Getting consent to store PII Personally Identifiable Information
Tom Gibby avatar
Written by Tom Gibby
Updated over a week ago

PII

Personally identifiable information (PII) is any data that could potentially be used to identify a specific individual. Any information that can be used to distinguish one person from another and can be used to de-anonymise anonymous data should be considered PII.

GDPR

As of the 25th May 2018 the EU introduced the General Data Protection Regulation (GDPR)

The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The Bot Platform and privacy

For the Bot Platform to remain GDPR compliant and respect the privacy of all users we have added a ‘Personal data consent' button option. This also means that as the data processor you will need to incorporate a set of messages within your bot that requests the user’s consent should you wish to store or use their personal data. For example, competitions, where you have to contact the winner.

How to comply

  1. If you wish to collect personally identifiable information, you MUST gain explicit consent from the person using the bot.

  2. In the message builder, create a message which clearly states the kind of information you will be collecting and why with a link to your privacy policy.

  3. Add a button and configure it for ‘Personal data consent’ and ‘opt in’ then link it to a success message

  4. When you want to collect PII, save the data against an attribute

  5. Go to ‘User attributes’ under ‘People & Privacy’ in the side menu

  6. Find the attribute which represents PII and tick the box

  7. Now, only those who have consented to the collection of the data will be saved against that attribute. If they have not consented, their responses for that particular attribute will not be stored and you will not be able to see them in the data download.

  8. You need to provide a clear way to ‘opt out’ (in a similar way to opt in) that the user can access at all times, perhaps in the persistent menu.

  9. You need to provide a way for people to recall the personal data you’ve collected for them and delete it if they see fit. By going to ‘privacy messages’, you can generate 4 messages for this which will appear in your messages list, again, you should make easy to access like adding them to the persistent menu.

More information about user attributes.

Related Articles
Store and retrieve data in the bot database using Attributes
What data does the platform collect?
How to set up and manage attributes in your Teams bot
Download Data
Anonymous bots
Did this answer your question?