The European Data Protection Board published guidelines on data protection involving Virtual Voice Assistants for public consultation
The European Data Protection Board (EDPB) issued data protection guidelines involving Virtual Voice Assistants (VVAs) for public consultation. The guidelines refer to all ways Virtual Voice Assistants (VVAs) process personal data: executing requests, improving machine learning models, biometric identification, and profiling for personalized content or advertising. According to the guidelines, data controllers providing VVA services and their processors have to consider both the GDPR and the e-Privacy Directive. The guidelines’ highlights, among others, the following issues: rights of the information subjects (e.g., right to correct information, delete information, copy information) should be available through the user’s voice commands; the rights of those who process information for improving voice recognition technology; the preferred legal basis for information processing, the processing and storing sensitive biometric information, the need for conducting Data Protection Impact Assessment to explore who might be affected from using the technology, and the need to use filtering any unnecessary data to ensure that only the user’s voice is recorded. The deadline for public comments is April 23.