4 Corporate Social Responsibility – Non-financial Performance - Page 190 | Publicis Groupe

for Data activities:
- the Epsilon database, which includes 260 million American profiles (TSP – Total Source Plus), from more than 40 different sources, is refreshed every six weeks, to ensure the success of targeted actions or the activation of certain consumer Groupes. This mechanism is part of Epsilon’s responsible marketing practices in order to take into account client expectations and protect consumers. This approach makes it possible to precisely identify the target audiences and eliminate the risk of duplication and is a guarantee of quality and efficiency,
- Truthset: Epsilon regularly calls on this external and independent data certification Company to have the quality and validity of the data used in its databases assessed by an independent third party. This provides additional security for clients; Epsilon’s data protection policies are publicly available – see https://legal.Epsilon.com/global-privacy-policies;
for business lines related to DBT (Digital Business Transformation), the approach is twofold around Digital for Good and Good Digital:
- Digital for Good: the challenge is to systematically reduce anything that could limit access to products and services for some. Efficiency and broadest possible accessibility are imperative. Publicis Sapient has worked on online systems to facilitate access to Covid-19 vaccines for as many people as possible. In another program, by simplifying an application in partnership with a renewable energy Company, 1 million users were informed and then committed to a solar energy program enabling them to drastically reduce their housing costs. The Inclusion by Design principle remains central, in addition to the dual principle of transparency and accountability, particularly for projects based on deep learning or on artificial intelligence,
- Good Digital consists of finding, for each project, solutions to reduce the impacts of digital to move towards Net Zero, through a series of Green IT audits and the implementation of eco-design in all digital projects,
- the Center of Expertise in Accessibility created a few years ago has made it possible to train thousands of employees, and to create a kind of library open to all engineers in order to facilitate their specific tasks to write accessible code and constantly improve it. (see Section 4.2.2.2);
Many agencies must respond to specific compliance issues such as Healthcare agencies. Communication in this sector is regulated in many countries. This requires that our teams are trained in the local regulatory framework and sometimes led by clients who are subject to specific regulations involving a more demanding communication framework. The agency must ensure high compliance with different levels of joint validation between the operational and legal teams.

4.2.2.2 Ethics within the agencies

1) Confidentiality

Respect for the confidentiality of client data and projects is a fundamental value. It is required from 100% of employees, in addition to the obligations undertaken by employees in their employment contract with the Groupe. Teams may have access to sensitive information; they are always frequently asked to sign specific confidentiality agreements (NDA – non-disclosure agreement). Intellectual property, whatever the type of creation or output, is also protected. Experts in trademark law or copyright or database law (data base), within the legal teams, must be consulted well upstream of projects. Data protection and security specialists must also be involved in all projects to ensure that these issues are addressed strictly.

2) Intellectual property

As a creative Company, Publicis Groupe has always been committed to respecting and protecting intellectual property, an increasingly complex topic to manage in a digital and ultra-connected world. It is in this spirit that the PMX Digital team has set up an exclusive contract with WIPO (World Intellectual Property Organization) to identify and exclude sites that violate intellectual property.

3) Lobbying practices

Some assignments may involve lobbying and strategies to influence decision-makers on behalf of clients. Lobbying teams must comply with transparency criteria in relation to their clients, in such a way that their work, the objectives targeted, and the actions carried out are done so with integrity, in accordance with best practices in this area and in keeping with the laws and the Groupe’s internal procedures. The lobbying teams operate in compliance with the laws and the Groupe’s rules, particularly concerning combating conflicts of interest and anti-corruption. In accordance with legal obligations and best practices, the teams involved are identified, both in terms of the Transparency Register of the European Parliament and the European Commission, or on a country-wide basis, listed in the digital repertoire of representatives of interests managed by the High Authority for the Transparency of Public Life in France (HATVP), and in the United States where the rules of the Lobbying Disclosure Act apply, or where this relates to the FARA (Foreign Agent Registration Act), with registration in compliance with the subjects and organizations concerned.

Publicis Groupe did not lobby on its own behalf in 2022. Publicis has the intangible and historical principle of refusing to work for partisan campaigns (political parties, cults or ideological organizations). The Company does not financially or otherwise support such organizations.

4) Artificial intelligence

The use of artificial intelligence, or algorithms based on deep learning (also called machine learning), is already integrated into the Groupe’s business lines, with interesting and successful advances in Media activities, in data with Epsilon and in digital transformation with Publicis Sapient. This makes it possible to meet very large-scale customization needs.

