Can i trust her? intelligent personal assistants and GDPR

Eoghan Furey, Juanita Blue

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

14 Citations (Scopus)

Abstract

Voice Command Devices and the Intelligent Personal Assistants they embody have become ubiquitous in homes and offer individuals many convenient and entertaining features. The Amazon Echo and its intelligent personal assistant, 'Alexa', is a leading innovation in this area. This novel research examines aspects of trust and privacy relating to personal use of the Echo. It aims to demonstrate the types of data that may be vocally extracted from a selection of the multitude of applications that may be linked to the Echo. In the era of Voice IoT, Big Data and Artificial Intelligence, trust and privacy concerns are paramount for the individual. Personal data has never been more valuable, both to large reputable corporations and to criminal groups. The European Union's General Data Protection Regulations (GDPR) came into force in May 2018, aiming to protect the privacy of personal data of EU citizens. This has further highlighted the trust issues stemming from this technological medium. This paper demonstrates that a typically configured Echo device can prove to be a vulnerable channel by which personal information may be accessed. Where no safeguards are implemented, a plethora of data including personal identifiable information and personal health information is available from the device. Data exposure by simple vocal request leaves the system vulnerable to inquisition by any unauthorized individual who is within 'ear shot' of the device. The research explores the extent to which these risks can be reduced or mitigated, offering a set of recommendations aimed at building trust and preserving user privacy, while still enabling functionality of the device. Trust and privacy are based on a triad of shared responsibility. While the GDPR enforces trust between the voice service providers and the consumers, adherence to these recommendations will empower individuals to trust against privacy breaches from local sources.

Original languageEnglish
Title of host publication2019 International Symposium on Networks, Computers and Communications, ISNCC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728112435
DOIs
Publication statusPublished - Jun 2019
Event2019 International Symposium on Networks, Computers and Communications, ISNCC 2019 - Istanbul, Turkey
Duration: 18 Jun 201920 Jun 2019

Publication series

Name2019 International Symposium on Networks, Computers and Communications, ISNCC 2019

Conference

Conference2019 International Symposium on Networks, Computers and Communications, ISNCC 2019
Country/TerritoryTurkey
CityIstanbul
Period18/06/1920/06/19

Keywords

  • Amazon Echo
  • GDPR
  • Personal Data
  • Privacy
  • Voice Command Devices

Fingerprint

Dive into the research topics of 'Can i trust her? intelligent personal assistants and GDPR'. Together they form a unique fingerprint.

Cite this