A literature review of user privacy concerns in conversational chatbots: A social informatics approach: An Annual Review of Information Science and Technology (ARIST) paper

3.1.1 Inclusion and exclusion

3.1.2 Search strategy

The papers presented in this review were manually collected in June 2023 from Google Scholar, the Association for Computing Machinery Digital Library (ACM DL), Web of Science, and the Institute of Electrical and Electronics Engineers (IEEE Xplore). These repositories were selected in order to potentially capture any article addressing relevant topics in conversational AI chatbots and privacy. The search was conducted by using a number of search statements that combined relevant phrases and terms. The first statement aimed to explore general privacy concerns related to chatbots, while the second statement was specifically for addressing user privacy concerns with chatbot interactions. The search statements were:

Statement 1: (chatbot* OR “AI chatbot” OR “virtual assistant*” OR “conversational agent*”) AND (privacy*).¹

Statement 2: (chatbot* “AI chatbot” OR “conversational AI” OR “conversational AI chatbot” OR “virtual assistant*” OR “conversational agent*”) AND (privacy* OR “usable privacy” OR “privacy issues”).²

The results of both rounds of search and papers that were downloaded and included in the subsequent analysis are provided in Table 2.

3.1.3 Article selection

The search was limited to title, abstract, and keywords from four sources: journals and conference proceedings as sources and articles and conference papers as documents. The author meticulously assessed each search result by clicking and examining them individually in each source results. Subsequently, the results were exported to a spreadsheet, complete with their corresponding URLs and rearranged into columns with publication details in order to make them uniform, duplicates were deleted, and the papers that clearly did not meet the formal criteria (e.g., workshop papers) were removed. However, upon carefully examining the search results in four sources, it was observed that materials beyond the 198th paper either duplicated content already assessed or were unrelated to the review's scope. As a result, if the search generated over 200 results, the additional results were decided to be disregarded on the assumption of duplication or lack of relevance. If the result count was below 200, all search results were reviewed comprehensively. In total, 894 papers' titles and abstracts were reviewed.

After additional screening for relevance through their abstracts and removing duplicates, the total dataset consisted of 163 papers (Statement 1 = 106 and Statement 2 = 57). The findings and recommendations sections of these remaining papers were examined to identify whether they addressed user privacy harms and risks within the context of conversational text-based chatbot interactions. Any papers that did not address these aspects were subsequently removed from consideration. In total, 61 full-text papers were deemed eligible for further analysis. If ambiguities persisted about the eligibility of a specific paper, the text was analyzed. After analysis, total 23 papers were excluded because they focused primarily on security and design for privacy compliance (n = 11), and they were excluded they were not including at least one user study that explored user privacy impacts from chatbot interactions (n = 12). At this stage, 38 papers were identified for inclusion in the corpus. The qualification rates were Google Scholar (47%), ACM DL (22%), Web of Science (14%), and IEEE Xplore (20%). Figure 1 shows the flow diagram of the database searches and article screenings.

4.1.1 Social science theories

Notably, social science theories have played a significant role on the intricate dynamics between users, technology, and privacy outcomes. In this review, 17 distinct social science theories have been identified. This section delves into this nuanced landscape of social science theories, offering insight into their application in studies concerning conversational text-based AI chatbots.

Uses and Gratifications (U&G) Theory

U&G theory is a mass communication paradigm used to understand why people use media and the gratifications they obtain through proactive media consumption (Katz et al., 1973). Cheng and Jiang (2020) expanded the application of U&G and categorized the obtained gratifications into four main clusters based on the users' experiences: hedonic, technological, social, and utilitarian gratifications. Cheng and Jiang (2020) implemented the theory in the domain of customer service by creating a theoretical framework that helps to explain the effects of smart media and the overall influence of AI chatbots on business outcomes. U&G theory also enhanced the perceived privacy risk with chatbots and its impact on user satisfaction (Cheng & Jiang, 2020). They combined SPT with U&G theory to understand user satisfaction and perceived privacy risks of chatbots. In Marjerison et al.'s (2022) study on ecommerce chatbots, U&G Theory was also adopted to analyze users' acceptance of these chatbots with exploring technology (chatbot design and interaction) acceptance (Wang et al., 2020), hedonism, and privacy risks. Mercieca (2019) conducted research exploring the factors influencing acceptance, trust, and confidence in chatbots and applied U&G theory in their study. Correlating their findings with U&G theory, Mercieca (2019) suggested that the benefits (gratifications) of incorporating AI chatbots may be a contributing factor to their acceptance and popularity across various domains (Brandtzaeg & Følstad, 2017). In other words, to ensure the success of chatbot-based services, it is essential to prioritize usefulness and ensure that chatbots fulfill specific needs and gratify users with valuable functionalities (Brandtzaeg & Følstad, 2017; Mercieca, 2019). While Rese et al. (2020) were identifying factors that positively or negatively influenced the usage intention and frequency of use of an AI chatbot called “Emma,” they applied U&G theory (Davis et al., 1989, p. 983). U&G theory allowed them to categorize motivations for using text-based chatbots, building on previous work by Brandtzaeg and Følstad (2017). Considering potential hindrances to chatbot acceptance, Rese et al. (2020) addressed two risks which is: immaturity of the technology and privacy concerns. They also argued that U&G theory can provide more information when evaluating with their U&G model of the chatbot “Emma” (Figure 2).

