Security, Privacy, and AI Governance: The Privacy & AI Intersection
- bakhshishsingh
- 23 hours ago
- 2 min read
By Dr. Scott Allendevaux, CISSP, HCISPP, CIPT, CIPM, CIPP/US
A New Development at the Privacy–AI Crossroads
A federal class-action lawsuit has been filed against Otter, an AI meeting assistant company, for recording conversations without obtaining proper consent from meeting participants.
What’s at Stake?
Otter provides an AI-powered service that can transcribe and record conversations between users and meeting participants. The issue: many of these participants are not Otter users and may have no knowledge they’re being recorded.
Privacy laws in the U.S. (and globally) typically require explicit consent from all parties involved.
Legal Grounds Cited in the Lawsuit
The case references multiple laws, including:
The Electronic Communications Privacy Act
The Computer Fraud and Abuse Act
The California Invasion of Privacy Act
California’s Comprehensive Computer Data and Fraud Access Act
California common law torts: intrusion upon seclusion and conversion
The California Unfair Competition Law
AI, Consent, and Responsibility
As AI tools—like meeting assistants and productivity enhancers—become common, privacy concerns are often overlooked.
In this case:
Otter trains its AI models on recordings and transcriptions gathered through its service.
The company obtains consent only from account holders, not from other participants.
The burden of compliance is shifted to users, who are told to secure participant consent.
This practice is widespread across the industry, where many companies leave the responsibility of compliance to users—who may not fully understand legal requirements.
Why It Matters
Recording or transcribing without consent is not only viewed as unethical, but in many jurisdictions, it’s also illegal.
Key risks:
Lack of transparency around recordings.
Personal data potentially being used for AI training.
Privacy breaches and possible data leaks.
Moving Forward
The lawsuit underscores a critical question:
How can organizations ensure transparency, inform participants, and obtain proper consent when using AI-driven meeting assistants?
As AI adoption accelerates, security, privacy, and governance must remain central to responsible innovation.