Toward privacy - sensitive human – robot interaction: Privacy terms and human – data interaction in the personal robot era

: Can we have personal robots without giving away personal data? Besides, what is the role of a robots Privacy Policy in that question? This work explores for the ﬁ rst time privacy in the context of consumer robotics through the lens of information communicated to users through Privacy Policies and Terms and Conditions. Privacy, personal and non - personal data are discussed under the light of the human – robot relationship, while we attempt to draw connections to dimensions related to personalization, trust, and transparency. We introduce a novel methodology to assess how the “ Organization for Economic Cooperation and Development Guidelines Governing the Protection of Privacy and Trans - Border Flows of Personal Data ” are re ﬂ ected upon the publicly available Privacy Policies and Terms and Conditions in the consumer robotics ﬁ eld. We draw comparisons between the ways eight consumer robotic companies approach privacy principles. Current ﬁ ndings demonstrate signi ﬁ - cant deviations in the structure and context of privacy terms. Some practical dimensions in terms of improving the context and the format of privacy terms are discussed. The ultimate goal of this work is to raise awareness regarding the various privacy strategies used by robot companies while ultimately creating a usable way to make this information more relevant and accessible to users.


Introduction
We live in an era where collaborative robots have become an essential element of the industrial shop floor [1], and health-care robots are deployed to fight a global virus outbreak [2]. At the same time, domestic robots enter more modern households, and many users accept them as part of their everyday life [3,4]. As a result, we notice a booming increase in human-robot interactions where humans share workspaces, collaborative tasks, and, eventually, significant parts of their daily living environments with robots [5]. However, these human-robot interactions are as good as the data we feed them. Therefore, detailed records of user interactions may be crucial to uncover user needs, preferences, and expectations and develop systems that add value to the user [6]. Understanding the user's habits and lifestyle widens the opportunities to create a deeper connection with a robot and potentially manage more reliably user expectations. A trustworthy relationship in a human-robot interaction scenario is greatly dependent on the way such expectations are managed. Nevertheless, how could those records be used in a way that respects user privacy?
As Winfield and Jirotka [7] support in their work about how ethical governance enables the build of trust in robotics, it is not enough for organizations to only claim that they are ethical. Organisations have to also show how they are ethical. A great range of ethical principles, codes, guidelines, or frameworks have been introduced very recently [8]. At the same time, privacy and data governance were prioritized as a requirement in the recent Ethics Guidelines for trustworthy AI [9] by the EU Commission. This work moves the discussion from "what" those theoretical principles may be to "how" companies interpret or implement them in a more practical setting when developing Privacy Statements and Terms and Conditions.
Privacy Policies and Terms and Conditions are developed behind the closed doors of each company. Companies take specific decisions on the information that will be included and the way to present such information to potential customers and users. As an example, some adopt the verbose and complex legal language, while others may present simple bullet points. This publicly available documentation not only provides cues signaling the level of privacy protection offered, but may also reflect part of the data governance policy along with the values of a company. For example, the way the most sensitive aspects of products are communicated to users may reflect a company's attitude toward user empowerment. Allowing users to have clarity and an increased level of choice or control over their data may demonstrate an overall vision related not only to privacy, but also to infer an organizational culture oriented to participatory design or decision-making.
This work presents an overview of issues related to the current legal standing on data governance regarding personal or consumer robots. We explore privacy issues and discuss the definitions of personal and nonpersonal data in the EU jurisdiction and their impact on personal and consumer robots. We integrate our previous work on personal data handling and privacy in human-robot relationships [10] and introduce a rating system for data handling related to human-robot interactions.
We investigate how the privacy guidelines developed by the Organization for Economic Cooperation and Development (OECD) are reflected upon the publicly available Privacy Statements and Terms and Conditions in the consumer robotics field. These privacy guidelines are the first internationally agreed privacy principles serving as a cross-border commitment to creating a global privacy protection framework. We compare Privacy Policies and Terms and Conditions of eight consumer robotic firms to understand how different practitioners adopt the OECD privacy guidelines in the field.
Currently, there have been no known studies that shed light on understanding how privacy is reflected in publicly available Terms and Conditions or Privacy Policies. This article attempts to bridge this gap by providing a comprehensive analysis of the ways well-established privacy principles (by the OECD) are reflected in the Terms and Conditions and Privacy Policies in the field of consumer robotics. Our goal is to contribute to the academic discourse in the nascent field of privacy-sensitive robots [11,12], increase the awareness regarding the various privacy strategies used by robot companies, and ultimately create a usable way to make this information more relevant and accessible to the public.
2 Privacy, personal data, and nonpersonal data Is our regulatory framework ready for the adoption of robots in our private lives? Before posing this question, we need to clarify the point of reference for regulation. Regarding regulating robots themselves, the question seems to be difficult to be answered at the moment, especially as robots do not (yet) have consciousness or legal capacity to act. According to the European Civil Law Rules in Robotics [13], "For the time being, many legal sectors are coping well with the current and impending emergence of autonomous robots […]". However, does this mean additional regulation is superfluous? Considering the technological-neutrality argument regarding regulation [14], the law serves well when abstracted from specific technologies. In this sense, regulation should provide legal certainty to enable interpretation in new technological settings in robotics as much as in any other field. Despite the fact that the European data protection framework is technology-neutral and does not block technological adoption [15], the original question remains.
Rather than regulating robots per se, scholars agree that we need to concentrate on regulating the ways that people develop and interact with robots, while at the same time regulating any potential adverse effects that may arise due to the introduction of robots in our daily lives [16]. It has been noted that requirements regarding transparency, traceability, and human oversight are not covered in the existing legal or regulatory framework [17]. At the same time, the liability of AI and robotics forms a significant part of the policy-making agenda [18][19][20].
In this work, we specifically focus on issues related to privacy, data protection, and data governance that seem to be at an infant stage in the field of robotics. However, before considering the implications of privacy in robotics, it is worth highlighting the difference between data governance, data protection, and privacy, which are different but tightly linked constructs.
Data governance is a term related to the ways data are managed as a resource. At a company level, a data governance scheme or policy is based on organizational structures and details on how all data are created, collected, shared, protected, archived, and treated at their end of life. Part of this may relate to customer or user data and is usually publicly communicated to consumers through publicly available Terms and Conditions/Privacy Policies/ Privacy Notices.

