Privacy Policies for Robotics Companies
Robotics companies should implement a privacy program that include one or more privacy policies. Whom should these policies cover? Every major business has a privacy policy that covers individuals who browse the business’s website. Should the website cover more than just website users?
Companies that develop and offer robots should consider at least three other audiences. First, in the process of selling their robots, they will collect personal information from individual customers or the representatives of their business customers. Robotics companies may attract prospects via their websites. But they may also cultivate prospects through outbound emails, sales meetings, and trade shows. If a company’s privacy policy focuses only on website users, the company will miss the personal information collected in these other ways.
Second, robotics companies may create accounts or databases of user information. Imagine a business with multiple employees that purchases a fleet of service robots. Each employee may have an account with the robotics vendor containing user personal information, preferences, and preferred settings. The account may have a username and password. The employees of customers may wish to update their personal information or may wish for the data to be deleted, for instance upon leaving the customer organization. A privacy policy should address these individual data subject requests.
Third, some robots may collect data in the form of video, images, or audio. The data subjects captured in these media may be robot owners, users of the robots, or even bystanders when robots are operating in publicly accessible locations. A website-focused privacy policy would not address the collection of media and the possible requests from data subjects for deletion from those captured in these forms of media.
In sum, robotics companies should think of more than website visitors when establishing their privacy policies and programs. A website privacy policy covering only website users is not good enough. Companies should consider the sources of personal information they collect or receive and address their privacy programs to make sure their privacy policies and programs cover all persons whose personal information is collected.