Chatbots face rising cyber liability risks over data privacy
Chatbots pose growing liability risks as insurers and attorneys warn that real-time data collection, combined with unclear vendor agreements, could trigger privacy lawsuits and regulatory action. Jennifer Wilson from Newfront said that wrongful data collection ranks as the second most common cyberlitigation claim after ransomware attacks. Companies face legal exposure under California, Illinois, and European privacy laws when conversation logs are saved without user approval or shared with artificial intelligence providers.
Sarah Thompson at MSIG USA said legal theories mirror earlier disputes over the collection of checkout data. Website operators can face liability even when third-party tools capture information in the background. Joshua Mooney from Kennedys law firm said inadequate disclosure about chatbot use may violate wiretapping statutes that prohibit unauthorized interception of electronic communications.
Training artificial intelligence models using customer conversations poses distinct risks. Wilson cited a recent settlement worth 1.5 billion dollars involving alleged misuse of copyrighted training materials. Experts recommend explicit consent mechanisms, transparent vendor contracts, and internal governance policies for data retention and sharing practices.