Over the last few years, the Groupe’s Responsible Marketing policy has defined five key principles to be respected:

Equity and inclusion: by applying the “Inclusion by design” principle to combat unconscious bias and ensure a diversity of viewpoints in the team so as not to offend anyone;
Reliability and security: critical review is part of the process of designing an IT program to ensure clarity and completeness for each user;
Privacy protection and data security: the “Privacy by design” principle is applied to these projects as described in the Publicis Groupe data protection policy;
Transparency and accountability: it is imperative to monitor performance to identify irregularities and continue to learn from all experiences;
“Tests and trials”: tests are the crucial steps to ensure that the project complies with regulations and industry best practices, and to validate the effectiveness of the proposed campaign or technological solution.

5) Commitment to professional organizations

The Groupe is active in professional organizations in all countries and its commitment is always publicly identifiable on the sites of these organizations: for example, the IAB (Interactive Advertising Bureau) and its representations in several countries, as well as in the United States, with the 4As (American Association for Advertising Agencies), AAF (American Advertising Federation); in France within the AACC (Association of Communication Consulting Agencies) or UDECAM (Union of Consulting and Media Purchasing Companies). Excluding the United States, an example is the United Kingdom, where the Groupe’s participation in the sectoral initiative Actions not words in the fight against racism and inequalities, and is a founding member of Ad Net Zero in favor of reducing carbon emissions. In France, we should also mention the Groupe’s active participation in the General Communications Meetings and the following projects promoting the ecological and social transition. This work has made it possible to put in place tools and indicators to drive the sector forward.

6) Vulnerable populations

With regard to vulnerable audiences: the Groupe defends and promotes the rules set out in the guide Marketing & Advertising to Children of the lCC (International Chamber of Commerce) on the specific responsibilities that brands and agencies must have with regard to children and adolescents, whether in terms of product categories to be promoted or communication techniques used. This code provides a framework for communication intended for children (under 12 years old) and adolescents (between 13 and 18 years old).

7) Digital accessibility

Digital accessibility or e-accessibility: for the past ten years, teams of digital accessibility experts have been involved in numerous projects, notably within Razorfish and Publicis Sapient. An Accessibility Center of Excellence was structured in 2022 around the dedicated team, with experts in many cities. Digital platforms designed for clients must meet the universal criteria issued by the W3C (World Wide Web Consortium) in order to allow equal access to content, including for people with disabilities (visually impaired, blind, deaf, hearing-impaired, other types of physical difficulties, etc.) or with access difficulties. The key issue is the upstream training of the teams that conceive, design and develop these projects, in order to simplify the indexing of pages, to facilitate the reading of all the elements (video, images, texts, links, navigation, etc.). Lastly, to facilitate technical maintenance or content changes. In addition to compliance issues, these best practices also make the user experience simpler and more enjoyable. These expert teams may also be called upon for certification issues, as several employees are themselves duly qualified to do so.

In France, creative agencies such as Publicis Conseil, Leo Burnett and Saatchi & Saatchi have chosen to systematically subtitle films or videos for all media with Prodigious. This approach is an extension of the French Advertising initiative – AACC – to promote the universal subtitling of advertising films, www.soustitronsnospublicites.aacc.fr. This voluntary approach is applied by other teams around the world, particularly in Europe.

4.2.2.3 The proprietary tool: A.L.I.C.E. (Advertising Limiting Impacts & Carbon Emissions)

To determine the carbon emissions of goods and services, the first and simplest option is to apply emission factors to the total amount of purchases made, these emissions factors being public and international, and by category of products and services. The second option is to measure the impact of the components of a product or service as closely as possible. This has been Publicis Groupe’s commitment since 2017 with the creation of A.L.I.C.E. Since the end of 2019, the agencies have been using this ad hoc calculation tool, developed and monitored by Bureau Veritas on the calculation methodologies aligned with the GHG Protocol, and for updating the emission factors (emission factors issued by the IEA – International Energy Agency; DEFRA – Department for Environment, Food and Rural Affairs; ADEME – French Ecological Transition Agency). A.L.I.C.E. is a tool for the Company’s Climate objectives (see also Section 4.3) for clients, in order to more precisely assess our ability to reduce the impacts of our products and services. A.L.I.C.E. covers all major Groupe business lines: Creation, Production, Media, Events, Data, DBT (Digital Business Transformation) and makes it possible to respond to a request from clients on the calculation of the carbon impact of their marketing and communication activities. A.L.I.C.E. makes it possible to analyze the impacts on a project-by-project basis, identify reduction levers and increase the positive impacts through new, more frugal solutions, tested by the agency and offered to clients.

