Hey voice assistant: you’ve got some complying to do.
The European Data Protection Board has issued draft guidelines on the data protection aspects of using the increasingly prevalent virtual voice assistants.
Some key points:
- Transparency is key but is also not easy to do well: 30 pages of single-spaced privacy notice won’t cut it. Think more like dashboards and voice commands.
- Mind your legal basis. “Necessary for contract” might work for certain things but “consent” might be more appropriate in others, especially when there is biometric data used for identification (which is Article 9 special category data).
- Approach your data retention mindfully. It should be granular and specific for the different processing purposes.