Privacy rights, informational privacy, and data protection
The term privacy, as well as the term rights, can have ambiguous meanings in ordinary language. As Newell [21] points out, "theorists do not agree […] on whether privacy is a behavior, attitude, process, goal, phenomenal state or what." Similarly, the term rights can be interpreted in multiple ways: freedom, entitlement, privilege, power, claim, or immunities, while the meaning behind rights is deeply rooted in legal semiotics [22][23][24]. Recently privacy rights received great attention as an area of research, especially in tracing the origin and capturing the term's nature. The history of the emergence of privacy rights as a social, cultural, and legal idea is presented by Richardson [25], while Koops et al. [26] developed a comprehensive taxonomy and typology of privacy dimensions to clarify the distinction between the concept of privacy and privacy rights.
Judge Cooley provides a simple definition of privacy as the right "to be left alone" [27]. At the same time, privacy is reflected as a fundamental human right in the EU Charter of Fundamental Rights and the European Convention on Human Rights. Alternative definitions of privacy rights can also be found from legislation to a range of academic fieldsphilosophy, medicine, information system, management, or marketinghighlighting the trans-disciplinary character of the term.
In this work, we adopt terminology as construed in the nascent field of Privacy-Sensitive Robotics [12], where Rueben et al. [28] presented a taxonomy of privacy as an analytical tool for the Privacy-Sensitive Robotics field. According to this taxonomy, we mainly focus on the aspects of "Informational Privacy" covering concepts of Invasion, Collection, Processing, and Dissemination related to personal informationbased initially on Soloves privacy hierarchy [29,30].
The more recent framework on privacy by Koops et al. [26] adds even more aspects to "Informational Privacy" which overlays eight types of privacy: bodily privacy, spatial privacy, communication privacy, proprietary privacy, intellectual privacy, decisional privacy, associational privacy, and behavioral privacy. While another dimension of Informational Privacy, according to Leenes and De Conca [31], is data protection. In this sense, data protection and privacy have different but also overlapping meanings. The latter work also highlights how data protection and privacy have different but overlapping meanings and how compliance with a data protection regime does not necessarily mean that privacy is a given.

