Virtual Voice Assistants (VVA) are services integrated today in most digital devices such as smartphones, tablets and connected speakers.
Such voice assistants make it possible to understand voice commands to execute them or to interact with other digital systems. Their presence in private, professional or public environments can make them particularly intrusive and thus they represent a growing challenge in terms of protecting users' personal data.
In this context, the EDPB adopted at its plenary meeting on 7 July 2021 the final version of the VVA guidelines. The aim is to provide all involved actors with recommendations on how to meet certain challenges regarding compliance of VVAs in relation to the requirements of the GDPR.
These guidelines have been updated to take account of the comments received during the public consultation and cover in particular the following areas:
- Technological context
- Notions of controller and processor,
- Purposes
- Principle of minimization and transparency
- Legal bases
- Identification of users,
- Processing of personal data of minors
- Mechanisms for the exercise of the rights of data subjects.
The CNPD, as a co-rapporteur for the elaboration of these guidelines, has been particularly active in the process of reflection and drafting of these guidelines.