. In addition, ProSiebenSat.1 passes on personal data to third parties, including within the Group, only if this complies with the legal provisions. We also take appropriate precautions to protect personal data from loss, destruction, unauthorized access, or unauthorized use, processing, or disclosure.
The media law provisions of the CMS particularly deal with journalistic independence, the principles of the separation of advertising and programming, the requirements for product placement and protection of young people, and the prevention of surreptitious advertising and broadcasting of legally prohibited advertising. Eleven cases of violation against our programming principles and journalistic due diligence as well as youth protection were identified in 2017.
- ProSiebenSat.1 Group is particularly committed to differentiating between editorial reporting and broadcasts for advertising purposes in its TV programs. The responsible TV editors and editorial management are responsible for ensuring that advertising and programming are clearly separated. At corresponding compliance events, they are trained on the bans in place and the legal consequences in the event of violations. The management of the TV stations must also ensure that suitable budgets are chosen for each program and that sufficient funds are available so that there is no need to accept financial contributions from third parties to the extent that this would constitute impermissible surreptitious advertising. In substantiated individual cases where the use of surreptitious advertising is suspected, an ad-hoc supervisory committee takes action. This committee is set up by the Executive Board of ProSiebenSat.1 Media SE and consists of one employee each from the Internal Audit and Legal Affairs departments and an external lawyer.
The Group is committed to following the provisions of the German Interstate Broadcasting Agreement and the Common Guidelines of the State Media Authorities for advertising, for ensuring separation of advertising and programming, and for sponsorship on television. In particular, each employee has to ensure that the prohibition of programming influence, the ban on surreptitious advertising, and the identification requirements are upheld. It is also necessary to prevent the content and location of a sponsored program from being influenced by the sponsor in a way that impairs the responsibility and editorial independence of the broadcaster. Support for productions from third parties must be indicated in accordance with the legal regulations; such notifications should generally be made at the end of the relevant program.
Primarily, the details are regulated by ProSiebenSat.1’s guidelines on the separation of advertising and programming, which also include specific explanations regarding bans on the placement of particular products and services. They provide the employees with mandatory regulations under their employment contracts. The guidelines for the German stations serve to maintain journalistic credibility and ensure that content is independent from third-party influences as the top programming principle. Furthermore national legal provisions are applied to the TV stations in Austria and Switzerland.
- To ensure journalistic independence and comply with fundamental media regulations, the Group formulated guidelines in 2005 which are binding for all of the Company’s program makers in Germany. The “Guidelines for Ensuring Journalistic Independence” specify the understanding of the journalistic principles set forth in the Press Code of the German Press Council. ProSiebenSat.1 Group is committed to a free and democratic order as set out in the constitution (Grundgesetz) of the Federal Republic of Germany. In accordance with internal guidelines, journalists and editors working for ProSiebenSat.1 must follow the International Federation of Journalists’ Principles on the Conduct of Journalists. According to these principles, they are essentially free with regard to creating their content and report independently of social, economic, or political interest groups.
As a media company, political independence is of the utmost importance to ProSiebenSat.1. Cash and non-cash donations to political parties are therefore forbidden unless the donation is approved by the Executive Board of ProSiebenSat.1 Media SE in advance. Generally, editorial content must not be influenced by private or commercial interests of third parties or by personal or economic interests of employees. At the same time, the journalists and editors are aware of their responsibility with regard to the dissemination of information and their contribution to shaping opinions. The responsible editorial staff, particularly the editors-in-chief, are responsible for complying with these guidelines and principles of conduct and implementing them in day-to-day business.
- Youth protection officers at ProSiebenSat.1 Group make sure that all TV and online content for which the Group is responsible is offered in an age-appropriate way. The goal is to make it difficult for children and young people to gain access to content that is unsuitable for their age group. The German Interstate Agreement on Youth Protection in the Media stipulates clear requirements for this. The Group’s youth protection officers are autonomous in their work and are responsible for ensuring that content that is unsuitable for children and young people is broadcast only at the legally stipulated times. In addition, they use technical means to protect young people from the dissemination of content on ProSiebenSat.1’s websites that could potentially harm their development. To this end, the youth protection officers are involved in the production and purchasing of programs at an early stage. They assess scripts in advance, support productions, and prepare expert reports. Within the Company they perform an advisory role, while externally they are available to viewers and users as contact persons for complaints, for example.
Independently from the work of the youth protection officers, TV and online editors receive regular training on youth protection regulations. In addition to training employees and providing internal guidelines, we also actively promote the protection of young people via various organizations: ProSiebenSat.1 is represented on the executive boards of FSF (Freiwillige Selbstkontrolle Fernsehen e. V.) and FSM (Freiwillige Selbstkontrolle Multimedia- Diensteanbieter e. V.). These two associations are institutions for voluntary self-regulation by private TV stations/telemedia providers and are recognized as independent supervisory bodies for television/the Internet by the Commission for Youth Protection in the Media (KJM). In addition, ProSiebenSat.1 is also on the executive board of JusProg e. V., an association of private media providers that develops technical solutions for youth protection and offers a youth protection program free of charge for all Internet users.