User Privacy Harms and Risks in Conversational AI: A Proposed Framework
Ece Gumusel, Kyrie Zhixuan Zhou, Madelyn Rose Sanfilippo
TL;DR
The paper tackles user privacy harms and risks in conversational text-based AI chatbots by extending Solove's 2006 taxonomy into a practical framework. It employs a qualitative design with semi-structured interviews of 13 participants interacting with Blenderbot and ChatGPT-4, analyzed via grounded theory and NVivo coding. The study identifies 9 privacy harms and 9 privacy risks, providing empirical evidence through chat logs and quotes, and demonstrates how these harms manifest across monitoring, aggregation, identification, and other dimensions. The framework offers guidance for developers, policymakers, and researchers toward Privacy by Design, transparency, and auditing, with implications for regulation and safety in AI-enabled dialogue.
Abstract
This study presents a unique framework that applies and extends Solove (2006)'s taxonomy to address privacy concerns in interactions with text-based AI chatbots. As chatbot prevalence grows, concerns about user privacy have heightened. While existing literature highlights design elements compromising privacy, a comprehensive framework is lacking. Through semi-structured interviews with 13 participants interacting with two AI chatbots, this study identifies 9 privacy harms and 9 privacy risks in text-based interactions. Using a grounded theory approach for interview and chatlog analysis, the framework examines privacy implications at various interaction stages. The aim is to offer developers, policymakers, and researchers a tool for responsible and secure implementation of conversational AI, filling the existing gap in addressing privacy issues associated with text-based AI chatbots.