Regulatory Focus (RF) Theory

Kim et al. (2022) incorporated RF theory to examine the relationship between consumers' motivations and their actions in the context of chatbot advertising. Kim et al. (2022) introduced RF as a crucial concept to reconcile inconsistent findings on the disclosure of personal information (see Figure 3). They defined this theory as the alignment of individuals with either prevention or promotion self-regulatory orientations (Higgins, 1997) in various daily activities like driving, investing, and shopping (Kim et al., 2022). In other words, according to the theory, individuals can be driven by promotion-oriented goals, which involve seeking advancement and success to achieve an ideal self and gain over potential risks or losses (Kim et al., 2022). Kim et al. (2022) found that consumers with a predominantly promotion-focused mindset were more receptive to personalized chatbot advertising, valuing the benefits offered and displaying a higher likelihood of making purchases.

4.1.2 Technology theories

There are several technology approaches that have guided conceptualization of conversational text-based AI chatbots regarding privacy outcomes. These approaches guided scholars in developing the following theories: Computers as Social Actors (CASA) Theory, Technology Acceptance Model (TAM), Privacy Calculus, and Gaze Direction Theory. Within this section, the theories are expounded upon to foster a thorough comprehension of their application and impact within this field.

Technology Acceptance Model

Lim and Shim (2022) revealed that individuals perceive that using AI agents could improve their everyday task performance, aligning with the concept of perceived usefulness (PU) from the TAM proposed by Davis et al. (1989) and Davis et al. (1989) (see Figure 4).

In Mercieca's study (Mercieca, 2019), the TAM was employed to explore the acceptance and adoption of chatbots. The perceived ease of use (PEOU) and perceived usefulness (PU) of the chatbot technology within its application area, along with cultural norms and social influence, play pivotal roles in predicting its acceptance (Mercieca, 2019). Mercieca (2019) found that the PEOU was facilitated by two factors: firstly, most participants had prior exposure to chatbots, making them more receptive to their ease-of-use; and secondly, chatbots inherited features, such as keyboard and chat dialogue, that were familiar to participants from other utilities, contributing to their ease-of-use. Mercieca (2019) revealed that technical malfunctions and inconsistencies acted as barriers to trust in chatbots, impacting their acceptance and adoption by users. In addition, Kelly et al. (2022) applied the TAM and its extended constructs (PU, PEOU, and trust) to investigate individuals' behavioral intentions in the areas of user acceptance and adoption of AI chatbots in mental healthcare, online shopping, and online banking. TAM was chosen due to its adaptability to new variables and its suitability for analyzing human behavioral intentions toward technology (Kelly et al., 2022). Their proposed TAM (Figure 5) posits that PU and PEOU are the primary factors influencing an individual's behavioral intention to use a technology, subsequently impacting actual system usage (Kelly et al., 2022). They Widener and Lim (2022) considered trust as an additional predictor because it was found to influence users' intentions toward technology, so it was added in as one of TAM's constructs. Prakash et al. (2023) also explored the connection between TAM's attributes of PU, PEOU, and trust in AI based chatbots and additionally included social presence and privacy risk in their conceptual framework (see Figure 6).

Rodríguez Cardona et al. (2021) focused on experienced chatbot users and examined the impact of privacy concerns and trust in chatbot systems, alongside the widely used TAM variables of PU and PEOU. Rese et al. (2020) employed the TAM to measure the acceptance of the chatbot “Emma” among its target segments, with included perceived enjoyment as an additional consideration (van der Heijden, 2004) and adopted the previous work (Rietz et al., 2019). Rese et al. (2020) considered PU as an extrinsic motivation, where improved performance is expected as a consequence of using the chatbot to achieve utilitarian gratifications such as authenticity of conversation, PU, or hedonic factors/positive beliefs such as perceived enjoyment. These two approaches, utilitarian and hedonic, to find usage intention and frequency in users' behavior in chatbots. PEOU was seen as a determinant or antecedent, positively affecting both perceived usefulness and perceived enjoyment, leading to hedonic gratification. Their proposed TAM relationships for “Emma” can be seen in Figure 7.

