Skip to content

AI-Based Translation Tools: What Does Data Protection Say?

Ao Zaa Studio – stock.adobe.com

According to the digital industry association Bitkom, 41 percent of companies with 20 or more employees now use AI (artificial intelligence). While searching for answers in AI chatbots has increased significantly in recent months, AI-based tools have been used for translations for some time now. In addition to entering text to be translated, voice input is particularly important — for example in German — to use an AI tool to obtain the spoken text in another language. This extends to the point where AI performs simultaneous translations during multilingual conversations.

Although 77 percent of companies surveyed by Bitkom say that data protection hinders them in their use of AI, AI-based online translations of both documents and spoken language are used very actively. But is this even compatible with data protection?

Biometric Data Is Specially Protected

There are many reasons why online translation using AI is a data protection issue. For one, personal data may be contained in the texts that are to be translated using an AI tool. This is already the case with a letter that contains information about the recipient and is to be translated online.

However, when voice input occurs, additional data protection questions arise: the human voice is classified as biometric information, which falls under the category of special personal data under the GDPR (Article 9 of the General Data Protection Regulation).

In fact, various AI tools not only translate voice inputs, but also provide the translated response in a voice that mimics the user’s voice.

The Bavarian Data Protection Officer recently explained (PDF): An AI voice translation tool regularly processes not only the data directly entered and output in its intended use (here: the content to be translated and the translated content), but can also potentially collect and further process voice profiles of users. The latter can, if uniquely attributable to a specific natural person — for example due to a unique timbre or specific speech patterns — constitute biometric data within the scope of Article 9 of the GDPR, according to the supervisory authority.

However, it depends on the specific case what must be observed in data protection: Is the processing taking place for the purpose of “uniquely identifying a natural person”? The supervisory authority explains: Such a scenario would be conceivable in the context of AI voice translation tools, for example, if the tool can perform speaker recognition and is used accordingly.

Then the legal bases for processing the biometric data must be present, as required in Article 9 of the GDPR. Additionally, according to the supervisory authority, it should be ensured in particular that voice data is not used for retraining the AI voice translation tool and is deleted after the end of the respective translation session.

But what if it really is just about the translation and the speaking person is not to be uniquely identified?

Data Protection Does Not Make AI Translation Impossible

Even though data protection is repeatedly referred to as a hindrance to the use of AI, it is not the case that AI-based translations fundamentally pose a problem because voice inputs are treated as biometric information.

The Bavarian Data Protection Officer makes clear: If AI voice translation tools are used for purely translation purposes and there is also no misuse of voice data associated with voice input possible or permissible (for example through reliable technical and/or contractual exclusion), then there is no processing of biometric data for the purpose of identifying a natural person.

Nevertheless, sensitive information to be translated must be adequately protected. Generally: Regardless of the specific product and deployment scenario used, all data protection law requirements and in particular the General Data Protection Regulation must be complied with and documented when using AI voice translation tools, according to the supervisory authority. This is why reading the guidance (PDF) is worthwhile nationwide for companies, even though the guide is aimed at public bodies in Bavaria.

Learn more about data protection and compliance

ComputerWeekly.de

Share on: