As platforms like Zoom, Microsoft Teams, and Google Meet have cemented themselves as the backbone of modern collaboration, a quiet revolution has unfolded in our meeting rooms, one where digital notetakers often outnumber the people actually present. Tools like fireflies.ai and Otter.ai promise the magic of effortless, automated meeting transcription. But as reliance on these services grows, a significant legal storm is brewing just out of sight.
What many users don’t realize: these AI notetakers are increasingly finding themselves, and their users, entangled in high-stakes litigation under federal and state wiretapping laws. Otter.ai, in particular, has become a focal point for lawsuits that allege unlawful recording, storage, and use of participants’ conversations, often without the clear, informed consent that state and federal wiretap statutes require.
Here are some recent cases highlighting this very issue:
- In Brewer v. Otter.ai Inc., No. 5:25-cv-06911 (N.D. Cal. Aug. 15, 2025), plaintiffs allege that Otter’s notetaker automatically joins meetings across Zoom, Teams, and Meet, records conversations—including those of non-users—and uses these discussions to train its machine learning models, all without proper consent or disclosure. Notably, the complaint claims Otter puts the onus on the account holder to obtain permissions, rather than seeking them directly from every participant;
- Walker v. Otter.ai Inc., No. 5:25-cv-07187 (N.D. Cal. Aug. 26, 2025), raises the stakes even further, alleging that Otter’s software collects and uses “voiceprints” (i.e., unique biometric data) from meeting audio. According to the complaint, Otter does so without notifying participants or obtaining the explicit, written consent required by the Illinois Biometric Information Privacy Act (BIPA);
- Theus v. Otter.ai Inc., No. 5:25-cv-07462 (N.D. Cal. Sept. 3, 2025), claims that Otter acts as a silent eavesdropper: joining meetings by default, capturing recordings and screenshots, storing data indefinitely, and sending transcripts and promotional emails, all potentially without attendees’ knowledge or consent. The suit also points to Otter’s practice of collecting calendar data and linking personal information to meeting content; and
- Winston v. Otter.ai Inc., No. 5:25-cv-07712 (N.D. Cal. Sept. 10, 2025), alleges that Otter not only transcribes and stores meeting content but also sends follow-up emails, including partial transcripts and screenshots, to all invitees, even those who never joined the meeting. Critically, the complaint asserts that Otter’s default settings provide no disclosure to non-user participants, unless account holders pay for an expensive “Enterprise” tier.
These cases are now being litigated as a single, consolidated action before Judge Eumi K. Lee in the Northern District of California. While substantive rulings have yet to be issued, the allegations surface a core risk: the use of AI notetakers, without robust notification and consent, could violate federal and state laws, even if a service only transcribes (and does not store) audio.
In California, for example, the California Invasion of Privacy Act (CIPA) is incredibly broad. It prohibits not just recording, but also “reading, attempting to read, or learning” the contents of communications without the consent of all parties (Cal. Penal Code § 631(a)). And, as clarified by the California Supreme Court in Ribas v. Clark, 696 P.2d 637 (1985), even passive “listening in” without explicit disclosure to every participant may violate the law.
If your business uses these tools, here are some key considerations:
- Don’t assume “AI notetaker” means risk-free convenience. Even silent listeners or entities that simply transcribe, but do not store, audio may fall within the scope of privacy statutes;
- Consent is critical and complicated. Many state laws, like CIPA and BIPA, demand clear consent from all parties for any type of recording or eavesdropping, whether human or AI-driven;
- Product defaults matter. Relying on account holders to provide notification, rather than proactive disclosures by the service itself, may not be enough, especially for organizations with participants in “two-party consent” states; and
- Watch for legal updates. Substantive rulings in these Otter.ai cases could set important precedents for how AI tools can and cannot participate in digital meetings across the country.
AI notetakers offer real productivity gains, but they’re ushering in new legal risks that everyone, from end users to corporate IT and compliance leaders, needs to understand. Until the law catches up, the safest course is to disclose, seek consent, and choose tools and configurations that put privacy front and center.