For some clarity, here is the clause:
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”
Whilst a Samsung spokesman has, however, stressed that “our TV’s don’t passively record conversations. You must press the mic button on the remote to ask a question – just like on a smartphone”, it has nonetheless, caused some panic worldwide.
If you enable Voice Recognition, you can interact with your Smart TV using your voice.
To provide you the Voice Recognition feature, some interactive voice commands may be transmitted (along with information about your device, including device identifiers) to a third party service provider (currently, Nuance Communications, Inc.) that converts your interactive voice commands to text and to the extent necessary to provide the Voice Recognition features to you.
In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features.
Samsung will collect your interactive voice commands only when you make a specific search request to the Smart TV by clicking the activation button either on the remote control or on your screen and speaking into the microphone on the remote control.
One thing is certain – there is an attempt to clarify what information Samsung collects, to whom the information is distributed to, and the purpose for which the information is collected.
More pertinent, from a South African perspective, is whether this clause is compliant with the Protection of Personal Information Act 4 of 2013 (“the Act”). In a nutshell, section 18 of the Act requires, at the very least, in a context such as this, the following:
- What information is being collected
- The purpose for which the information is being collected
- The recipient of such information
The EZterms team is of the opinion that requirements 2 and 3 have been met, as Samsung has stated that it collects voice commands in order that they may 1) “provide you with Voice Recognition features and evaluate and improve the features” and 2) transmit the recorded voice commands to Nuance Communications, Inc. (“Nuance”).
Thus, both the purpose and recipients requirement requirements have been met, assuming of course that this is the only entity to whom Samsung discloses the personal information.
Thus, Samsung provides Nuance with voice commands made through the Samsung smart TV, but alleges that Nuance’s use of your personal information is limited to providing voice command services to the user of the smart TV.
There exists a clear conflict, in that personal or sensitive information which may have been recorded during a voice command may allow Nuance access to such personal information, for purposes beyond merely providing voice command services to smart TV users.
Even where the quality of the consent is sufficient and the disclosure is lawful (since Samsung discloses that voice commands are shared with Nuance) the fact remains that the third party service provider makes no such assurances as to the integrity of your personal information.
And this is where things start to get a bit concerning.
For example, Nuance explicitly states that “[b]y using… Nuance Products, you consent to the collection and use of your personal information by Nuance”.
We would suggest that this falls foul of the very objects of the Consumer Protection Act 68 of 2008, which has at its heart the goal of giving effect to the international law obligations of the Republic, including, to “improve access to, and the quality of information that is necessary so that consumers are able to make informed choices according to their individual wishes and needs; etc…”
That being said, the question to be asked at this juncture, is what does Nuance do with the voice commands that it has in its possession, which, even by Nuance’s own account “may include personal information”?
The virtual information rabbit hole deepens as your personal information is shared with new third party service providers, via your Samsung smart TV.
A cursory examination of Spiderbook.com, reveals that the list of suppliers, vendors and affiliates of Nuance, to whom a user’s personal information may be shared with, is extensive… totaling at least 37. These include:
- Silver Peak
- Juice Mobile
- Varolii Interact
- ITA Software Inc
- Apple Inc
- VoiceSignal Technologies
- Philips Speech
- Focus Infomatics
The above vendors, suppliers and affiliates are not, however, independently verified by the EZterms Team.
The user would have to warrant that personal information may be shared with third party Service providers (and their third party service providers), all of whom are listed by name, together with links to their individual privacy policies, thereby shifting the onus onto the user to ensure that there are no offending provisions in any of the privacy policies which may apply.
Practically speaking, this constitutes a call for legislative intervention to regulate the use of the personal information, the balancing of commercial interests and utility, and the need to safeguard sensitive personal information.
This article was written by EZterms