The Voiceprint Lawsuit That Should Reprice Every Meeting AI

On December 4, 2025, Katelin Cruz filed Cruz v. Fireflies.AI Corp. (No. 3:25-cv-03399) in the Northern District of Illinois. She had never installed Fireflies. She had never signed up. She joined a nonprofit Zoom call, a bot named "Fireflies Notetaker" sat silently in the participant tray, and the complaint alleges that by the time the meeting ended the platform had already generated and stored a unique voiceprint of her vocal characteristics — a biometric identifier under Illinois law — without notice, without written consent, and without a published retention policy. Three months later, Fricker v. Fireflies.AI Corp. (No. 1:26-cv-02675) repeated the theory. Brewer v. Otter.ai Inc. (No. 5:25-cv-06911) had already done so in the Northern District of California, and Otter's motion-to-dismiss hearing sits on Judge Pitts's calendar for May 20, 2026.

The legal mechanism here is not novel. Section 15 of the Illinois Biometric Information Privacy Act (740 ILCS 14) treats a voiceprint as the equivalent of a fingerprint. What is novel is the scale: every AI meeting assistant on the market today performs speaker diarization by default, and diarization without written consent is the conduct the statute prohibits. The damages math — $1,000 per negligent violation, $5,000 per reckless violation, per individual, per occurrence — is unforgiving once a class is certified.

The category of meeting AI tools that TopReviewed.ai tracks now carries an enterprise-procurement risk profile that did not exist eighteen months ago. Buyers who treated speaker recognition as a feature checkbox in 2024 are now treating it as a control surface that must be auditable, configurable, and, in some deployments, disabled outright.

What BIPA Actually Requires

BIPA Section 15 imposes five obligations on any private entity that collects, captures, or otherwise obtains a "biometric identifier" — a category that explicitly includes voiceprints. The text of the statute is older than the meeting-AI category, but its requirements map directly onto how these products operate.

• Written notice — before collection, the entity must inform the subject in writing that a biometric identifier is being collected.
• Stated purpose — the notice must specify the purpose for which the identifier is collected.
• Stated retention term — the notice must disclose the length of term for which the identifier will be stored and used.
• Written consent — the subject (or a legally authorized representative) must execute a written release.
• Published retention schedule — the entity must maintain a publicly available written policy specifying when biometric identifiers are permanently destroyed, with a hard outer bound of three years after the subject's last interaction.

Boilerplate language such as "we retain data as long as necessary for our business purposes" does not satisfy the fifth requirement, and Illinois courts have repeatedly said so. The retention schedule must be concrete.

Why Speaker Diarization Is the Problem

Every product in the meeting-assistant category — Fireflies.ai, Avoma, Fathom, Circleback, Granola, Grain, MeetGeek, Read.ai, Sembly AI, Tactiq, tl;dv — relies on speaker diarization to attribute lines of a transcript to specific participants. Diarization typically works by extracting a vector of vocal characteristics (pitch, formant frequencies, prosody, cadence) from short windows of audio and clustering those vectors into speaker identities.

That vector is a voiceprint. The complaints in Cruz, Fricker, and Brewer all argue the same thing in slightly different words: the platform extracts a mathematical signature of an identifiable individual's voice, stores it for at least the duration of the meeting, and in many cases retains it across meetings to improve cross-session attribution. None of the three defendants, the plaintiffs allege, obtained written consent from non-account-holding meeting participants before doing so.

Warning. The vendor's terms of service binding the meeting organizer do not bind the other participants. A meeting host who clicked "I agree" when installing Fireflies has not, under BIPA, consented on behalf of the candidate they are interviewing, the prospect on a sales call, or the witness in a deposition. Liability flows through to the meeting host's employer as a co-collector.

Frameworks at Stake Beyond BIPA

Illinois is the loudest jurisdiction because BIPA carries a private right of action with statutory damages. It is not the only one. A meeting-AI procurement review that treats BIPA as the sole compliance concern will misprice the risk.

• Texas CUBI (Tex. Bus. & Com. Code §503.001) — captures voiceprints, requires consent before capture, but enforcement is reserved to the state attorney general.
• Washington H.B. 1493 — covers biometric identifiers used for commercial purposes, with notice and consent obligations.
• GDPR Article 9 — biometric data processed for the purpose of uniquely identifying a natural person is a special category. Lawful basis requires explicit consent or a narrow set of derogations.
• EU AI Act — biometric identification systems carry incremental transparency duties, and emotion-recognition deployments in workplace settings are now restricted under Article 5.
• HIPAA — when the meeting subject is a patient and the call discusses protected health information, voiceprint creation by a non-BAA-bound vendor is a separate violation entirely.
• SOC 2 Common Criteria 6.1 — vendor-side controls over biometric data fall within the logical-access criteria a Type II auditor will sample.

An enterprise deploying a meeting assistant across a U.S. sales organization can trigger BIPA in Illinois, CUBI in Texas, GDPR in an EU subsidiary's calls, and a HIPAA breach in a healthcare-vertical account — from the same product, on the same day, with the same default settings.

Vendor Evaluation Against Controls

The controls that matter to a procurement reviewer are not the marketing-page bullets. They are the configuration surfaces that determine whether speaker recognition can be turned off, whether voiceprints persist beyond a session, whether non-participants receive notice, and whether the vendor will sign a data-processing addendum with biometric-specific terms.

The questions worth putting to any vendor in Fireflies.ai's category — and to the broader transcription stack including Assembly AI, which many of these tools embed under the hood — are concrete.

