Generative AI: informing stakeholders

Adoption of generative AI often raises questions about data transparency. In this article, we share our recommendations to ensure compliance with GDPR and how to do so using iAdvize's features.

For Visitors

Consent Form

If you are using a feature that involves generative AI, we advise you to mention it in the consent form displayed to your visitors, which you can customize in the "Legal Information - GDPR and Data Protection" section of the iAdvize administration.

"Other Information" Section

Here's an example of a standard paragraph you can insert in the "Other Information" section of the form:

"The data from conversations involving generative AI may be transferred to Microsoft.

When applicable, this data will be stored in Microsoft servers located in Europe for a maximum duration of 30 days, solely for the purpose of monitoring misuse and fraud, before being permanently deleted.

This data will not be used to train or improve Microsoft's generative AI models."

"Recipient" Section

Following the suggested paragraph above, we recommend adding Microsoft as a recipient of the data in the dedicated section.

Beginning of the Conversation

For more transparency and to prepare visitors for their experience, we suggest mentioning the nature of the bot and its generative AI at the beginning of its scenario.

In the solution, this default message introduces the bot and invites users to consider its responses with caution:

"Hello, I am a personal assistant equipped with advanced artificial intelligence. I know a lot of things, but I'm not infallible! How can I assist you?"

For Respondents

Just like any other tool used by your company, we advise you to communicate with your team about how their data is stored by iAdvize or any other party (details in this article).

In the case of interactions involving generative AI:

  • iAdvize retains the data of conversations and exchanges with Copilot.
  • this data is also stored in Microsoft servers located in Europe for a maximum duration of 30 days.
  • currently, administrators and managers do not have access to exchanges between respondents and Copilot.