Data governance in robotics
Privacy is generally considered a prevalent issue concerning most technology areas requiring any personal data exchange to operate. However, why robotics may be different from other technologies? What seems to be overlooked is that users build an emotional and social connection with personal and consumer robots, which is richer than other technological artifacts, e.g., other smart appliances or smart meters. It appears that there is an expectation to trust personal robots with the most sensitive information of our lives without actually understanding the policies that govern the control of this information [32]. In this sense, the impact of data governance policies has to be investigated and tailored especially for the field of personal robots, where both the legal and the social norms play a crucial role in creating public trust. In combination with the lack of investment and skills, this lack of trust holds back a broader uptake of AI [18] and, therefore, the adoption of robots in our lives.
In fields of activity beyond robotics, for example, smart energy, the current lack of laws and regulations around the collection of consumer data has been addressed extensively by legal scholars [33][34][35][36]. In smart energy, consumer privacy is an afterthought by most companies [33], and the pervasive lack of transparency of existing systems is a real threat [37]. Legal scholars are just picking up these issues and stress test the scope of current standards and regulations [38]. In addition, currently no comprehensive study focused on the privacy needs and the perceptions of the users. Companies and organizations implement the minimum requirements of state-imposed regulations without users being part of the decision-making process.
Some legal scholars [39][40][41][42] have recently made important contributions to the discussion around the legal tensions arising in privacy due to the presence of robots around us. Notably, most academic contributions were made in the US legal context. In the EU context, the Robolaw project [16,43,44], a Commission-funded academic project, investigated how the existing laws and regulations dealt with robots and concluded in May 2014. On the legal front, the implementation of the General Data Protection Regulation (GDPR), the legal framework that governs personal data protection, came into force after the conclusion of this project in May 2018.

Personal data
In the European regime, part of the interaction records with smart technology potentially falls under the GDPR personal data definition: any information related to an identified or identifiable natural person. However, what does any information mean in the context of personal and consumer robots? How do we draw a line between what is personal or nonpersonal data? Information like images of human faces is undoubtedly classified as personal, but what about data related to the times of the day a user is active or needs a reminder for a specific medicine?

Nonpersonal data
Another recently introduced legislative concept is nonpersonal data. The EU Communication on Building a European Data Economy [45] and the new Regulation on the free flow of nonpersonal data [46] initiated its application in May 2019. Machine-generated, nonpersonal data in the context of Industry 4.0 and Internet of Things were defined as data created without the direct intervention of a human by computer processes, applications, or services, or by sensors processing information received from equipment, software or machinery, whether virtual or real. But what does direct intervention of a human mean in the context of an autonomous machine? For example, data collected by a robot vacuum cleaner may be classified by default as nonpersonal. However, inferences could still be drawn about the habits or other socioeconomic factors related to an individual user. Therefore, it is unclear whether or how this definition complements the personal data definition and where the line between personal and nonpersonal should or could be drawn, especially for robots designed to serve a user.
Legal scholars agree that AI and Big Data challenge the scope of data protection law, especially the extent to which the data subject can be identifiable [47][48][49]. In particular, Putrova [48] argues that everything is being increasingly datified, and any data can be plausibly argued to be personal, from the weather to water waste. In this sense, the capacity to turn data into personal data depends on processing power and data availability [38]. Anonymized data can be de-anonymized when combined or correlated with other data sets and enable inferences to be drawn about specific aspects of an individual's life. As a result, there is no guarantee that nonpersonal data would remain nonpersonal in the future.
From a practical point of view, the cost to distinguish personal from nonpersonal data is high. Consequently, companies increasingly treat nonpersonal data as personal data [50], a practice that seems to be working for this current period. It is yet questionable for how long companies can sustain this practice. A large amount of accumulated data appear to be purposely mislabeled as personal. Therefore, the new services and technologies that could otherwise utilize these nonpersonal data cannot be implemented due to the limitations applicable to personal data. As a result, this may have a negative impact on the implementation of such technologies or services, which greatly depend on large amounts of interconnected data for their success.
In the future, the broadening scope of the definition of what constitutes personal data could make the GDPR hard to maintain [48]. At the same time, some authors believe the law may fall behind new technological advantages [51], despite its current technologically neutral nature. While it is hard to foresee how the relationship between technology and regulation will evolve in the future, creating personal data from nonpersonal databases is a real risk [17].
The authors feel that the social context, conditions of operation, and user interaction modes with a device are crucial elements that need to be thoroughly considered before making a distinction between personal and nonpersonal data. Considering there is a need for future adaptations of the legal framework to be led by evidence-based approaches, this work looks in that direction. This article is, therefore, a first attempt to gain concrete evidence on the ways robotic companies approach similar issues through Privacy Policies and related publicly available documentation.
in the context of therapy, robots can uniquely adapt their personality to create deep engagement with the individual while being both predictive and repetitive [52][53][54].
In essence, personalization is impossible without sharing personal data at some level. However, disclosing private data and information raises privacy concerns. On the one hand, there is a higher perceived quality of a personalized product or service and, on the other, the loss of privacy. This dilemma, known as the privacy-personalization paradox, is a special subcategory of what is widely referred to as the privacy paradox [55]. According to the privacy paradox, on the one hand, individuals perceive their privacy and personal datain theoryas very important while responding to surveys (e.g., the Eurobarometer [56]¹). On the other hand, individuals demonstrate privacy-compromising behavior and easily trade privacy for short-term benefits in practice. The privacy-personalization paradox refers explicitly to this discrepancy when the willingness to give away personal information refers to benefits related to personalized goods or services [57][58][59][60][61].

