Security, Privacy, and AI Governance: The Privacy & AI Intersection

By Dr. Scott Allendevaux, CISSP, HCISPP, CIPT, CIPM, CIPP/US

A New Development at the Privacy–AI Crossroads

A federal class-action lawsuit has been filed against Otter, an AI meeting assistant company, for recording conversations without obtaining proper consent from meeting participants.

🔗 Lawsuit claims AI service Otter secretly records private chats (NPR)

What’s at Stake?

Otter provides an AI-powered service that can transcribe and record conversations between users and meeting participants. The issue: many of these participants are not Otter users and may have no knowledge they’re being recorded.

Privacy laws in the U.S. (and globally) typically require explicit consent from all parties involved.

Legal Grounds Cited in the Lawsuit

The case references multiple laws, including:

• The Electronic Communications Privacy Act

• The Computer Fraud and Abuse Act

• The California Invasion of Privacy Act

• California’s Comprehensive Computer Data and Fraud Access Act

• California common law torts: intrusion upon seclusion and conversion

• The California Unfair Competition Law

AI, Consent, and Responsibility

As AI tools—like meeting assistants and productivity enhancers—become common, privacy concerns are often overlooked.

In this case:

• Otter trains its AI models on recordings and transcriptions gathered through its service.

• The company obtains consent only from account holders, not from other participants.

• The burden of compliance is shifted to users, who are told to secure participant consent.

This practice is widespread across the industry, where many companies leave the responsibility of compliance to users—who may not fully understand legal requirements.

Why It Matters

Recording or transcribing without consent is not only viewed as unethical, but in many jurisdictions, it’s also illegal.

Key risks:

• Lack of transparency around recordings.

• Personal data potentially being used for AI training.

• Privacy breaches and possible data leaks.

Moving Forward

The lawsuit underscores a critical question:

How can organizations ensure transparency, inform participants, and obtain proper consent when using AI-driven meeting assistants?

As AI adoption accelerates, security, privacy, and governance must remain central to responsible innovation.