4.1.3 Cognitive science theories

By delving into the realms of cognitive science, researchers and practitioners can unravel the intricate connections between human cognition, decision-making, and the safeguarding of personal information. In this review, there is only one distinguish cognitive science theory has been identified: Theory of Mind.

4.2.1 Quantitative method approaches

Belen Saglam et al. (2021) conducted an empirical user study, using surveys to explore potential risks and concerns users may have while interacting with AI-based chatbots with 491 participants. The study employed a 7-point Likert scale to measure users' feelings about various aspects of chatbot-centered questions. The researchers used a combination of descriptive and quantitative statistical analysis to analyze the survey responses. Cheng and Jiang (2020) designed an online survey using a 7-point Likert scale for data collection. They recruited 1064 participants by Amazon Mechanical Turk (MTurk). To perform the data analysis, they utilized Structural Equation Modeling (SEM), which is a statistical method that enables researchers to assess complex relationships among variables and validate theoretical models with Mplus software. Pizzi et al. (2023) also conducted two experiments using online survey. First, they employed a between-subject experimental design with factors including gaze direction (direct vs. averted), anthropomorphism (low vs. high), and chatbot gender (male vs. female) with 451 participants. Second, they used a between-subject experimental design with the same factors as the first experiment with 800 participants. They analyzed the data with ANOVA. de Cosmo et al. (2021) employed surveys with designing a questionnaire using 5-point Likert scales to collect data from 846 participants. For analysis, they (2021) performed several statistical procedures: (1) assessed the multivariate normality of the data using Mardia's test; (2) evaluated the internal consistency of the measurement scales by calculating Cronbach's α coefficient, which ensured that the measurement scales were reliable and consistent in assessing the underlying constructs, (3) derived unidimensional values for each scale by averaging the item responses; and (4) conducted a moderated mediation analysis using the PROCESS macro in SPSS. van Eeuwen (2017) employed a quantitative cross-sectional research design with formulating hypotheses and conducting an online survey. van Eeuwen (2017) asked 195 participants to rate their agreement with statements on a 5-point Likert scale, reflecting factors, such as perceived usefulness, internet privacy concerns, and trust, influencing their intention to use chatbots. The data was analyzed with simple regression analysis to examine the relationships between independent variables and the dependent variable (IPC), that is, the intention to use chatbots for mobile commerce (van Eeuwen, 2017). In order to understand Chinese people's acceptance of chatbots, Marjerison et al. (2022) used quantitative methodology and collected data through an anonymous online survey from 540 participants who identified themselves as online shoppers, Chinese, and were already familiar with chatbots. In 7-point Likert scale survey, they tested their 6 hypotheses on three dimensions: technology acceptance of chatbots, hedonic (enjoyment, passing time, and behavior intention), and users' privacy concerns and risks.

Fan et al. (2021) adopted a data-driven approach by analyzing the system log of a widely deployed self-diagnosis DoctorBot chatbot in China. The dataset comprised 47,684 consultation sessions initiated by 16,519 users. To comprehensively analyze their dataset, they employed both statistical analysis and content analysis. Kelly et al. (2022) conducted a cross-sectional within-subjects research design survey, consisting of a 71-item online questionnaire, to evaluate 360 participants' future behavioral intentions toward AI chatbot usage. Privacy concerns and trust were measured using a 5-point Likert scale, and a 7-point Likert scale was adapted to assess privacy concerns across each scenario. For data analysis, statistical analysis was employed, and for the open-ended questions, deductive content analysis was used to identify common themes such as concerns about loss of humanity, job loss, privacy, and inadequate skill concerns. Benke et al. (2022) used an online experiment with three experimental conditions (a between-participants design). Participants were assigned to a prescripted, fictitious group chat with an emotion-aware chatbot that provided feedback on team members' emotions, and this assignment was random. To assess the participants' responses (n = 176), their study employed survey questions rated on 7-point Likert scales. For analysis, they (2022) utilized a statistical method by using ANOVA. Prakash et al. (2023) conducted a user study where participants (n = 221) responded to a questionnaire, rating all items on a 5-point Likert scale. They (2023) empirically tested their proposed conceptual model using the data collected through the questionnaire. To analyze the data and assess the relationships between the variables in the model, they (2023) employed a partial least squares structural equation modeling (PLS-SEM) method, using SmartPLS v 3.3 software. Rodríguez Cardona et al. (2021) conducted a user study with 215 participants using a standardized online cross-sectional survey to explore the relationships underlying the intention to use chatbots in the insurance business. For data analysis, they employed PLS-SEM. The survey questionnaire consisted of closed questions with 22 measurement items related to trust, privacy concerns, perceived ease of use, perceived usefulness, and intention to use. Trust, privacy concerns, and acceptance constructs were measured using a 5-point Likert scale.