Building trust in human-robot interactions
The cooperative nature of humans appears to originate from the unique motivation to form a shared mental model of mutual goals and intentions with other users [62,63]. To achieve a task, we need to (i) share a common goal (e.g., assemble a part), (ii) agree on the task distribution (who will do what), (iii) be capable of identifying which task the colleague will do next (e.g., they now plan to screw two parts together), and (iv) be able to anticipate where they will move next (so we can hand over a screwdriver). Without such mutual intention understanding, genuine collaboration cannot be achieved, e.g., we would collide with our colleague and we would place an object in a poor position for them to pick it up. Lewis et al. [64] mention system intelligibility and transparency as one of the core factors affecting trust in automation. At the same time, Hancock et al. [65] demonstrated in his meta-analysis that one of the critical factors related to the robots' general performance in human-robot interaction scenarios included transparency of interaction and, consequently, establishing trust with the robot.
In cases where the user of a personal or a consumer robot is not aware of what kind of data is shared and for what specific purpose, the intentions of the interaction could be misleading. Therefore, the trust between the user and the robot suffers [66][67][68][69]. In human-robot interaction, the whole is greater than the sum of its parts.
The social interaction adds an extra layer to the quality of the relationship between the human and the machine. It is crucial to understand how users built such trust and whether it is trust in the software, the robot itself, the manufacturer, the service provided, or the robot's brand. The recently established field of privacy-sensitive robotics started to investigate these matters in greater detail [11].
In our work, we look into the context of trust and transparency in human-robot interaction. More specifically, we examine the clarity level and communication of intentions regarding privacy formed as part of the Privacy Policy. It is a well-known idea that the vast majority of users rarely read digital contractual agreements, Terms and Conditions, or Privacy Policy documents [70]. In the past, it has also been observed that firms might take steps to make such documents less comprehensible [71] deliberately. Trust is certainly an issue when "take-it or leave-it" approach or boilerplate contractual agreements is the norm.
Here we concentrate on the role and impact of Privacy Policies in defining the transparency of the human-robot interaction in terms of the data collected or utilized by the robot. In this sense, we are interested in how they may affect the trust that the user builds with the robot through the ways the company has communicated them.

OECD privacy guidelines
The OECD is an intergovernmental economic organization founded to stimulate economic progress and world trade. To assist the development of a global privacy protection framework and support digital trade, in 2013, the OECD released the Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data [72] also known as the OECD Privacy Framework,² which was based on the original version initially released in 1980.  1 In the latest Eurobarometer study (e-Privacy 2016) "The privacy of their personal information, online communications and online behavior is very important to the majority of respondents" and "nine in ten respondents say it is important that personal information on their computer, smartphone or tablet can only be accessed with their permission."  This work utilizes the OECD principles as it is considered a globally accepted standard that formed the basis for privacy regulation in a number of jurisdictions [73]. Therefore, our analysis takes a universal perspective and is not tied to one jurisdiction. The EU approach to privacy (and the GDPR) may be considered one of the most comprehensive ones [31]. Nevertheless, global (regulatory) convergence around the GDPR standards for all jurisdictions is unlikely [74]. We adopt the OECD principles as a global standard for our analysis, rather than other domestic laws or standards, to create a more inclusive methodology independent of trading relationships with the European Economic Area. As a result, the analysis in this study is relevant not only in a European context but in a more global context. In the future, this work can be expanded to a discussion more tailored to the EU context by drawing closer attention to the overlap and differences between the OECD principles and the GDPR, as discussed by legal scholars [73,75].
The OECD privacy framework involves eight principles: ( (P1) Collection Limitation Principle: There should be limits to the collection of personal data, and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
(P2) Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete, and kept up to date.
(P3) Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
(P4) Use Limitation Principle: Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified in accordance with (the Purpose Specification Principle) except: (a) with the consent of the data subject or (b) by the authority of law.
(P5) Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.
(P6) Openness Principle: There should be a general policy of openness about developments, practices, and policies concerning personal data. Means should be readily available for establishing the existence and nature of personal data and the primary purposes of their use, and the identity and usual residence of the data controller.
(P7) Individual Participation Principle: Individuals should have the right to (a) obtain from a data controller, or otherwise, confirmation of whether the data controller has data relating to them; (b) have communicated to them, data relating to them within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; (c) be given reasons if a request made under subparagraphs (a) and (b) is denied and be able to challenge such denial; and (d) challenge data relating to him and if the challenge is successful in having the data erased, rectified, completed, or amended.
(P8) Accountability Principle: A data controller should be accountable for complying with measures that give effect to the principles stated above.
In the present study, we directly utilized the above principles to assess the Privacy Policy documentation of personal and consumer robotic companies. The interpretation of these principles and the rating scheme is described in Section 6.

Methodology
Here we shed some light on how privacy terms are formed and utilize the OECD principles as a unifying framework and a tool to draw comparisons between approaches of different companies in the field of consumer robotics. The goal is to determine the part of the policy that captures the essence of each principle.
The methodology background rests on prior literature examining Privacy Policies based on objective or subjective standards in fields other than robotics. For example, Khalil et al. [76] review Massive Open Online Courses (MOOC) and explore how consent to collect and use data is described to potential users. Nokhbeh Zaeem and Barber [77] study Privacy Policies of 600 companies across industries to reveal trends in user data collection, while Das et al. [78] and O'Loughlin et al. [79] examine the Privacy Policies of mobile apps.
To assess the extent to which the OECD privacy principles are considered in a Privacy Policy of personal and consumer robotic products (see Table 1), each Privacy Policy was reviewed four times by the researchers, and each review had a distinct scope; Review 1 -Determine the supporting text guidelines for each principle: The first of the four reviews required every policy to be read and common themes of text to be recorded. Once the review was completed, these themes were then assigned to the most relevant principle.
Review 2 -Extraction of relevant text: Having identified the text that would support a principle, each policy was then reviewed a second time for all relevant text to be extracted and recorded against the relevant principle.
Review 3 -Scoring of the extracted text according to each OECD principle: The third review enabled a rating from 0 to 3 based on the degree to which the extracted text within the policy supported the specific principle. The decision to use a 0-3 scale allowed a scoring mechanism that can demonstrate the level of detail in each of the Privacy Policies while providing a simplified measure that focuses on the main points of each principle (see Table 2). Privacy Policies that did not cover a certain principle scored 0 for the specific principle; policies that refer to issues associated with a principle vaguely scored 1 for that principle; policies that support the principle in reasonable detail related to a principle scored 2; while policies that support a principle in a detailed and explicit manner scored 3 in that principle.
Review 4 -Comparative review of scores and text: This final review was to directly compare the text of policies with matching scores for a specific principle to identify and remove any anomalies and ensure consistent, noncontradicting scores across the results set.
One of the coauthors identified the Privacy Policies and the Terms and Conditions by searching for the most popular consumer robotic firms and their publicly avail-able documentation in their proprietary web pages. All the policies and Terms and Conditions were then independently reviewed by two of the authors, and the scores assigned by each author were compared. There was a lack of substantial deviation in the rating, and it was easy to reach a consensus on the final ranking. The third author was also consulted in terms of the rating strategy to ensure the rating strategy's robustness.
Our initial sampling strategy was to include the most popular consumer robotic firms in the field in this review. However, due to the small number of active companies in the field, we broadened the scope of research to include companies that offer products directly available to consumers. As a result, we reviewed the Privacy Policies of eight robotic companies in this study. The Privacy Policies were publicly available, and there was no requirement to purchase the product to access them. Initially, 15 consumer robotic companies were identified as potentially subject to the study (SoftBank, Ubtech, ANKI, Bluefrog, Dyson, Ecovacs, Intuition Robotics, Qihan Sanbot, iRobot, Reach Robotics, Wonder Workshop, Promobot, Aeleous, Avatarmind, and iLife). However, five of those companies did not have publicly available Privacy Policies (Bluefrog,  Text supporting this principle is limited in detail and vague in statement 2 Text supporting this principle has a reasonable amount of detail and specificity 3 Text supporting this principle is detailed and explicit Qihan Sanbot, Aeleous, Avatarmind, and iLife) while two of them (Intuition Robotics and Promobot) had publicly available Privacy Policies that were only related to the use of their website, which was independent of the product or the service the robot provided. At this point, it is worthwhile noting that some of the largest humanoid companies do not have publicly available Privacy Policies related to the service or the robotic device. The reason may be that consumers are not expected to order a humanoid without prior communication with the company. A humanoid may be considered a product for a more specialized audience, and, therefore, detailed privacy information is not publicly available. Table 3 presents the companies selected for this study, along with the size and the country in which each company's headquarters are located. Some of those companies specialize in robots, while others, for example, Dyson, develop various products, including consumer robots. The size was estimated according to the turnover. The size of the company based on the turnover was categorized as followssmall (<10M USD), medium (<1B USD), and large (<10B USD). We provide a brief description of each company in Section 7. Due to copyright restrictions, we refrain from referring to extracts from each policy here. Dyson's Privacy Policy³ covers all "connected products" and services provided by the company. This Privacy Policy had a relatively larger word count than the rest of the Privacy Policies reviewed, which may be justified due to the company's size and the broad range of products provided. Based on the four-step review process, and according to the OECD privacy principles followed in this work, this was the highest-ranked policy with an overall score of 14.

