PhD Defense S. de Conca
The Enchanted House - an analysis of the interaction of intelligent personal assistants (IPHAs) with the private sphere and its legal protection
- Location: Cobbenhagen building, Aula
- Supervisor: Prof. R.E. Leenes
- Co-supervisor: Mr. C.M.K.C. Cuijpers
In less than five years, Alexa has become a familiar presence in many households, and even those who do not own one have stumbled into it, be it at a friend’s house or in the news. Amazon Alexa and its friend Google Assistant represent an evolution of IoT (Internet of Things): they have an advanced ‘intelligence’ based on Cloud computing and Machine Learning; they collect data and process them to profile and understand users, and they are placed inside our home. I refer to them as intelligent personal and home assistants, or IPHAs.
This research applies multidisciplinary resources to explore the phenomenon of IPHAs from two perspectives. From a more socio-technical angle, the research reflects upon what happens to the private sphere and the home once IPHAs enter it. To do so, it looks at theories and concepts borrowed from history, behavioural science, STSs, philosophy, and behavioural design. All these disciplines contribute to highlight different attributes that individuals and society associate with the private sphere and the home. When the functioning of IPHAs is mapped against these attributes it is possible to identify where Alexa and Assistant might have an impact: there is a potential conflict between the privacy expectations and norms existing in the home (as sanctuary of the private sphere) and the marketing interests introduced in the home by IPHAs’ profiling. Because of the voice-interaction, IPHAs are also potentially highly persuasive, can influence and manipulate users and affect their autonomy and control in their daily lives.
From the legal perspective, the research explores the application of the GDPR and proposal for e-Privacy Regulation to IPHAs, as legislative tools for the protection of the private sphere in horizontal relationships. The analysis focuses in particular on those provisions whose application to IPHAs is more challenging, based on the technology but also on the sociotechnical analysis above. Special attention is dedicated to the consent of users to the processing, the general principles of the GDPR, attributing the role of controllers or processors to the stakeholders involved, profiling and automated decisions, data protection by design and default, as well as spam and robocalls.
For some of the issues, suggestions are offered on how to interpret and apply the legal framework, in order to mitigate undesired effects. This is the case, for instance, of determining whether the owners of IPHAs should be considered controllers vis-à-vis the data of their guests, or of the implications of data protection by design and default on the design of IPHAs. Some questions, however, require a wider debate at societal and political level. This is the case of the behavioural design techniques used to entice users and stimulate them to use the vocal assistants, which present high levels of persuasion and can affect the agency and autonomy of individuals.
The research brings forward the necessity to determine where the line should be drawn between acceptable practices and unacceptable ones.