Rajaobelina et al. (2021) conducted a standardized online cross-sectional survey, including 430 participants. The survey questionnaire consisted of closed questions related to 22 measurement items, covering trust, privacy concerns, perceived ease of use, perceived usefulness, and intention to use. Both privacy concerns and acceptance constructs were measured using a 5-point Likert scale. Sohn et al. (2019) tested hypotheses with two different experimental studies combined with a survey which measuring both social presence effect on user privacy and presence of CUI effect perceptions of being watched that with 74 participants. Sohn et al. (2019) analyzed the data with ANOVA. Song et al. (2022) also involved two experimental studies (first study participant n = 156 and second study participant n = 157 participants), including 13 hypotheses. They (2022) developed these hypotheses and tested designed group experiments using a single factor (service agent type: chatbot vs. human beings). Participants were surveyed using a 5-point Likert scale. ANOVA was employed for the analysis.

4.2.2 Qualitative method approaches

Ng et al. (2020) measured trust, privacy concerns, social presence, and intention to use chatbots through an online experiment using a secure and reliable chatbot, XRO23 with 191 participants. In the experimental group, participants were then presented with a vignette describing a more human-like chatbot named Emma, while the control group received the reliable and secure chatbot. The vignette-style methodology was used as an induction protocol to assess 219 participants' responses and preferences, providing valuable insights into users' attitudes and acceptance of chatbot features and privacy-friendly interactions. Völkel et al. (2020) also employed a chatbot Kai in their study. The study involved participants (n = 21) interacting twice with the chatbot: first, engaging in customer service scenarios to receive their actual profile (baseline), and then a second time attempting to disguise their personality strategically to trick the chatbot into calculating a falsified profile. They (2022) conducted interviews, questionnaires, and thematic analysis to gain deep, qualitative insights into participants' assumptions about the factors the chatbot used to calculate their profile and the strategies that could be effective in tricking the system.

Dev (2022) explored privacy perceptions through chatbot-human text and thematic analysis with 37 chatlogs on a conversational chatbot, Cleverbot. Dev and Dev (2023) conducted semi-structured interviews with eight participants with employing thematic analysis to gather insights into users' perspectives and motivations, contributing to the development of privacy-friendly chatbots and enhancing users' trust and engagement with the technology in retail settings. Tlili et al. (2023) employed a qualitative instrumental case study with 21 participants to investigate ChatGPT in education. The study included three stages: (1) social network analysis of tweets showed positive enthusiasm and cautious attitudes toward using ChatGPT in education; (2) examination of ChatGPT's impact on education, including response quality, usefulness, personality, emotion, and ethics; and (3) investigation of user experiences through 10 educational scenarios, revealing issues like cheating, honesty, privacy concerns, misleading information, and manipulation.

4.2.3 Mixed method approaches

Biswas (2020) conduced mixed method with two cases: sentiment analysis and open-ended queries. To validate the effectiveness of these privacy preserving methods with 5000 participants, sentiment analysis was used. Bouhia et al. (2022) conducted a user study among 95 online panelists to investigate this issue and employed a specific methodology for their research. They (2022) utilized the driver concept, which involved four variables, and applied them to users interacting with a simulated chatbot. Participants engaged with the chatbot, and afterward, they were given a follow-up survey. The survey was designed using a 7-point Likert scale, which allowed participants to express their attitudes and feelings on various aspects related to their privacy concerns while using the chatbot. To measure privacy concerns in chatbots, the researchers employed four variables: privacy concerns, creepiness, familiarity with chatbots, and perceived risks. These variables likely represented different aspects of privacy that the study aimed to assess. For data analysis, they (2022) used a structural model and hypothesis testing. This analysis allowed them to examine the relationships between the identified variables and how they contribute to users' privacy concerns while interacting with the chatbot. Moreover, Boucher et al. (2021) both surveyed 203 participants and explored their interactions with a mental health care AI, Anna in order to measure users' potential challenges of chatbots including personal data usage and trust.

Gieselmann and Sassenberg (2022) employed two correlation studies and three experiments (consisting of five online case studies). They (2022) asked participants to interact with chatbots and they surveyed them based on their experiences based on a 7-point Likert scale. By conducting both correlation studies and experiments, they (2022) examined the relationships between different competencies and disclosure tendencies in both users and non-users of conversational AI. Additionally, they performed meta-analyses. Ischen et al. (2020) conducted an experimental design with three conditions (human-like chatbot, machine-like chatbot, and website), randomly assigning participants to each group. They (2020) conducted multiple mediation analyses to analyze the data and explore the complex relationships between privacy concerns, users' attitudes, and their comfort levels in sharing personal information with different types of entities in chatbot interactions.