ANKI -Cozmo, Vector
Founded in 2010 by three graduates of Carnegie Mellon University, ANKI created small consumer robots such as Cozmo and Vector, defining the category of affordable, entertainment home robots that create emotional connections with the users. Digital Dream Labs later acquired the company to continue the development of the Vector robot.⁴ The company's Privacy Policy⁵ is detailed and demonstrates how user data and privacy are treated when the user interacts with the robot. This was the second-highestranked policy with an overall score of 12. Compared, for example, to Dyson's Privacy Policy, this is clearly a policy specializing in the interaction with a robot.

Wonder Workshop
Wonder Workshop specializes in educational robotics to encourage age-appropriate learning and coding skills. Their range of robots is available to individual consumers; however, the company also supplies material to enable educational institutions to form part of a more formal curriculum. The company's Privacy Policy⁶ appears to have taken under special consideration issues related to children's privacy and data. In terms of the Accountability Principle, the policy refers specifically to privacy pledges and agreements regarding student data privacy and educational law.

iRobot Corporation -Roomba
It has been more than a decade since iRobot Corporation introduced its first robot vacuum in the market, the infamous Roomba. After that, it altered the landscape of the consumer robots and autonomous cleaning devices. The latest products from iRobot are using a machine-generated map of the floor plan that the robot is working on, raising multiple personal data security questions to their users' homes [80].
The company's policies⁷ refer to the ways personal data are utilized for further processing. There is an explicit statement on handling personal information for user registration purposes and potentially other information if the user chooses to register using an account related to social media. It is worthwhile noting that, like most companies, these terms and conditions are considered as a "blanket" covering the web page, the actual robot, and the mobile application for all the product ranges.
The policy comprises an adequate justification of the Security Safeguards Principle detailing handling, transit, and data storage. There may, however, be a gray area related to the handling of the generated data when the user may choose to opt in and enable "smart-home" features such as connection with Amazon's Alexa and use the generated floor plan as input for controlling the robot.

Reach Robotics -MekaMon
Reach Robotics released the MekaMon robot in 2017. MekaMon, a spider-legged robot, is used in a robotic battle game that includes Augmented Reality and forms an educational tool. The company recently went into administration. However, according to a public declaration, they are still active in the educational field.
The company's Privacy Policy is part of the Terms and Conditions⁸ and includes the services provided by the company. Interestingly no issues regarding the collection or storage of data generated through the device are discussed in the policy.

UBtech -AlphaMini
UBtech provides a range of robots, from large-scale humanoid and service robots to smaller companion or educational toy robots. The company's large service robots can be used in many sectors, providing guidance and facilitating users in many tasks. UBtech also has an educational branch, including robots and tool kits aimed at tech children coding through the interaction with a robot.
It appears that UBtech has separate Privacy Policies for each robot. We could track down only the AlphaMini product Privacy Policy.⁹ The AlphaMini is a personal robot companion that is managed through a mobile application.

SoftBank Robotics -Pepper, Nao
SoftBank Robotics humanoids Pepper and Nao are famous worldwide for their capabilities as social assistants in education, health-care centers, and public spaces to welcome, entertain, and facilitate users and visitors.
SoftBank Robotics Privacy Policy¹⁰ covers the use of the services provided by the company, including services and data related to the robots.
The policy refers to the practice of collecting dialog data to surpass the limitations of the software related to voice recognition. The sharing of spoken words, which can potentially include personal or other sensitive information with third parties, may result in personal information being transmitted to third-party providers potentially located outside the European Economic Area.

