Chatbots are popular in China and are part of everyday digital life. They can be found in business as well as in society, for example in customer service or as social chatbots, a kind of virtual friend of the user. One example is the app XiaoIce, which now has more than 40 million registered users and around two and a half million followers on Weibo. Chatbots usually ask for information about the user, or the user passes on information to the AI system on his or her own initiative.
In addition to ethical concerns, critical voices are increasingly being raised that point to the data security of chatbots. The question is whether data protection is ensured in these systems and whether chatbot operators are prevented from processing the data in a way not desired by the user or even selling it on.
In addition to the operator’s data protection measures, the security of the IT systems on which a chatbot runs and in which the data from the communication is stored, the security of the communication networks as well as the software are important. There have already been incidents of criminals abusing chatbots to obtain users’ personal data. With China’s new cyber security (CSL) and data protection (DSL, PIPL) laws, a certain level of data security should also be ensured for chatbots because they oblige operators to implement basic cyber security measures.
Companies that operate chatbots for customer enquiries on their Chinese website, for example, should check whether the data collected is obtained legally and processed and stored in a data protection-compliant manner. This also includes ensuring that the processing procedures are transparent and that users are informed about the use and storage of the data.