Lee et al. (2020) designed, implemented, and evaluated a chatbot with self-disclosure features for small talk interactions using Manychat and Google Dialogflow. They (2020) conducted a study with 47 participants divided into three groups, each group using a different chatting style of the chatbot for 3 weeks. They (2020) employed surveys, face-to-face semi-structured interviews, and LIWC2015 to calculate the word length and self-disclosure level in the chats. Mixed-model and thematic content analysis were used to examine the data via ANOVA. Lee et al. (2022) designed and implemented a text-based AI psychotherapy chatbot that leverages rapport-facilitating dialogue to create a mutually stable and favorable relationship with users, encouraging them to share personal information. Then, they (2022) conducted an online survey using a 5-point Likert scale to assess users' perceptions and experiences with the chatbot. Balaji (2019) developed a valid and reliable measurement tool for assessing user satisfaction with text-based information chatbots, useful for both businesses and researchers to evaluate interaction quality efficiently. A questionnaire was created based on the feedback and rated on a 5-point Likert scale. Balaji (2019) performed confirmatory factor analysis, parallel analysis, exploratory factor analysis, and reliability analysis to validate and ensure the tool's ability to evaluate user satisfaction effectively and concisely with text-based information chatbots. Belen-Saglam et al. (2022) utilized a 6-point Likert scale online questionnaire administered. They (2022) employed a mixed-method approach to gain insights into users' perceptions and concerns regarding sensitivity in the context of their study. Sannon et al. (2020) conducted a 3 (social interactivity) × 3 (data sharing practices) factorial design experiment, manipulating the agents' social interactivity and data sharing practices to understand their influence on participants' judgments regarding potential privacy violations and their evaluations of the agents. They (2020) employed multiple survey scale systems were utilized (7, 9, and 12-point Likert scales) to assess various aspects including behavioral intentions and manipulation checks.

Griffin et al. (2021) conducted semi-structured interviews and applied descriptive statistics for the quantitative approach. Kim et al. (2022) employed a between-subjects design with two factors: personalization of chatbot ad (high vs. low) and regulatory focus (promotion vs. prevention). After participants interacted with the simulations, they completed a post-experiment survey using a 7-point Likert scale. Agnihotri and Bhattacharya (2023) employed a mixed-methodology approach to test multiple hypotheses about human–chatbot interaction. They surveyed around 500 UK consumers, conducted semi-structured interviews with 18 UK consumers, and used a 7-Point Likert scale in their survey. Survey findings, including privacy concerns, were tested with a structural equation model. Interview analysis was conducted using qualitative data analysis. Lappeman et al. (2023) employed a conclusive, pre-experimental, two-group, one-shot case study design with non-probability snowball sampling and informal sampling. They (2023) used 7-point Likert scales for measuring reliability and validity of factors including privacy concerns, cognitive trust (competence and integrity), emotional trust, brand trust, and user self-disclosure. Data analysis involved structural equation modeling (SEM) and covariance-based structural equation modeling to investigate the relationships between variables and understand user trust and privacy concerns in chatbot-driven digital banking services. Lim and Shim (2022) used a survey with focus group interviews to explore AI agent motivations. They applied structured interviewing techniques and questionnaire construction following Weller's (1998) guidelines. Privacy concerns were assessed using a 7-point Likert scale.

Mercieca (2019) combined interviews, observations, and surveys to gather data. Thematic analysis was used to analyze the qualitative data, and a human–computer trust survey analysis was conducted. Rese et al. (2020) investigated the factors impacting user engagement with the “Emma” chatbot. Participants interacted with the chatbot for a shopping task, followed by a questionnaire using a 7-point Likert scale to evaluate their experience. They (2020) analyzed the data through factor analysis to identify the factors influencing user acceptance and intention to use the chatbot. Widener and Lim (2020) used an online experimental design, varying perceived humanness through the “Wizard of Oz” technique. Participants were randomly assigned to either an “AI chatbot” or a “human,” unaware that both were controlled by a confederate. After the interaction, participants completed a questionnaire with a 7-point Likert scale to measure self-disclosure, social presence, and intimacy perceptions.