A.L.I.C.E. has already made it possible to reduce the impacts of the campaigns and projects that have been assessed, thanks to the upstream reflection that is undertaken well before measuring the impacts of a project. The simple measurement also makes it possible to identify levers that are easy to operate and which reduce impacts by 20-25%. In 2022, Prodigious in France carried out more than 700 assessments of different productions shared with clients. This exercise allowed the agency to have an impact framework enabling it to better anticipate certain aspects of production. For example, in terms of the size of visuals and/or video formats, reducing them can generate more than 50% savings on electricity consumption. The agency has defined new production standards to maintain visual quality and minimize these energy consumption impacts. These standards are then shared with the Media teams in a collaborative manner, then with partners and supports. A.L.I.C.E. is used with more than 180 clients.

A.L.I.C.E. has an educational role to play with employees, allowing them to materialize the concrete environmental impact in order to imagine less impactful solutions very early on. The objective is to sharpen everyone’s reflexes to reduce all environmental impacts. 700 key users from 75 agencies in 20 countries make regular estimates. They were carried out on behalf of 180 clients/brands. The clients for which the teams use A.L.I.C.E consider that the calculation method used is robust and that the cross-functional approach to the Groupe’s various business lines provides unparalleled homogeneity of calculation. A.L.I.C.E. is an open system, making it possible to interface with other internal tools such as Razoscan, built with the support of Green IT and Epsilon’s Digilab. And with respect to external partners, in 2022 A.L.I.C.E. hosted two APIs with experts in the measurement of media-related impacts: Impact+ & Scope3. These two interfaces make it possible to refine the calculations of digital impacts, particularly those related to programmatic. Other partnerships are underway.

A.L.I.C.E.’s governance is the responsibility of the Groupe’s CSR Department with a cross-functional project Groupe of around twenty employees from different business lines and countries, actively participating in A.L.I.C.E.’s improvements and developments. Bureau Veritas acts as a trusted third party and ensures compliance with the methodological framework. In 2022, a critical scientific review was conducted by an external third party, Resilio Solutions, based in Lausanne, in order to refine the measurement of digital impacts, particularly for calculations related to servers and data centers. A presentation methodological document is publicly available on the Groupe’s website in the CSR section of the Responsible Marketing section.

4.2.2.4 Active participation in initiatives of the industry

At the international or national level and covering all Company businesses:

for more than 80 years, the communications sector hasbeen governed internationally by the Marketing Code of the ICC (International Chamber of Commerce – www. iccwbo.org). This code is the benchmark in self-regulation and best practices for advertising and marketing (Advertising and Marketing Communication Practice – ICC Code). The founding principles are that all communication must be legal, decent, honest, truthful and socially responsible. This code is neutral in terms of technology and media; no player can derogate from it. It obviously includes digital communication and mobile applications, the Internet of Things. This code also incorporates issues related to data collection and protection and the right to privacy and takes into account the different needs of different types of audiences, including vulnerable people. Advertising claims related to climate change and environmental issues have been clarified, in order to clarify the proliferation of arguments and allow consumers to better navigate. The ICC Framework for Responsible Environmental Marketing Communication reports on this collective work on recommended standards. The objective of this guide designed for industry-professionals is to ban all forms of greenwashing. It includes an Environmental checklist intended to facilitate the teams’ work, to have clear arguments;
Ad Net Zero: Publicis UK is one of the founding entities of the sector initiative led by the British agency inter-professional body. After making the calculator AdGreen available, the interprofessional organization and the Communication holding companies have decided to work together on a set of methodologies for calculating the carbon footprint and environmental footprint of the business lines, products and services. The challenge is to define a common framework ensuring that everyone uses the same measurement methods. In 2022, Ad Net Zero set up in the United States with the aim of defining a common methodology for the impact of broadcasting and the media;
Groupe agencies play an active role in national and international ad hoc professional organizations. Worthy of note is the work carried out with the IAB (Interactive Advertising Bureau) and the MRC (Media Rating Council) on the visibility of digital advertising, and how this can be quantified (viewability). Publicis Media was the first agency to be Gold Standard certified in the last four years. This work is done in close cooperation with other professional organizations such as the 4As (American Association for Advertising Agencies), particularly the 4As Privacy Committee, the ASRC (Advertising Self-Regulatory Council) in the United States, as well as the EASA (European Advertising Standards Alliance);
the Groupe took part in the launch of the GARM (GlobalAlliance for Responsible Media) in Cannes in 2019, at the behest of clients belonging to the World Federation of Advertisers (WFA). Since 2020, Publicis Groupe is one of the founding members of PRAM (Partnership for Reasonable Addressable Media) with consumer protection as a priority: it is a consortium positioned on inclusion by developing principles and standards to properly address the various consumer Groupes. These projects require the Groupe’s commitment, in the same way as the work done collectively for many years on Online Behavioral Advertising and Native Advertising, both in the United States and in Europe;
the Trustworthy Accountability Groupe (TAG) is the first cross-industry initiative of its kind dedicated to the fight against criminality in the digital advertising supply chain. Its work focuses on four areas: eradicating illicit traffic, combating malware, fighting against online piracy and promoting transparency (TAG Anti-Piracy Pledge). The goal is to apply brand safety; that is to say to ensure against brands appearing on inappropriate sites or environments. The TAG Registry was the second part of the “Verified by TAG” program, whose two-fold aim is to combat fraud and crime related to the online advertising sector, and to promote best practice. Publicis Groupe is one of the companies integrated in the TAG Registry. Publicis Media was the first Groupe to be awarded “TAG Platinum” status in 2019 and maintained its compliance since in the following areas: TAG Certified Against Fraud, TAG Certified Against Piracy, TAG Certified Against Malware are fully compliant with the TAG Brand Safety Guidelines;
Digital Ad Trust: this French initiative, launched in 2017, has been fully operational for two years now and brings together all ecosystem players, including the Media agencies. The goal of this approach coordinated by IAB France (International Advertising Bureau) is to assess and promote responsible sites based on the quality of their content and the advertising practices used (cookie and browsing preference policies). This work resulted in a label qualifying the sites with the best practices in terms of editorial context, visibility of advertising campaigns, the fight against fraud, priority access to content and respect for personal data;
Publicis Groupe has for several years been a member of the Coalition for Better Ads, which brings together all key players in the ecosystem (companies and trade organizations) around the common goal of improving online advertising standards. While it is clear that this finances many digital activities, it also has to better meet the expectations of consumers. One of the areas of work concerns the non-intrusive nature of advertising and the technical standards to be respected, notably regarding data protection.

