AI Notetakers Raise Privacy Alarms as Legal Challenges Mount
AI-powered notetaking tools that automatically record, transcribe, and summarize virtual meetings are rapidly becoming fixtures in workplaces worldwide. Tools like Otter.ai, Fireflies.ai, and Read AI promise significant time savings by joining meetings as automated participants, generating instant transcripts, and delivering AI summaries. But a growing chorus of privacy advocates, legal experts, and corporate professionals is raising alarms about the hidden costs of this convenience — from unauthorized voiceprint collection to the potential erosion of attorney-client privilege.
The Data You Didn’t Know You Were Giving Away
When an AI notetaker joins a meeting, it captures far more than just meeting minutes. According to AP News, these tools create unique acoustic signatures called voiceprints — biometric profiles similar to fingerprints that can be used to access bank accounts and other restricted information. Confidential personnel information, corporate strategies, trade secrets, and potentially incriminating remarks can all be captured and stored as searchable data.
“There are huge risks to the organization on AI notetakers,” Amy Dufrane, CEO of HR training and certification provider HRCI, told the Associated Press. “I don’t think companies should use it at all.”
The risks extend beyond corporate confidentiality. Some tech companies resell data from notetaking tools or use confidential meeting transcripts and recordings to train their AI models, as legal analysis from Smith Anderson notes. And because AI-generated text is far easier to search and cheaper to store than video or audio files, the exposure risk multiplies.
The Legal Landmine: Attorney-Client Privilege
Perhaps the most alarming risk involves attorney-client privilege. Justin Daniels, a corporate attorney at Baker Donelson in Atlanta, warned that many users don’t know where their data ends up. “If the data goes anywhere else and they’re not aware of it, that attorney-client-privileged conversation may not be attorney-client-privileged anymore,” he said.
This is not a theoretical concern. In February 2026, a New York federal judge ordered a criminal defendant to provide prosecutors with documents created for his lawyers because they had already been shared with a third party — Anthropic’s Claude AI. The ruling serves as a stark warning for any professional handling sensitive communications.
Browne Jacobson highlights additional risks: AI transcripts can be distributed beyond intended recipients, and transcripts of legal advice shared with the wrong people may lose their privileged status entirely, making them disclosable in court.
The Otter.ai Class Action: A Watershed Moment
The legal landscape for AI notetakers is being shaped by a closely watched class action. Otter.ai is facing a consolidated privacy lawsuit — In re Otter.AI Privacy Litigation (No. 5:25-cv-06911) — in the U.S. District Court for the Northern District of California. According to OpenClassActions.com, the suit alleges that Otter’s OtterPilot tool records and transcribes people in virtual meetings without their consent, including participants who are not Otter users and never agreed to be recorded.
The plaintiffs are seeking damages under the federal Wiretap Act and the California Invasion of Privacy Act (CIPA), which allows statutory damages of $5,000 per violation. A motion to dismiss was argued on May 20, 2026, and a ruling is pending. The decision is widely seen as one of the first federal tests of whether decades-old wiretap statutes apply to AI bots quietly recording video calls.
State Laws Add Another Layer of Complexity
Privacy protections vary significantly by state. In Illinois, the Biometric Information Privacy Act (BIPA) classifies voiceprints as biometric identifiers requiring written notice and informed consent before collection, plus a documented data retention and destruction policy. California’s two-party consent law requires all participants on a confidential call to consent before recording. The OECD AI Incidents Monitor has flagged AI notetakers as an “AI hazard,” noting credible risks of privacy violations and breaches of confidentiality.
What Professionals Should Do Now
Experts recommend several practical steps. Thorin Klosowski, senior security and privacy analyst at the Electronic Frontier Foundation, advises asking for consent before using AI notetakers in sensitive meetings. “You hope the other person would tell you that they’re doing that,” he said. “Asking everyone for consent before doing a sensitive meeting would be the most polite approach to take.”
Danielle Kays, a partner at Fisher Phillips who represents businesses on privacy matters, urges organizations to thoroughly understand how their AI notetaking vendors handle data. “If there is some sort of speaker ID or voice recognition, really understand what that is and how it works,” she said.
Chris Pluymers, an associate attorney at The Dillon Law Group, put it bluntly: “In the world of AI, the world of data and privacy, the world of biometric identification, I don’t think you can have such a lax approach to it. I think getting out ahead of it is crucial.”
What’s Next
The pending ruling in the Otter.ai case will set an important precedent for the entire AI notetaker industry. Meanwhile, organizations should develop clear policies on AI notetaker use, ensure proper consent mechanisms are in place, and carefully vet vendor data practices. As the technology evolves, privacy-focused solutions that process data locally rather than on cloud servers may gain a competitive edge. For now, the message from experts is clear: convenience should never come at the cost of confidentiality.