Ecovacs -Deebot, Winbon
Ecovacs is one of the longest active companies in the field of robotic appliances and was founded in 1998. They currently develop robotic floor cleaners and robotic window cleaners, while the devices also connect with a mobile application to enable the user to control the robot. According to the company's website, some of their latest models feature an AI chipset and camera module that enable greater precision in the navigation of the robot; while Ecovacs' Privacy Policy¹¹ is a blanket policy covering all the product ranges.

Analysis of Privacy Policies according to the OECD privacy principles
Following the four-stage review process, each Privacy Policy was rated according to each OECD principle (see Table 4). This section provides an analysis of each principle and the practical recommendations that would bridge the gaps revealed in the way such Terms and Conditions are communicated.

P1: Collection Limitation Principle
Most Privacy Policies scored low in the Collection Limitation Principle. The reasoning behind this is the lack of explanation of the processes to grant the consent of data collection in an explicit and controllable manner. Most policies in the field of robotics seem to have a "take-it or leave-it" approach. There is no option to give consent "as you go," accepting or rejecting the options that fit each user and limiting data collection.In other sectors, for example, in an activity tracker Privacy Policy,¹² consent to process data is requested separately when the user takes action and as they interact with different services or features of the device. As a result, the user gains much more granular control of their data and allows them to control the company's access to their data. Consumer robotics companies can potentially borrow similar approaches to increase control users have over their data and limit the data collected through their services and products.

P2: Data Quality Principle
In terms of the Data Quality Principle, all Privacy Policies provide statements regarding the data collected. However, some Privacy Policies are much more explicit, listing the specific types of data collected and the data not collected. This is, for example, clearly demonstrated by comparing the policies between Wonder Workshop and UBtech. The first provides an exact list of the types of data collected. Simultaneously, the second gives some examples, including noncommittal terminology (i.e., etc.), which introduces ambiguity over what they may collect. A clearly defined list of the type data collected can give users more certainty regarding what is recorded and who may store it when it comes to their data. Therefore, consumer robotic companies may consider making explicit mention of what exactly is and what is not collected through their services and devices.

P3: Purpose Specification Principle
All Privacy Policies reviewed comprise statements related to the Purpose Specification Principle. Some policies, however, comprise more assertive statements than others. For example, some policies note the storage location and encryption of photos taken by the robots. Other policies scoring lower make more generic statements, including phrases that introduce ambiguity. For example, declarations that all collected data may be used in other services in accordance with the legal obligations. Other ambiguous statements relate to the period that data will be held, i.e., data retained "for as long as is necessary." According to the Purpose Specification Principle, Privacy Policies need to have explicit statements defining how the company will use the collected data and the period the data will be held. Determining how all the collected data will be used can be challenging for a company, mainly because they may not be able to foresee how they might use the data in the future. This may lead to ambiguous statements about the purpose of data and their retainment period. To avoid ambiguity, the policy needs to commit to specific practices and time frames to define and publicly disclose data management plans.

P4: Use Limitation Principle
The Use Limitation principle directs limiting data collected and used by the company or provided to the third parties. Most policies reviewed here comprise some provisions on this principle to an extent. However, the highest-scoring policy provides additional details regarding the circumstances in which they may share the data with the third parties. Nevertheless, no Privacy Policy provides specific details regarding the third parties with whom they share data.
To improve Privacy Policies in terms of this principle, additional pieces of information need to be provided. First, disclosing the purpose behind data sharing with the third parties, second the jurisdiction of those third parties, and finally revealing those third parties.

P5: Security Safeguards Principle
All Privacy Policies reviewed mention security measures taken to safeguard data, such as data encryption or measures taken to transfer data across country borders and jurisdictions. The policy achieving the highest score explicitly mentions the type of encryption protocols and details the circumstances under which they are used.
Other policies scoring lower make very generic statements regarding abstract security measures.
An explicit mention of the specific security measures taken when transferring or storing data, rather than abstract mentions on security, can enhance a Privacy Policy in line with the Security Safeguards principle. This can also give insights to the users regarding the tools the company might be using and whether they use the most modern security protocols.

P6: Openness Principle
All Privacy Policies reviewed make statements regarding updating the policies and updating the consumers of these changes. In this case, the highest score was attributed to a policy that makes a specific reference of the timeline of the updating process and the specific ways these updates will be communicated to consumers. Therefore, a Privacy Policy can be enhanced in term of the Openness Principle by disclosing how often the policy will be revised to incorporate new developments and practices, as well as how consumers will be informed of these revisions.