4.3.1 Decision-making and manipulation

Decision making in conversation chatbots involves selecting appropriate responses based on the input and context, often utilizing predefined rules, ML models, or a combination of both. Manipulation can be defined as a tool to the deliberate control or biasing of chatbot responses to achieve specific goals, such as promoting a product or shaping user behavior, which can raise ethical concerns in AI development. Balaji (2019) emphasized the importance of perceived privacy in users' interactions with chatbots and its potential influence on ethical decision-making. de Cosmo et al. (2021) showed that internet privacy concerns negatively impact users' decisions about using chatbots. Cheng and Jiang (2020) found that users exhibit hesitation in decision-making concerns in AI chatbots, possibly related to the uncertainty about how their data is being used and whether it could lead to negative consequences. Marjerison et al. (2022) found chatbots can manipulate users' behavioral intentions during the interaction. Lappeman et al. (2023) highlighted that while a strong brand can influence decision-making, it alone is insufficient to significantly increase user self-disclosure. Dev (2022) identified sensitive data categories in chatlogs under the European Union's (EU) General Data Protection Regulation (GDPR) that chatbots may manipulate users to disclose. Pizzi et al.'s (2023) findings indicated that users' perceptions of the chatbot's warmth and competence can influence their decision-making regarding the disclosure of personal information. In Völkel et al. (2020), participants could influence the chatbot's personality assessment by around 10% with specific strategies, but they found the process too cumbersome for everyday use. Even though manipulation was possible, participants hesitated to share their profiles with others, highlighting the significance of privacy concerns in chatbot interactions. In Kelly et al. (2022), privacy concerns were negatively associated with behavioral intentions, suggesting that users may be hesitant to use chatbots due to privacy worries. However, when trust was introduced into the model, privacy concerns became a positive predictor of behavioral intentions, implying that as trust in chatbots increases, users are more willing to use them despite their initial privacy concerns. Kelly et al. (2022) also found that privacy concerns may vary depending on the context, with participants altering their perceptions based on different scenarios. Kim et al. (2022) showed that consumers' concerns about highly personalized ads are shaped by their perceptions of the risks and benefits of these ads. These perceptions strongly influence both privacy concerns and decision-making regarding personalized advertisements.

4.3.2 Self-disclosure

Dev (2022) found that manipulating users' decisions through an AI chatbot can cause users to disclose of personal information. Fan et al. (2022) addressed unauthorized disclosure in chatbots. Gieselmann and Sassenberg (2022) also explored that AI chatbots have the potential privacy risk of users' revealing of personal information and being willing to disclose personal information. Belen Saglam et al. (2021) argued that user concerns revolved around disclosing personal information and deleting their personal information and worries about inappropriate use of their data, indicating a desire for more control over their information after interacting with chatbots. Agnihotri and Bhattacharya (2023) also found that users had concerns on losing control of their data against a chatbot. In Belen-Saglam et al.'s (2022), participants showed reluctance to disclose information they considered irrelevant or out of context, with variations observed in different domains such as healthcare and finance. The context and fairness of the data request had a significant impact on participants' comfort levels in disclosing personal information (Belen Saglam et al., 2021).

Benke et al. (2022) investigated the disclosure of innermost emotions and its impact on autonomy and trust in emotion-aware chatbots. They (2022) found that higher control levels in chatbots led to increased autonomy and trust among users. Biswas (2020) indicated that users tend to share and disclose personal identifiable information to chatbots as if they were interacting with a human being. Boucher et al. (2021) found that chatbots can serve as effective adjunctive options in mental health therapy, potentially facilitating increased self-disclosure and improving the effectiveness of in-person therapy. Cheng and Jiang (2020) revealed that users experience hesitation in disclosing information to chatbots and have concerns about sharing their data with third parties. In Lappeman et al. (2023), privacy concerns were found to have a significantly negative impact on user self-disclosure in both treatment groups. Participants who were exposed to their preferred banking brand exhibited lower levels of user self-disclosure and brand trust compared to those exposed to a fictitious banking brand in the South African context.

Lee et al. (2020) found that chatbot self-disclosure had a reciprocal effect, promoting deeper participant self-disclosure over time. It also positively affected participants' perceived intimacy and enjoyment. Lee et al. (2022) revealed that a sense of rapport with the chatbot did not directly affect users' self-disclosure, but it significantly increased the sense of social presence, indirectly influencing self-disclosure intentions. Ng et al. (2020) identified several privacy risks related to chatbot interactions, including willful self-disclosure behavior. They found that a human-like chatbot did not increase participants' trust levels or lower their privacy concerns, despite increasing the perception of social presence. However, the intention to use the presented chatbot for financial support was positively influenced by perceived humanness and trust in the bot. In Lim and Shim (2022), the findings suggested that individuals use AI agents mainly for recreational needs, efficiency in daily tasks, and relaxation. Social presence was found to have a negative association with privacy concerns, meaning that individuals who feel a greater social connection with AI agents are less worried about privacy when disclosing personal information.