4.2.2.5 Responsible marketing in action in agencies and with clients

Publicis France

Within the France Executive Committee, a country-wide CSR Department was created in 2019. A community of 50 CSR ambassadors was set up, meeting twice every month to share, learn and disseminate common actions within the agencies. Since 2020, Publicis France has been the leading network in the country in terms of number of CSR agencies labeled Active Agencies of the AACC in partnership with Afnor Certification with 11 agencies (out of 12 eligible), including nine at the highest level. Publicis France is also the leading communication Groupe in France in terms of employees trained and certified in digital eco-design by the Green IT collective. Eight entities are now members of the French Business Climate Pledge. These efforts should also be compared with actions to promote diversity (see Section 4.1.1.1).

In 2022, Publicis France continued to make CSR transformation a major strategic challenge, both internally and with its clients, in particular with its responsible communication program No Impact for Big Impact (NIBI), including the Positive Media Project think tank, the Positive by Publicis content platform, the Positive for You internal conferences or the inspiring Positive Talks.

Publicis France launched its internal business transformation program, We Are Positivers (WAP), at the end of 2021. More than 2,200 employees had been trained by the end of 2022. NIBI is now available to all Groupe employees in French and English on Marcel Classes. WAP in 2022 won a Strategic Engagement Communication Award and Good Economy Award. Responsible Communication training was also rolled out to five of our clients (700 people trained). 2022 also marked the start of the international roll-out of NIBI in the Groupe, with the provision of training and tools to all.

Concerning the NIBI approach, more than ten major clients have already embarked on the process of operational transformation of their communication, and 30 others have been made aware. With A.L.I.C.E, more than 1,000 carbon assessments were carried out for production activities and 400 for media plans. Publics France continued to work on inclusion issues with its partners Singularist and Pic&Pick to be fairer in advertising representations, as well as with partners acting in the “behind the camera” business lines with “Séquences Clés” and “Collectif 50/50”. Since the end of 2022, to accelerate the internal transformation of agencies in France, Top managers now have a CSR objective and a DEI objective in their assessment. The eco/socio-designed campaign carried out for SNCF illustrates how to reconcile creativity and responsibility. It won the Good Economy Grand Prix and was the subject of numerous reports and interviews in the press. As for the NIBI program, it won two Ekopo awards, rewarding positive economy projects.

Lastly, Publicis France continued to actively participate in the collective actions of the sector with the AACC, Udecam, CPP, UDM and also by participating in the discussions initiated by the French government. For example, Publicis has played an active role in raising awareness of the Climate & Resilience Act’s Climate Contracts by leading by example and writing its own, but also by encouraging its clients and other agencies to publish their Climate Contracts, via client webinars and at AACC. Publicis Conseil has published its 3rd CSR report and worked with its Expert Stakeholder Committee (including four clients, one representative of the ARPP, two representatives of NGOs, one representative of an Inclusion & Diversity association, one representative of Responsible Digital Services, two representatives of Media and one representative of a student association) which meets twice a year.

