If you’ve been in a virtual meeting lately, you’ve probably seen one: a participant named “Otter.ai” or “Fireflies notetaker” sitting quietly in the corner, recording everything. AI notetaking tools are everywhere now, and they’re genuinely useful. But a wave of class action lawsuits filed over the last year is forcing businesses to confront an uncomfortable question: did anyone actually consent to being recorded?
The answer matters more than most people realize. Depending on who is in the room and what state they’re joining in from, deploying an AI notetaker without proper consent can expose both the person who activated the tool and the person who hosted the meeting to serious legal liability. Here’s what every business leader needs to understand.
The Consent Problem
Federal law sets a permissive baseline: as long as one person on a call knows it’s being recorded, it’s generally legal under the federal Wiretap Act. But twelve states, including California, Florida, Illinois, Pennsylvania, and Massachusetts, require that every participant consent before a recording begins. In those states, the person doing the recording cannot be the only one who knows about it.
The complication for virtual meetings is jurisdictional: if even one participant dials in from California or Illinois for example, that state’s law can apply to everyone recording the meeting. California’s Invasion of Privacy Act (CIPA) allows civil damages of $5,000 per violation, without requiring proof of actual harm. Florida classifies unauthorized recording as a felony. Massachusetts can impose up to $10,000 in fines and prison time. These are not small risks.
Practically speaking, if you cannot confirm where every participant is located, you should treat the meeting as subject to the strictest law in the country.
If You Used the AI Notetaker
Beyond wiretapping, there is a less obvious risk: voiceprints. Many AI tools identify individual speakers by analyzing voice characteristics, which qualifies as biometric data under laws like Illinois’ Biometric Information Privacy Act (BIPA). BIPA requires written consent before collecting biometric data and permits statutory damages of up to $5,000 per willful violation. Class action BIPA settlements have reached into the hundreds of millions of dollars.
There is also a confidentiality dimension that hits close to home for executives. When an AI tool processes your meeting audio through a third-party server, you’ve effectively shared that conversation with an outside party. If that meeting involved attorney-client communications, trade secrets, or sensitive negotiations, you may have inadvertently waived legal protections you didn’t even know you had. Discovery in litigation can reach those transcripts.
If You Hosted the Meeting
Hosts are not off the hook just because someone else brought the tool. If an attendee’s AI notetaker recorded your session without proper disclosure, your organization may face liability on several fronts: breach of confidentiality obligations to other participants, regulatory violations if the session touched on protected data (think HIPAA, FERPA, or financial privacy rules), and data breach notification duties if participant information was later exposed through the vendor’s systems.
One specific design problem to be aware of: default settings on a notetaker’s platform typically place responsibility for obtaining consent on the account holder, not on the notetaker itself. That means an attendee could activate the bot in your meeting, and you, as the host, might not even know it happened until something goes wrong.
What You Should Do Right Now
The law in this area is still developing, but the risk is real today. Here are five practical steps to take:
- Before any AI notetaking tool is used in a meeting, get affirmative consent from all participants in the invitation, at the start of the session, or both. Document it.
- Assume all-party consent is required. If you don’t know every participant’s location, default to the strictest standard.
- Read the terms of service for any AI tool your team uses. Look for what data is retained, whether it is used to train the AI model, and who can access it.
- Keep AI notetakers out of privileged or sensitive conversations, such as legal discussions, M&A negotiations, HR matters, anything you would not want a third party to hear.
- If your organization hosts webinars or regular group meetings, update your registration terms and session ground rules to address AI recording explicitly and remove AI notetakers that join in violation of those rules.
If you’re unsure whether your current use of AI meeting tools creates risk, please reach out.