Many studies also showed that personalization and anthropomorphism have a direct effect on disclosing personal information to AI chatbots. Mercieca's (Mercieca, 2019) consideration of personalization as human-likeness chatbot technology feature holds. Some studies discussed how personalization can be encouraged through self-disclosure to enhance the user experience by tailoring interactions based on individual preferences (Belen Saglam et al., 2021; de Cosmo et al., 2021; Gieselmann & Sassenberg, 2022; Lappeman et al., 2023; Miao et al., 2017). In Griffin et al. (2021), participants expressed curiosity and perceived chatbots as humanlike. However, some concerns were raised, including the potential for chatbots to provide excessive information, demand lifestyle changes, invade privacy, and experience usability issues on smartphones. Ischen et al. (2020) also found that chatbots designed to be more human-like result in increased disclosure of personal information and adherence to recommendations. This effect was mediated by the perception of higher anthropomorphism, which leads to lower privacy concerns compared to chatbots with a machine-like appearance or behavior (Ischen et al., 2020).

According to Kim et al. (2022), individuals with strong dispositional concerns about privacy would place more weight on the potential risks of disclosing personal information and less weight on the benefits of personalized chatbot ads. Dev (2022) argued that high personalized or anthropomorphized chatbots improves human–chatbot engagement. Fan et al. (2022) and Völkel et al. (2020) considered this to be a tradeoff between privacy risks and personalization benefit, which is called personalization–privacy paradox. Völkel et al. (2020) also argued that personality can be assessed and users tricked by such systems. This increases users' willingness to disclose information in various ways Völkel et al., 2020. Sannon et al. (2020) indicated that social interactivity plays a role in how people perceive agents' privacy-related behaviors and this could lead to the potential privacy risks that users may face in interactions with socially interactive conversational agents.

Pizzi et al. (2023) identified privacy risks related to consumers' willingness to disclose personal information and their purchase intentions when interacting with chatbots. They (2023) found that consumers' perceptions of warmth and competence in the chatbot influenced their skepticism toward the chatbot and, subsequently, their trust toward the service provider hosting the chatbot. Song et al. (2022) also showed that users' willingness to accept service agents is enhanced if they perceive lower privacy risks during the interaction. They also indicated, contrary to expectations, that participants appeared to perceive that human beings have higher privacy risk perceptions compared to chatbots. This suggested that users may believe that human beings are more likely to be motivated by subjective interests to disclose users' privacy (Song et al., 2022). On the other hand, Widener and Lim (2020) determined that perceived humanness had no significant impact on self-disclosure, social presence, or intimacy. They also examined the role of the NTB in interactions with artificial agents, but privacy concerns did not moderate this relationship. The study's implications, particularly regarding the increasing use of AI agent services, were discussed, indicating that users' perceptions of humanness may not greatly influence self-disclosure and other interaction aspects.

4.3.3 Human autonomy, bias, and trust

The studies reviewed show that privacy concerns are closely tied to human autonomy, with individuals expressing unease when their personal data is collected and used without their explicit consent, raising questions about their data control. Bias is identified as a critical factor, as privacy breaches can disproportionately impact certain demographics, perpetuating inequalities, and undermining fairness. Trust is a key issue, with participants being hesitant to engage with systems or platforms they see as untrustworthy in handling their sensitive data, emphasizing the importance of trust-building measures in privacy protection. These findings underscore the multifaceted nature of privacy concerns, spanning issues of autonomy, bias, and trust in the digital age.

Benke et al. (2022) emphasized the importance of user control in enhancing trust and autonomy in AI-based chatbot interactions and provided valuable insights for the design and implementation of privacy-preserving emotion-aware chatbots. Song et al. (2022) pointed out the significance of humanity and ethical clarity in conversational text-based AI chatbots, indicating that their absence could lead to user discomfort and a lack of trust in engaging with the chatbot. Tlili et al.'s (2023) practical implications suggested the development of responsible chatbots in education that go beyond typical privacy issues and focus on preserving human values. Rese et al. (2020) found that privacy concerns and the technology's immaturity negatively affected users' intention to use and the frequency of usage of the chatbot, Emma. Bouhia et al.'s (2022) study indicated that creepiness and perceived risks during interactions with humanoid technology are key factors influencing users' privacy concerns when interacting with chatbots, particularly in contexts where sensitive information is involved (e.g., exchanges about automobile insurance). de Cosmo et al. (2021) and Agnihotri and Bhattacharya (2023) addressed the connection between privacy concerns, trust in AI systems, companies, and data management systems, showing that trust plays a critical role in shaping users' perception of privacy. Additionally, Sohn et al. (2019) and Prakash et al. (2023) delved into the impact of privacy risk on trust formation in AI-based customer service chatbots. In Prakash et al.'s (2023) study on privacy concerns and trust in AI-based customer service chatbots, the research showed that the chatbot's conversational cues shape individuals' perceptions of its functional and social qualities, subsequently influencing trust formation. Trust, in turn, affects people's intentions toward the chatbot. Notably, privacy risk was not a significant predictor of trust in this study.

