Digital data has enormous value and can bring huge benefits to individuals, societies and companies like Nestlé.
But if data is not handled sensitively, ethically and with care, it can lead to profound disruption and interference in people’s lives. In our increasingly digital world, companies of a scale like our own have a responsibility toward data protection (preventing unauthorized access to the data we hold) and data privacy (safeguarding and using it properly).
Our approach to data security is tied to our respect for the fundamental right to privacy, enshrined in the United Nations' Universal Declaration of Human Rights. Read more in our Data Protection and Privacy action plan (pdf, 840Kb). As one of our ten salient issues – the most serious human rights risks we face – the implementation of our action plan in this area is further embedding our approach to data protection and privacy throughout our organization.
Recognizing privacy as a fundamental human right
A proactive approach to privacy
All Nestlé Group companies comply with our mandatory Global Privacy Program. This comprises a set of internationally recognized privacy principles and is designed to evolve and adapt to an ever-changing regulatory background. It is overseen by more than 60 data protection champions worldwide who advocate for better data privacy and security. It is their job to ensure the program keeps pace with the fast-moving nature of technology and developments in data protection, artificial intelligence, data ethics and e-commerce.
Data privacy is embedded in our business principles
We value and protect the personal data of everyone who interacts with our company. We want to be transparent about the types of data we collect and the purposes for which we process it. Our priority is that you enjoy your interaction with Nestlé, and we encourage anyone who has concerns about data security or privacy to contact us. You can also learn more about our approach to privacy.
Our key strategy and activities
- The Nestlé Privacy Program and maturity self-assessment
- Privacy Impact Assessment as part of the privacy-by-design principle
- Compulsory Data Privacy iLearn module for relevant employees
- Vendor Privacy Risk Assessment as part of the due diligence
- Data Ethics as part of the Nestlé Responsible Sourcing Standard
- Regular internal and external audits
Data ethics at Nestlé
The Nestlé Data Ethics Framework sets out clear principles for how data should be used at Nestlé. The framework complements the Nestlé Corporate Business Principle of 'Business Integrity', which also includes privacy and ethical data management. Our data ethics principles are:
- Environmental and social well-being – we respect fundamental rights, namely privacy and human dignity beyond the data. We recognize that individuals own their own data, (to the extent permitted under local and international laws) and that our use of data should minimize negative impacts on individuals and society.
- Transparency – we are clear about what data is being used and for which purposes, and we have to be able to explain this.
- Diversity, non-discrimination and fairness – we need to understand the limitations of data and be aware of possibilities for bias and discrimination.
- Privacy and security – we need to foster trust in data practices, and do the right thing with data and not just what is legally permitted. We also need to try to ensure data is kept secure and resilient to attacks.
- Accountability – we need to be accountable for our actions and be able to stand by our actions.
- Technical robustness – we are committed to the protection of data, including quality, integrity and access.