Set Up Your ChatBot for Consent Compliance

The purpose of this article is to provide compliance guidance on data protection and consent requirements, helping customers grasp their responsibilities around data collection, consent, and transparency, when using chatbots, especially those handling personal data or engaging in user interactions. It includes hands-on setup tips for configuring ChatBot to request consent, inform users about data collection, and link to privacy policies. 

This article also highlights best practices, offering broader recommendations for responsible data management, such as informing users when they’re interacting with an AI bot, clarifying if conversations are recorded, and ensuring transparency in privacy policies.

Whenever you need to provide your customers with detailed information regarding the i.e. collection of their personal data - whether handled by you or by a third-party processor - you may also have other legal obligations to fulfill. You can accomplish this in two main ways:

1. For online stores: If you operate an e-commerce store where customers can make purchases, you can modify the agreement between you and your customer to include details on data processing during a chat.

2. For general use: If your ChatBot isn’t used for sales, it may still be important to inform your website visitors that you may gather and process their data during a chat. You can do this by using the Chat Widget’s welcome screen or by asking for confirmation directly within the bot. Below, we provide instructions on how to use the welcome screen to make your chat widget compliant, as well as a way to ask for confirmation when the chat is started.

Please note that the information provided, including data protection consents and clauses, in this article serves as general guidelines and should not be considered legal advice.

We offer example clauses and recommendations, but we are unaware of the specifics of your business and data practices or your other compliance matters. It is important to consult a legal advisor before taking any actions based on this article.

You must ensure that any agreement, consent, or other legal basis aligns with your business needs and complies with data processing practices regulations, considering factors such as the data type you process, the purpose of processing, and the retention period.

We explain how this compliance feature works with a GDPR example, but you can adjust it and use it to any other legal issue as needed.

Please note that the information provided, including data protection consents and clauses, in this article serves as general guidelines and should not be considered legal advice.

We offer example clauses and recommendations, but we are unaware of the specifics of your business and data practices or your other compliance matters. It is important to consult a legal advisor before taking any actions based on this article.

You must ensure that any agreement, consent, or other legal basis aligns with your business needs and complies with data processing practices regulations, considering factors such as the data type you process, the purpose of processing, and the retention period.

We explain how this compliance feature works with a GDPR example, but you can adjust it and use it to any other legal issue as needed.

Implementing consent requests to your ChatBot’s Chat Widget

1. In your ChatBot Dashboard, select the bot to which you want to add the consent or information from the list.

2. Click on the Integrations icon (1) and select the existing Chat Widget or create a new one if needed (2).
   

3. In the configuration screen of your Chat Widget, you will be able to fill out all the needed information to customize your Chat Widget’s look and feel. It’s also a good place to inform your customers about data processing or other legal information. To do so, change the Bot Description field to something like:
   By clicking “Chat with us”, you agree to our Terms of Service.

4. Additionally, you can link to your Terms of Service/Privacy Policy/Other legal document by clicking on the + Add link button and defining the link’s URL and title.

5. Once all is set up correctly, it should look similar to the example above.

If your local law requires you to inform users they are communicating/interacting with a bot, we recommend keeping the default value of the bot’s name as “ChatBot”.

If your local law requires you to inform users they are communicating/interacting with a bot, we recommend keeping the default value of the bot’s name as “ChatBot”.

Implementing consent to your bot flow

1. In your ChatBot Dashboard, select the bot to which you want to add e.g. the data processing consent from the list.

2. Add a new Bot response action directly after the Start point or use your existing Welcome message.

3. Next, add three User input options: 

   1. Agreeing to data processing

   2. Rejecting data processing

   3. Requesting more information about the mentioned legal document 

      

4. In the newly created Bot Response, add a Quick Replies message and configure it to redirect the user to the correct flow based on their selection when clicked.
   Tip: You can also add a Text Response at the very beginning to inform the user they’re chatting with the bot.

5. Then, add a new Bot Response action for each User Input action and fill it with the required information:

   1. If accepted, continue to the regular conversation

   2. If rejected, end the chat using the Close Chat action

   3. If more information is needed, return a link to the legal document.

6. Save your changes and make sure to Publish them in the top right corner.

7. Your bot is ready! To test it, click the Test your bot button.

Additional tips that may be useful for Compliance

• Transparency: Know your bot—If you are using a bot or AI bot, inform users they are not speaking/interacting with a human, and remind them to verify the information they are being given and preferably direct them on how to do that, as AI makes mistakes..

• Recording/transcribing: If you are recording/transcribing the chat, notify users about it  prominently to meet consent requirements under wiretapping laws. It’s better to be specific about why you are recording.

• Clear notices:  If you’re collecting personal information during a chat, make sure to:

  • Provide a clear notice at the time of data collection.

  • Share a detailed privacy notice with all the important details.

• No “Sneaky” Changes: Don’t secretly change privacy policies or terms of service. Be upfront and inform users when updates are made.

• Know your data collection: You have to know what data your chatbot collects, both actively from the user and passively through trackers, and what third parties (through those trackers or your service provider that set up the bot) may do with it. Some of this may need an opt-in/opt-out mechanism.

• Tell it like it is. Be honest about your bot’s capabilities, and don’t misrepresent what these services are or can do. For example, avoid presenting it as a substitute for professional services if it’s not licensed-  your therapy bots aren’t licensed psychologists.

• Disclose paid content: If there are ads or sponsored content in the chat, make it clear to users. Don’t insert ads into a chat interface without clarifying that they’re paid content. Any generative AI output should distinguish clearly between organic and paid content.

• Conduct AI assessments: You may need to do an AI assessment and check the sources of data that came from it. (Does it violate any laws? Or is there any risk of bias?)

• Automatic decision-making: If your bot uses sensitive data or makes “consequential decisions”, such as those affecting access to employment, financing, education, or things affecting health and mental health, etc., consider consulting legal advice to ensure full compliance.