Publicis Health in the United States

The CSR and DEI program (Diversity, Equity, Inclusion) of Publicis Health is built holistically and aligned with the United Nations Sustainable Development Goals. The agency has adopted strong positions to defend the right of access to health for all, particularly for women, by encouraging each employee to take care of themselves and their loved ones.

In terms of priority, the agency focuses on the specific issues of women, in order to pay particular attention to under-represented Groupes, and to have teams that more closely reflect the patients, consumers and communities with whom the agency interacts regularly. The ultimate goal is that everyone can take full advantage of all professional opportunities.

Recurring partnerships have been set up with the National Alliance on Mental Illness (NAMI), the Skin Care Foundation (SCF) or with Multiple Sclerosis Association of America (MSAA). On each occasion, the agency’s commitment covers a wide range of activities: responsible marketing, pro bono information campaigns for the general public, volunteering, fundraising – and involves key stakeholders: employees, clients, NGOs. For NAMI, in 2022 the agency orchestrated the 3^rd Annual Talent Show Fundraiser in New York to raise funds to support several mental health assistance programs in the city. In 2022, the well-being at work program, promoting physical and mental health, welcomed various experts from these organizations to share their experiences with employees.

In 2022, the internal intern support program welcomed 65 young people. They were involved in the preparation of the HPV vaccination campaign for adults.

In terms of recruitment, the MAIP (Multicultural Advertising Intern Program) partnership in conjunction with the MCTP Group program, and various associations and NGOs, made it possible to welcome more diversified profiles and to help young people from less privileged backgrounds to access our jobs, as interns and then to be recruited. Publicis Health’s affinity Groupes (BRGs) were active and participation in conferences such as ADCOLOR, Black Enterprise Women of Power, Out & Equal, 4As Vanguard or 3AF Asians in Advertising were continued and are beneficial opportunities for the employees concerned to contribute to the inclusive internal culture.

Publicis Health is a recognized agency in the medical and paramedical ecosystem, in permanent contact with doctors and medical experts or health practitioners; the role of Chief Patient Officer is key and has been praised by Reuters (Patient Advocate of the Year). As the health sector is highly regulated, teams work with compliance officers on a daily basis.

Publicis UK

In 2022, Publicis UK, through its internal Green Council, continued its work on measuring the environmental impacts of all agencies and their activities, in order to accelerate the ongoing transformation. Publicis UK is a founding member of Ad Net Zero, the sectoral platform set up at the initiative of the communication industry and whose objective is to reach Net Zero by 2030. Publicis UK is also a founding member of AdGreen, the carbon calculator adapted from the one already in place for the film industry (Albert) for ten years. In this context, the priorities were organized around the reduction of carbon emissions in the Company but especially in our production, media and events activities. An essential part of the work is the evolution of messages to encourage consumers to act differently.
A person responsible for these Sustainability Projects was designated with the key objective of reducing Publicis UK’s carbon emissions, in line with the Groupe’s SBTi objectives. It relies on external partnerships and a committed approach to suppliers.
Écologique, the BRG (Business/Employee Resource Group)dedicated to the environmental impacts of our activities makes it possible to bring together internal goodwill to act and accelerate, around two areas. The first is to share knowledge and build a motivated community to change employee behavior and reduce impacts. The second is to have a holistic approach to engage clients and communities.
Cross-functional work continues on the preparation of briefs respecting the “Route to Zero” framework, in order to integrate the need to make and have a discourse promoting low-carbon solutions from the first ideas and creative intentions.
In 2022, Publicis UK management implemented various actions to meet the challenges of the social and environmental crisis: a free breakfast for employees every morning and on Tuesdays, Tuesday Vegan lunches also free of charge – not to mention the various actions to promote well-being at work (see Section 4.1.3.2).

Salterbaxter

In 2022, the pre-eminence of climate-related issues and the absolute necessity to profoundly and quickly transform economies, companies and civil societies was confirmed. The better understanding of these issues has not yet translated into sufficiently concrete actions.

With offices in London, New York, Los Angeles and Sydney, Salterbaxter is a firm renowned in its field, with ESG expertise combining technical know-how integrating the complexity of the challenges to be faced and putting creativity to work. The objective is to inspire and initiate changes that enable everyone to be a part of the solution.

