Most of us turned on an AI notetaker in virtual meetings because it’s efficient and allows us to be present in the conversation, not worrying about whether we’re taking the right notes. It syncs with your calendar, auto-joins every meeting, transcribes the whole thing, and hands you a summary plus any action items.
In roughly a dozen states, recording a conversation without affirmative consent from everyone on it is a wiretap violation. The open question, and it’s being litigated right now, is who’s liable when an AI bot does the recording instead of a person. The vendor’s terms push it onto whoever turned the bot on. If a court agrees, that’s you.
Who Holds the Wiretap Liability
Four consolidated lawsuits against Otter.ai are the first federal test of whether decades-old wiretap statutes reach an AI meeting bot.
The lead plaintiff, a California resident, never signed up for Otter. He was on a sales call when another participant’s OtterPilot auto-joined and started recording. Three more suits followed within weeks, each alleging that the bot recorded people who hadn’t consented, and the company used the data for its own purposes, AI training included.
Otter’s motion to dismiss is set to be heard July 15, 2026. Watch the theory the plaintiffs are pressing, not the outcome of one motion. The theory maps directly onto how every one of us uses these tools.
The Wiretap Theory
The federal Wiretap Act prohibits intercepting communications without consent. Federal law needs only one party to consent, so the person recording can be that party.
But roughly a dozen states require all-party consent. California, Illinois, Florida, Pennsylvania, Massachusetts, Washington, and several more. California’s law carries $5,000 per violation in civil damages. Pennsylvania makes it a felony punishable by up to seven years.
The question courts are wrestling with is whether the notetaker is a passive extension of the user, the way a tape recorder in your hand would be, or a third-party eavesdropper, because the vendor can access, process, and reuse what it captures. One contested theory is a capability test: if the vendor can use the recorded data for its own purposes, that alone makes it a third party, and third parties trigger liability.
Otter’s defense tells you everything. The company’s terms put consent responsibility squarely on the account holder, and the plaintiffs’ theory runs straight through that. Wiretap law’s procurement rule reaches the person who set up the bot and let it auto-join, not only the vendor.
If you synced your calendar and walked away, that person is you. Whether a court adopts that reading is the open question, but the vendor has already pointed at the user, and the legal theory is built to follow.
The Biometric layer
Separately, Fireflies.ai faces a Biometric Information Privacy Act (BIPA) suit in Illinois over its speaker recognition feature. When a notetaker identifies who said what, it builds voiceprints, and voiceprints are biometric identifiers expressly covered by Illinois’s BIPA.
BIPA requires written notice and written consent before you collect them. The bot joins, identifies speakers, and attributes statements before anyone has signed a thing. If anyone on your call is in Illinois and your notetaker has speaker recognition on, you’ve got a BIPA problem stacked on top of the wiretap problem.
Why Auto-Join is the Compounding Mechanism
Set a notetaker to auto-join and you made one consent decision, once, at setup. The consent obligation doesn’t work that way. It attaches every time the bot joins a call.
Your client intake. An employee investigation you’re running for a client. A termination you’re coaching. A comp conversation you’re facilitating. Every one of those recordings, taken without affirmative consent from everyone present, is a separate potential violation.
The conversations you most want transcribed are the ones carrying the most exposure. Workplace investigations, discipline meetings, terminations, every one involves people who didn’t consent and have every incentive to sue if it goes badly. And the transcripts are permanent, detailed, searchable, and time-stamped. Run a notetaker on every client call for a year and you’ve built a searchable archive of every off-the-cuff remark, preliminary read, and candid strategy session you’ve had.
Review Your Recording Setup Now
I’d pull up your notetaker settings today. These tools default to auto-join and auto-record, and most of us never went back to look after setup.
Your Consent Exposure
If you work in an all-party consent state, or have clients or call participants in one, every auto-joined call without affirmative consent is a potential violation. On a multi-state call, the most restrictive state’s rule wins. One participant in California on a call you’re running from Texas pulls California’s all-party standard over the whole call. And you may not even know where everyone is dialing in from.
Your Discovery Exposure
Nearly every transcript that notetaker makes is discoverable. (Material you create expressly for a legal matter can be protected work product. A routine call transcript isn’t.) Get into any kind of dispute with a client, an engagement gone wrong, a fee fight, a claim that your advice caused harm, and opposing counsel can request the entire archive. The candid remarks, the preliminary reads you’d have forgotten by the next morning, the strategy talks with other advisors, all on the record, timestamped, searchable.
Your Privilege Exposure
You’re on a call with a client and their counsel, and your notetaker is shipping the audio to a vendor’s servers to process. You may have waived privilege on everything that was said. Depending on the vendor and your terms, it may not count as your agent, and the data sitting on its servers may fall outside the privilege you assumed covered the conversation. Courts are still sorting out where that line is.
Your E&O Exposure
Advising clients on employment compliance while breaking wiretap law with your own tools is a professional liability problem. I’d check whether your current E&O policy even covers claims arising from your AI tools. Some carry technology-tools exclusions or “failure to comply with applicable law” carve-outs that would leave this exposure bare.
How to Advise Your Clients
Your clients are running these same tools at scale, across HR, sales, legal, and executive meetings, almost certainly with no consent protocol. The exposure is the same as yours, multiplied by volume: hundreds of employees running notetakers across multiple states with nobody governing any of it.
Scope an AI Notetaker Policy Engagement
Concrete, sellable, timely, which tools are approved, what consent mechanism each meeting type requires, which meetings are off-limits (investigations, discipline, anything privileged, anything touching union activity), what the retention schedule is, and who owns the governance. The labor-law angle sharpens the pitch. The NLRB has treated intrusive electronic surveillance as a potential interference with protected concerted activity, and while the agency’s 2022 guidance memo on the point was rescinded in 2025, the underlying Board case law still stands, even if the agency’s appetite to pursue it has cooled since. A notetaker that captures talk about wages, working conditions, or organizing builds a permanent, searchable record of protected activity. That’s a potential unfair labor practice (ULP) charge sitting on top of the wiretap exposure.
Flag the BIPA Layer for Any Client with Illinois Connections
If the client has employees in Illinois, or meetings with Illinois participants, and the notetaker has speaker recognition on, they’re collecting biometric identifiers without the written notice and consent BIPA requires. The per-violation damages make this worth its own conversation.
Recommend Turning Notetakers Off for Privileged Meetings
Send privileged content to a vendor’s server to process and you may waive the privilege. The client’s legal team should call which meeting types are safe and which aren’t.
The client engagement is real and timely. But lead with your own house. A consultant who built her own consent protocol and cleaned up her own recording setup before walking a client through the same exercise pitches from higher ground than one who’s still running auto-join on every call.
I’d get this on the agenda for your next client check-in. Whenever the Otter ruling drops, it’s going to set off a wave of “what should we do?” calls. Be the one who already has the answer.


