Page 10 - EngineerIt June 2021
P. 10

ICT LEGAL OPINION
































        Is your chatbot POPIA compliant?
        Is your chatbot POPIA compliant?



        By Maison Samuels, Webber Wentzel




          Artificial Intelligence and digitisation are transforming the business landscape. Many new
          technologies are being created to streamline customer engagement, such as chatbots.
          Given the quantity of personal information which a chatbot may acquire, how do you ensure
          that your chatbot is POPIA compliant?




        What is a chatbot?                                                          There are essentially three parties
        A chatbot is an operating system that automates and simulates a conversation with   involved in the chatbot service and
        humans in written or spoken form.  This enables the user to interact with digital devices   it is important to distinguish between
        in the same way they would communicate with a real person.  These interactions typically   them to comply with POPIA.  Firstly,
        take place over messaging applications, or they may be embedded functions on a website.     there is the end user, the data subject
        The chatbot is insentient - it allows you to chat with it about the product or service that is   to whom the personal information
        being offered.                                                            relates and who is typically identified
                                                                                  through an identifier such as a name
        Why would a business consider using a chatbot?                            or identification number.  The end
        A chatbot enables the end user to receive an instant response to a question or issue.   user is protected by POPIA, and
        The intended result is that the end user saves time, which is intended to increase his   organisations that process the end
        or her satisfaction and translate into increased business sales and leads.  For example,   user’s personal information must
        an e-commerce retail business may consider using a chatbot to direct end users to the   comply with the Act.  Secondly, there is
        specific pages of the website when the end user asks about a particular clothing item he or   the responsible party, the organisation
        she wishes to purchase, or it will give information on a product when an end user queries   using the chatbot service to process
        the product’s applications.                                               the end user’s data for a specific
                                                                                  purpose (for the purposes of this
        Why is POPIA relevant in the context of chatbots?                         article, we will refer to this party as
        When a business uses a chatbot, a lot of real-time data about end users may be obtained   the chatbot customer).  Lastly, there
        during the conversation.                                                  is the operator, the entity providing
           In some instances, the data obtained by the chatbot includes personal information   the chatbot service to the chatbot
        of an end user.  Accordingly, if your business uses a chatbot service, you must ensure   customer.  The distinction between
        compliance with the Protection of Personal Information Act, 2013 (POPIA), which becomes   the latter two parties is important in
        fully operational on 1 July 2021.  The chatbot service provider is also required to comply   determining who attracts liability in the
        with POPIA.                                                               event of a data breach.



                                                    EngineerIT | June 2021 | 8
   5   6   7   8   9   10   11   12   13   14   15