Is your chatbot GDPR compliant?

Sağlam, Rahime Belen; Nurse, Jason R. C.

doi:10.1145/3405755.3406131

Cited by 19 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The GDPR defines principles and the lawful bases for processing personal information and also specifies rights for individuals: 57 Transparency in data procession, Data minimization (the personal data processed is adequate, relevant, and limited), Purpose limitation (personal data can be collected, but not further processed), Storage limitation (personal data are deleted when it is no longer needed), and Download (personal data are provided on demand), Change (right to change personal data), and Remove (sometimes called Right to be forgotten, i.e., delete all the user's data).…”

Section: Securitymentioning

confidence: 99%

See 1 more Smart Citation

Chatbots: Security, privacy, data protection, and social aspects

Hasal

Nowaková

Saghair

et al. 2021

Concurrency and Computation

125

View full text Add to dashboard Cite

Chatbots are artificial communication systems becoming increasingly popular and not all their security questions are clearly solved. People use chatbots for assistance in shopping, bank communication, meal delivery, healthcare, cars, and many other actions.However, it brings an additional security risk and creates serious security challenges which have to be handled. Understanding the underlying problems requires defining the crucial steps in the techniques used to design chatbots related to security. There are many factors increasing security threats and vulnerabilities. All of them are comprehensively studied, and security practices to decrease security weaknesses are presented. Modern chatbots are no longer rule-based models, but they employ modern natural language and machine learning techniques. Such techniques learn from a conversation, which can contain personal information. The paper discusses circumstances under which such data can be used and how chatbots treat them. Many chatbots operate on a social/messaging platform, which has their terms and conditions about data. The paper aims to present a comprehensive study of security aspects in communication with chatbots. The article could open a discussion and highlight the problems of data storage and usage obtained from the communication user-chatbot and propose some standards to protect the user. K E Y W O R D Schat, chatbots, data protection, GDPR, security, virtual assistants * A bot is sometimes referred to as a chatbot, but to be precise, a bot is a computer program (tool) that automates processes. A chatbot is a sub-genre of the bot environment with a focus on talking or conversation. Some companies instead of Chatbot use the name 'Conversational AI' or ' AI chatbots' to highlight that their chatbot is powered by machine learning and information retrieval techniques. In this article the term 'chatbot' is used for all types of chatbots.This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or adaptations are made.

show abstract

Section: Securitymentioning

confidence: 99%

“…There are still some open issues with GDPR and chatbots 57 . The GDPR provides the ‘right to be informed’ about how the data are processed, but overall algorithmic transparency is low.…”

Section: Securitymentioning

confidence: 99%

Chatbots: Security, privacy, data protection, and social aspects

Hasal

Nowaková

Saghair

et al. 2021

Concurrency and Computation

125

View full text Add to dashboard Cite

show abstract

“…Additionally, users can interact with StockBabble by typing a message and pressing send, or by using voice input. Voice input is an increasingly popular way to engage with agents (due to agents such as Alexa, Siri and Google Assistant) and can provide users with another interaction mode [2]; these factors motivated its inclusion. Once voice recognition is enabled (by clicking the microphonesee bottom left of Figure 1), a user can begin speaking and their words will be populated in the message box.…”

Section: Functionalitymentioning

confidence: 99%

StockBabble: A Conversational Financial Agent to support Stock Market Investors

Sharma

Brennan

Nurse

2021

CUI 2021 - 3rd Conference on Conversational User Interfaces

View full text Add to dashboard Cite

show abstract

“…; in any case, it is important to avoid asking unnecessary questions or handling compromising information. Even chatbots need to be designed to comply with the current personal data protection regulations (GDPR) (Saglam and Nurse 2020), and also to inform the user that the interaction is being done with a chatbot instead of with a human (Ischen et al 2019).…”

Section: Ethical Considerationsmentioning

confidence: 99%

Considerations on creating conversational agents for multiple environments and users

Cebrián¹,

Martínez-Jiménez²,

Rodrı́guez³

et al. 2021

AI Magazine

View full text Add to dashboard Cite

Advances in artificial intelligence algorithms and expansion of straightforward cloud-based platforms have enabled the adoption of conversational assistants by both, medium and large companies, to facilitate interaction between clients and employees. The interactions are possible through the use of ubiquitous devices (e.g., Amazon Echo, Apple HomePod, Google Nest), virtual assistants (e.g., Apple Siri, Google Assistant, Samsung Bixby, or Microsoft Cortana), chat windows on the corporate website, or social network applications (e.g. Facebook Messenger, Telegram, Slack, WeChat).Creating a useful, personalized conversational agent that is also robust and popular is nonetheless challenging work. It requires picking the right algorithm, framework, and/or communication channel, but perhaps more importantly, consideration of the specific task, user needs, environment, available training data, budget, and a thoughtful design.In this paper, we will consider the elements necessary to create a conversational agent for different types of users, environments, and tasks. The elements will account for the limited amount of data available for specific tasks within a company and for non-English languages. We are confident that we can provide a useful resource for the new practitioner developing an agent. We can point out novice problems/traps to avoid, create consciousness that the development of the technology is achievable despite comprehensive and significant challenges, and raise awareness about different ethical issues that may be associated with this technology. We have compiled our experience with deploying conversational systems for daily use in multicultural, multilingual, and intergenerational settings. Additionally, we will give insight on how to scale the proposed solutions.

show abstract

Is your chatbot GDPR compliant?

Abstract: The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.

Cited by 19 publications

References 3 publications

Chatbots: Security, privacy, data protection, and social aspects

Chatbots: Security, privacy, data protection, and social aspects

StockBabble: A Conversational Financial Agent to support Stock Market Investors

Considerations on creating conversational agents for multiple environments and users

Contact Info

Product

Resources

About