With Progress Point, Salterbaxter has the first relevant analysis tool for those working on these issues in order to easily identify existing or future performance levers, draw a roadmap and allocate the necessary resources to action priorities. This tool was developed in 2021 with the World Benchmarking Alliance which monitors more than 2,000 companies to help them achieve the SDGs. The Salterbaxter Progress Framework, which includes many indicators such as non-financial performance, proactivity on current challenges and reputation, allowing each Company to express its specificities.

Salterbaxter is the creator of the Innovation Day, the agency’s annual day dedicated to supporting social entrepreneurs. In 2022, for the 10th edition, around ten social entrepreneurs were supported, with the help of 65 volunteers from the 13 Publicis UK agencies. During this decade, 95 entrepreneurs were supported by this system.

4.2.3 Fundamental ethics rules

4.2.3.1 Janus: Ethical principles in the code of conduct

Janus is the Groupe’s Code of Ethics and applies to all managers and their teams. It consists of a code of conduct and detailed operating rules. The code of conduct applies to all employees (see Section 3.1.7 of this document). In 2022, 85% of the Groupe’s workforce has received training in the Janus Code and its contents. Training on the Janus Code of Ethics takes various forms: online training in Marcel, awareness-raising sessions during programs for new employees, and more specific internal sessions for the most exposed positions. In the induction programs, Janus is explained as part of the presentation of the Groupe and its activities. The key principles are detailed in particular regarding the standards of behavior of managers and teams, and the rules of operation to comply with fair practices. One of these elements is the “Zero Tolerance” principle in terms of discrimination, harassment, and violence at work, rules regarding conflicts of interest, fraud, prevention and combating of corruption, data protection, key points of the HR policy, and a reminder of the major principles adhered to by the Groupe, such as the United Nations Global Compact.

In terms of business, one of the Groupe’s historic principles is its refusal to take part in partisan communications campaigns of any kind. The Groupe refuses to work for political parties, cults or ideological propaganda organizations, and refuses any request for funding, contribution or free support.

Several Janus excerpts are available on the Groupe’s website, in the CSR section.

Indicators	2021	2022	Objectives for 2025
% Employees trained in internal Janus Code of Ethics	% Employees trained in internal Janus Code of Ethics 2021 61	% Employees trained in internal Janus Code of Ethics 2022 85*	% Employees trained in internal Janus Code of Ethics Objectives for 2025 100
Of which % ABAC (Anti-Bribery & Anti-Corruption)	Of which % ABAC (Anti-Bribery & Anti-Corruption) 2021 55	Of which % ABAC (Anti-Bribery & Anti-Corruption) 2022 89	Of which % ABAC (Anti-Bribery & Anti-Corruption) Objectives for 2025
Of which % GDPR (Data Protection)	Of which % GDPR (Data Protection) 2021 67.7	Of which % GDPR (Data Protection) 2022 74	Of which % GDPR (Data Protection) Objectives for 2025
Of which % GSO (Data Security)	Of which % GSO (Data Security) 2021 70	Of which % GSO (Data Security) 2022 75	Of which % GSO (Data Security) Objectives for 2025

*Training on the Janus Code of Ethics takes various forms: online training in Marcel, awareness-raising sessions during programs for new employees, and more specific internal sessions for certain positions.

4.2.3.2 Data protection: Role of the Global Data Privacy Office (GDPO)

1) Governance, organization and mission

GDPO (Global Data Privacy Office) is a team of specialized lawyers, legal experts and experienced professionals, experts in data protection issues, working under the supervision of the Chief Data Protection Officer (CDPO). The GDPO is part of the Groupe’s Legal Department, which reports to the Secretary General. Its role is to oversee the data protection program, advise agencies on protection issues and help them with risk management. It also participates in various professional bodies or joint initiatives such as IAB EU’s Transparency & Consent Framework, and the IAB, US’ CCPA Framework. From an operational point of view, the GDPO relies on its Global Data Privacy Operations Team (GDPOps) including Privacy Leads and Data Privacy Stewards in the various countries, in charge of implementing and monitoring the compliance program. The GDPO and GDPOps teams work closely with the GSO, the Global Security Office, as soon as there is a data security question. A Groupe process is dedicated to incident response (Incident Response Process) to manage cybersecurity incidents and data breaches.

The data protection policy is based on the principle of privacy-by-design and must ensure compliance with applicable laws and best practices. This very early stage approach facilitates cooperation with all teams from the earliest stages of a project, so that data protection is well integrated into systems and solutions, and in close contact with client-side teams and their partners. The following principles are applied:

i) ensure that each claimant can exercise his or her rights; ii) review data protection policies and procedures; iii) carry out regular assessments to identify any problems and, if necessary, implement rectification plans.

Even if the field of data protection requires a certain expertise, all Publicis Groupe employees must understand and apply the fundamental principles of data protection, and thus have a vision of each person’s obligations and role in the project. Training for all employees takes place every year with reminders on the European GDPR (General Data Protection Regulation), the CCPA (California Consumer Privacy Act) as well as on data security. Specific training was delivered also and as needed.

As required by law, the Groupe offers consumers access to their privacy rights. For example, with Epsilon, certain rights can be exercised using an automated tool: https://legal.epsilon.com/dsr. In addition, in the United States, Epsilon indicates in its privacy policy the number of requests received by consumers during the previous year: https://legal.epsilon.com/us/NA-products-privacy-policy

2) Certification

In 2022, for the second year, Publicis Groupe was assessed by CyberVadis and remained in the top 1% of companies in terms of security and data protection (score for 2022: 645/1000, thanks to the joint work between the GDPO and the GSO).

The Groupe’s data protection policy is publicly available on the Groupe’s website, in the CSR library. Data protection issues are centralized and each employee can directly contact the GDPO and its teams: privacyofficer@publicisgroupe.com.

3) With suppliers and partners

Suppliers are subject to an initial due diligence whose purpose is to assess their processes and policies in terms of data protection and security, to verify their compliance and to understand their practices. The various GDPO, GDPOps and GSO teams work together for these initial reviews. Suppliers and partners must also complete a self-assessment of compliance with laws and regulations or even best practices. The contracts contain strict contractual obligations, in particular data protection declarations and guarantees. A Data Processing Addendum (DPA) is systematically distributed to suppliers, partners and publishers. When it comes to sensitive data (HR, financial, health, etc.), in-depth analyses are conducted to verify protection, security and compliance issues. This work is carried out in cooperation with the Procurement Department (see Section 4.2.7 of this document).

The data protection policy is an integral part of the Janus Code of Ethics and publicly available on the Groupe’s website, in the CSR library.

4.2.3.3 Data security: Role of the Global Security Office (GSO)

1) Governance, role and mission

At Publicis Groupe, information security is everybody’s responsibility. This involves protecting sensitive information, particularly that of clients. The entire security program is led by a dedicated team from the Global Security Office (GSO), which brings together highly experienced professionals whose expertise is certified in CISSP, CISA, CISM, CRISC, etc. The GSO is responsible for policies, guidelines and standards applied throughout the Groupe. The entire program is based on a logic of continuous improvement, with an ongoing assessment of security risks and monitoring of the application of Groupe rules. The work of the GSO is managed and monitored by the Groupe’s top management.

The GSO oversees a number of programs such as compliance, risk management, security or vulnerability testing, technical reviews, service continuity plans and educating employees about these risks. Particular attention is paid to training all teams using different methods (blogs, articles, videos, tests, graphics, etc.) in six languages (French, English, Spanish, Chinese, Portuguese, German) to build a culture of security across the entire Groupe. All employees must complete a mandatory module on data and information security each year, in addition to on-demand training such as code security. The GSO team coordinates regular communication with all employees, recalling best security practices and detailing existing threats.

A dedicated team, the SOC (Security Operations Center) monitors cybercrime risks (ransomware, malware, phishing, etc.). The SOC is operational 24/7 and ready to intervene to protect infrastructure, systems, information and data and, where necessary, activate business continuity plans and disaster recovery plans.

2) Certifications and compliance

85% of GSO teams are ISO 27001 certified. The GSO program is subject to multiple independent external audits throughout the year. These audits are conducted by third parties but also at the request of our clients and partners, in order to maintain the highest levels of assurance and to continue improving the systems year after year. GSO teams work closely with agency project teams to ensure compliance with client expectations. This means following external certifications such as ISO 27001 or ISO 22301, as well as more specific standards such as Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability Accounting Act (HIPAA) or Service Organization Control (SOC) Trust Criteria. Groupe information security policies are aligned with ISO 27001 standards; the Groupe’s largest entities in the United States, India, the United Kingdom and Latin America are ISO 27001 certified. The GSO monitors these certifications. They work closely with the GDPO teams (see previous paragraph). Epsilon’s activities also have ISO 22301 certification for business continuity plans.

Data security issues are centralized and each employee can contact the GSO and its help desk teams directly at: askgso@publicisgroupe.com.

3) With suppliers and partners

One of the key principles is to extend internal security requirements to suppliers and partners. The GSO manages the Security Risk Management program, in cooperation with the Groupe Procurement Department (see Section 4.2.7 of this document). These are formal security risk assessments, reviewing various administrative, technical and physical security controls.