P7: Individual Participation Principle
Data subjects' rights and the ways consumers can exercise them were part of all Privacy Policies reviewed. The main difference between scores rests in the fact that some policies make explicit mention of the consumers' data rights independent of the jurisdiction. Other policies are more subtle and even leave it to the consumer to judge whether some provisions violate the agreement. For example, consumers can contact the company in case of a violation, and the company can delete the personal data. Providing a clear definition of the specific rights a consumer has in terms of the data collected clarifies and can significantly enhance a Privacy Policy.

P8: Accountability principle
References and statements on the ways a policy comply with specific rules, regulations, and ethical guidelines are dictated by the Accountability principle. In this case, only half of the policies reviewed comprised such references. The highest score was granted to a policy with an in-creased level of detail in referencing relevant regulations and guidelines related to specific user groups (i.e., children).
Providing details in terms of the rules, regulations, and ethical guidelines that were taken into consideration when the policy was formed or updated has a positive impact on the policy. This also demonstrates that the company is up to date with current discourses on privacy and may, therefore, be in a better position to provide the state-of-the-art service to users.

Concluding remarks
Privacy, transparency, and trust are fundamental concepts that the human-robot interaction community recently started exploring. To the best of the authors' knowledge, this is one of the earliest works in the field, which adds a practical dimension to the gray areas of user privacy rights. This work provides some interesting insights into the structure and context of privacy terms and conditions of personal and consumer robots. This analysis of privacy terms and conditions revealed gaps in the ways such conditions are communicated to the users.
Despite the limitations in our analysis in terms of the extensiveness of this study, the trend appears to be that consumer robotic companies do not uniformly consider privacy. It would be important to understand the extent to which this is a design choice in the robot architecture, an actual functional requirement for the robot's operation, or a legal requirement depending on the jurisdiction the company operates. In this study, for example, the jurisdiction did not appear to play a significant role.
The size of the policy and word count also do not seem to play significant roles in the specific ranking. A lengthy policy does not necessarily mean that all principles are covered to a greater extent. Nevertheless, a broad trend is evident, as the average word count for the top performers was higher than the average word count of the bottom performers. This means that a large word count does not necessarily mean that all principles will be better covered, but it may hint at the level of detail comprising each policy.
A way forward to improve a Privacy Policy would be to clearly define the information that a robot can process locally and the information necessary to be sent back to the company (e.g., troubleshooting to improve specific features and data for training an algorithm).
In the policy agenda, the absence of technical tools and standards to simplify and empower users to exercise their rights has been noted [81]. Some interesting points have been suggested on consent, reducing complexity and tailoring privacy notices by one of the leading European bodies on data privacy, the Article 29 Working Party (also known as WP29¹³) which acted as an advisory body comprising representatives from the European Commission, each EU Member State data protection authority and the European Data Protection Supervisor. Rather than displaying all information in a single notice or document, the WP29 suggested that privacy documents can present information in a layered manner, so users can access only information relevant to them each time [82]. This includes a "just-in-time" approach where privacy notices are "pushed" before a user makes a specific decision to share data or additional information is "pulled" upon the user's request [83]. Another interesting idea mentioned in the opinion 3/2020 on the European strategy for data would be to provide information through standardized and machine-readable icons [83], which could facilitate not only users but also algorithms to interpret the main points of a privacy notice quickly.
Another concept to explore is whether a firm's business scope is a predictor of its level of privacy. For example, a service-orientated firm might justify collecting personal data differently than a product-orientated firm providing hardware. Similarly, it is important to clearly define user rights separate from consumer rights, especially when the consumer and the user are different. In general, many open questions need to be answered from a business perspective, and more in-depth research is required into the inner workings of a company to understand how organizations take privacy decisions and how they choose to communicate them.
This study was the first step to develop a rating scheme based on the preexisting privacy principles. One of the main limitations may lay on the qualitative and subjective nature of rating by the researchers. Future research will focus on creating a more robust methodology and rating scheme.
To drive more transparency and flexibility in the human-robot interaction, this work needs to expand on the user-friendliness and customizable aspects of digital agreements. It is also important to open such a discussion and incorporate a user-centered research approach to develop novel ways that privacy and user rights accommodate user needs. The final goal is to create more transparency in data governance during user interactions and  13 WP29 has recently been replaced by the European Data Protection Board (EDPB) under GDPR. accommodate a stronger perception of trust and a symbiotic relationship with robots.