4.3.4 Data collection and storage

Data collection and storage in conversational chatbots have become integral aspects of modern technology, enabling personalized user experiences and improved service delivery. However, this convenience raises significant privacy concerns, as the vast amounts of data gathered by chatbots may be vulnerable to breaches or misuse, emphasizing the need for robust privacy measures to protect users' sensitive information.

Many studies (Rajaobelina et al., 2021; Sannon et al., 2020) have addressed the risk of AI chatbots' collecting personal information and storage techniques. Agnihotri and Bhattacharya (2023) showed that users expressed significant concerns regarding the process of data collection employed by chatbots. Dev and Dev (2023) found that these chatbots facilitate targeted ads and spam, raising worries about retail bots that aggregate non-removable personal information. In their study, participants preferred not sharing sensitive data, such as social security number and personal addresses, with chatbots because of the massive data collection and storage risk. This risk is also called an invasion of privacy and refers to the unauthorized intrusion into an individual's private life or personal information, encroaching upon their right to maintain confidentiality (Solove, 2006). Similar concerns about the invasion of privacy were also mentioned by Ischen et al. (2020), Griffin et al. (2021), and Völkel et al. (2020). Therefore, it can be argued that in the context of data collection and storage in conversational AI chatbots, an invasion of privacy can occur when these bots gather and store personal information without users' explicit consent or knowledge.

4.3.5 Secondary use

Solove (2006) defines secondary use as a privacy harm which refers to using personal information for in a purpose other than the one for which it was originally collected. Several studies have raised concerns about the privacy implications of the secondary use of users' data. Ng et al. (2020) found that their financial chatbot may collect sensitive information beyond users' expectations, raising privacy concerns. Similarly, Rodríguez Cardona et al. (2021) identified cases of unauthorized secondary use of personal information without informing users the purpose of collection. Moreover, Agnihotri and Bhattacharya (2023) argued that chatbots are designed for maintaining user intentions during interactions, while concurrently serving as instruments for collecting data for various purposes, emphasizing that these chatbots utilize the gathered data for additional objectives. These studies underscore the significance of transparency in data processing to address privacy risks.

4.3.6 Legal compliance

Ensuring that chatbots adhere to relevant privacy laws and regulations, such as the GDPR, was crucial to protect users' personal information and maintain their privacy rights. Dev (2022), Belen Saglam et al. (2021), and Belen-Saglam et al. (2022) emphasized the importance of legal compliance in addressing privacy risks in chatbots. Ng et al. (2020) and Rodríguez Cardona et al. (2021) highlighted concerns about the lack of user control and data privacy rights during the interaction between human and chatbot. They emphasized the importance of considering the dynamic process of interpersonal boundary control in such interactions, which, when applied to interactions with software apps or chatbots, underscores the critical need to empower users with the ability to define and manage the boundaries of their personal information, privacy, and engagement within these digital exchanges. Song et al. (2022) and Völkel et al. (2020) have also shown that while interacting with chatbots, users find themselves in an environment lacking transparency. Rajaobelina et al. (2021) recommended clear and transparent privacy policies, opt-in/opt-out options, and providing onboarding information like FAQs or video tutorials to inform users about the chatbot's operation and data collection. In Dev and Dev's (2023) study, participants expressed concerns about chatbots aggregating information from various sources. They suggested implementing a consent renewal system for better data tracking, reducing third-party sharing, and enhancing chatbot transparency to address these privacy concerns.

4.3.7 Data breaches and security concerns

Several studies have investigated the privacy risks related to data breaches and security concerns in conversational chatbots. Gamble (2020) discussed the potential risks associated with data breaches and security concerns in chatbots. Kim et al. (2022) highlighted the importance of addressing privacy concerns in AI chatbot interactions to ensure consumer trust and protection and security of personal data. Ng et al. (2020) encouraged the need for enhanced security measures to address potential privacy risks and data breaches in AI chatbots, especially when handling sensitive financial information. Marjerison et al. (2022) asserted that data breaches and leakage involving chatbots in the e-commerce space can potentially give rise to security concerns for users. Agnihotri and Bhattacharya (2023) found that data breaches and leakage have a negative effect on users' engagement with chatbots. Sannon et al. (2020) and Dev and Dev (2023) highlighted the need for better security practices and transparency from chatbot service providers to protect users' privacy and data.