The Information Systems Security policy is an integral part of the Janus Code of Ethics; it is publicly available in the CSR library of the Groupe’s website.

4.2.4 Duty of Care Plan

In accordance with Law no. 2017-399 of March 27, 2017 on the duty of care required for parent companies and contracting companies, transposed in article L. 225-102-4 of the French Commercial Code, Publicis Groupe has drafted and implemented a plan comprising duty of care measures for the identification of risks and prevention of serious infringements in the areas of human rights and fundamental freedoms, health, personal safety and the environment, resulting from the Company’s activities and those of the companies it directly or indirectly controls, as well as the activities of subcontractors or suppliers.

This plan includes:

A mapping of risks for their identification, analysis and prioritization;
Procedures for assessment of the situation of subsidiaries, subcontractors or suppliers with which the Groupe has a business relationship, with regard to risk mapping;
Appropriate actions to mitigate risks or prevent serious harm;
A mechanism for alerting and collecting alerts relating to the existence or occurrence of risks;
A system for monitoring the measures implemented and assessing their effectiveness.

An update of the duty of care risk mapping was presented to the Supervisory Board by the Strategy and Risk Committee at the Board meeting of March 3, 2021. This mapping was established in 2017, and likewise, this update did not highlight any risk related to or serious violation of human rights and fundamental freedoms, the health and safety of people or the environment.

Every year since 2003, the Groupe has committed to the ten principles of the United Nations Global Compact – principles which apply to the Groupe’s employees and those of its subsidiaries, as well as to its suppliers. These principles are based on:

the Universal Declaration of Human Rights, endorsing its article 1: all human beings are born free and equal in dignity and rights. This fundamental principle is incorporated into the Diversity, Inclusion and Anti-discrimination policy, as well as in the policy for suppliers on responsible procurement, CSR for Business Guidelines;
the International Labour Organization (ILO) Declaration on fundamental principles and rights at work – with scrupulous concern for freedom of expression, freedom of association, and combating child and forced labor. These principles are incorporated into Talent and Human Resources, Health and safety at work and Data protection policies;
the Rio Declaration on Environment and Development, always aiming, since 2009, to reduce the impacts of the Groupe and its subsidiaries on the environment, and offset irreducible impacts. The Net Zero Climate Policy has the same objective and is in line with the Paris Agreement;
the United Nations Convention against corruption, with the Groupe-wide application over the last few years of the requirements of the French Sapin 2 Law, aimed at combating corruption as described in the Anti-corruption policy.

4.2.4.1 Governance and scope

The dedicated Steering Committee on Duty of Care, set up in 2017, is made up of members of the Internal Audit, Risk Management and Internal Control Department, as well as the CSR, Procurement, Human Resources and Legal Departments. Reporting to the Groupe’s Secretary General, which is a member of the Management Board, this Committee is tasked with ensuring the implementation of a Duty of Care Plan in relation to the Company’s activities and those of all its subsidiaries or companies that it controls. The Internal Audit Department covers labor-related issues during its regular reviews (HR procedures, employee protection and information, whistleblowing system, etc.) and the CSR reporting enables to monitor indicators, particularly environmental indicators, for both subsidiaries and suppliers.

The findings of its work are presented to the Supervisory Board’s Strategy and Risk Committee.

4.2.4.2 Systems in place for the application and monitoring of the Duty of Care Plan

The Duty of Care Plan is incorporated into the Groupe’s Janus Code of Ethics. Agency CEOs are responsible for implementing local measures and the indicators are monitored at Groupe level. Measures are implemented with the involvement of Shared Service Centers (Re:Sources). Procedures for assessing the situation of subsidiaries, subcontractors or suppliers with which there is a commercial relationship are implemented. Aspects relating to the Groupe’s employees are monitored by the HR/Talent teams of the agencies and countries through the indicators mentioned and supplemented where necessary.

Aspects relating to the Groupe’s suppliers are monitored by the Groupe’s Procurement Department, in conjunction with the Groupe’s CSR Department. The CSR for Business Guidelines document presents 15 key topics with increased requirements on several criteria. This document (accessible on the Groupe’s website) is a mandatory appendix to any contract signed between the Groupe and a supplier. Publicis Groupe uses the EcoVadis platform and invites its suppliers to be assessed on this platform; other assessments by neutral and independent third parties, dating from 12 to 18 months, are recognized by the Procurement Department. For local suppliers, mainly small and medium-sized companies, they can conduct a CSR self-assessment on the proprietary “P.A.S.S” platform (see Section 4.2.7).

394 pages