Illinois Lawsuit Claims AI-Meeting Assistant Platform Violated BIPA
Companies hosting virtual meetings should be cognizant of how third-party tools are using biometric data, as evidenced by a recent lawsuit in Illinois, Robinson+Cole privacy attorney Kathryn Rattigan said in a post Wednesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Earlier this month, Illinois resident Katelin Cruz filed a class-action lawsuit against Fireflies.AI Corp., alleging the company stored biometric voice data without consumer consent in violation of the Illinois Biometric Information Privacy Act.
Filed Dec.18 in the U.S. District Court for the Central District of Illinois, the complaint alleges Fireflies.AI’s meeting assistant “records, analyzes, transcribes, and stores the unique vocal characteristics ... of every meeting participant,” said Rattigan. “This includes people who never created a Fireflies account, never agreed to its terms of service, and never gave written consent for their biometric data to be collected.”
The complaint said Fireflies’ privacy policy says the company can collect and process “meeting data” and “derivatives,” and keep the recordings in its systems.
BIPA requires “written notification and explicit consent" before a company can "collect, store, or use biometric data such as fingerprints, retinal scans, or voiceprints,” Rattigan said.
Cruz's suit, according to Rattigan, said biometric data such as voiceprints are used to "authenticate access to personal or financial information." Accordingly, if they are compromised, "they pose a significant risk for identity theft and fraud."