• Is speaker diarization a toggle the customer administrator can disable globally? On a per-meeting basis? Per participant?
• Does the vendor extract and store a persistent voiceprint embedding, or only a per-session cluster identifier that is destroyed at the end of the call?
• If the vendor stores voiceprint embeddings, where is the retention policy published, and what is the destruction trigger?
• Does the bot announce itself audibly at meeting join, and can that announcement be configured to read a BIPA-compliant notice?
• Will the vendor execute a data-processing addendum that names biometric data as a category and assigns liability for non-participant consent collection to the customer or to the vendor?
• Does the model-training opt-out apply to voiceprint embeddings specifically, or only to transcript content?
• Is the vendor's data-residency commitment binding for biometric data, or does it carve out training pipelines?

The Bot-Announcement Question

Several vendors — notably Read.ai and tl;dv — added or strengthened audible bot announcements after the Brewer complaint was filed. An audible "this meeting is being recorded and transcribed by Fireflies" tone at join is necessary but not legally sufficient. BIPA requires written notice and written consent. A spoken disclaimer satisfies neither.

The practical compliance posture that some enterprises have settled on is a layered one: the bot announces itself audibly at join, the meeting invite contains a written BIPA notice with a link to the published retention policy, and the host pauses at the top of the call to direct anyone who has not consented to drop off before substantive discussion begins. The audible announcement is a courtesy. The invite text is the legal artifact.

Voice Synthesis Adjacent Risk

The lawsuits to date target meeting transcription. The same statutory theory applies to voice-cloning platforms that ingest meeting recordings or voicemail samples to generate synthetic speech. Products in the voice-AI category — Eleven Labs, Resemble AI, Cartesia, Typecast — all extract voiceprints in the process of training a clone model, and the consent posture they require from the speaker whose voice is being cloned is substantially stricter than what the meeting-AI category has historically demanded.

The cross-category compliance lesson is that the act of generating a voiceprint is what triggers BIPA, not the downstream use. A meeting-AI vendor that extracts a voiceprint solely to label speaker turns in a transcript faces the same statutory exposure as a voice-cloning vendor that extracts a voiceprint to synthesize speech. The use case is irrelevant to Section 15.

Warning. An enterprise security review that approves a meeting-AI vendor on the assumption that voiceprint creation is "incidental to transcription" has misread the statute. Illinois courts have rejected the "incidental processing" defense in adjacent contexts, and the plain text of BIPA defines a biometric identifier by what it is, not by why it was collected.

Residual Risks After Vendor Selection

Even an enterprise that selects a vendor with a clean compliance posture — disable-able diarization, per-session voiceprint destruction, BIPA-aware DPA, audible bot announcement, retention policy published at a stable URL — retains a residual risk surface that procurement cannot solve unilaterally.

• The non-participant problem — calls forwarded to a meeting room, conference-room microphones picking up nearby conversations, and accidental joins all create voiceprints of individuals who never received notice.
• The training-data problem — historical recordings collected before a vendor changed its consent posture may still be in training pipelines or in cold storage. A DPA signed today does not retroactively cure embeddings extracted two years ago.
• The subprocessor problem — many meeting-AI vendors embed Assembly AI or a similar speech-recognition layer. The voiceprint may be extracted by the subprocessor, not the named vendor, and the chain of custody must be documented at both layers.
• The litigation-hold problem — a BIPA destruction policy can conflict with an active legal-hold obligation. The conflict is resolvable but not automatic, and the protocol must be defined before the conflict arises.
• The acquired-company problem — biometric data acquired through a corporate transaction inherits the consent posture of the original collection. M&A diligence should now include a voiceprint-inventory question.

Implementation Guidance

The procurement workflow that holds up under audit is sequential and documentable. It does not rely on the vendor's marketing posture; it relies on the customer's own records.

• Inventory every meeting-AI tool currently authorized for use, including ones installed by individual employees through self-service tiers. Shadow installs are the most common source of unmanaged biometric collection.
• For each tool, obtain in writing whether speaker diarization extracts and persists a voiceprint embedding. Treat verbal assurances as non-responsive.
• For any tool that does extract voiceprints, require a contract amendment that names biometric data as a processed category and binds the vendor to a BIPA-compliant retention schedule.
• Update the standard meeting invite template to include a BIPA notice block and a link to the relevant vendor's retention policy. The notice must be present before the meeting begins, not after.
• Configure the meeting bot to announce itself audibly at join, where the vendor supports it, as a secondary control on top of the written notice.
• Define a process for non-consenting participants to be removed from the call before substantive discussion. Document the process in the security runbook so it survives turnover.
• Add a quarterly review of which employees have installed self-service meeting bots, and reconcile the list against the authorized-vendor inventory.
• Where the risk profile justifies it — interviews, depositions, healthcare calls, M&A diligence — default to a meeting-AI configuration with diarization disabled, and require an exception request to enable it.

The Otter motion-to-dismiss hearing on May 20, 2026 will be the first appellate-adjacent test of the theory that creating a voiceprint for transcription purposes triggers BIPA Section 15. A ruling against Otter does not settle the question; a ruling for Otter does not retire it either, because the Illinois cases are in a different circuit and the statute's private right of action does not depend on federal precedent. The enterprise posture that survives either outcome is the one that treats voiceprint extraction as a regulated activity today, not after the appellate calendar resolves.

The concrete next step for any security or compliance reviewer with a meeting-AI tool in production: pull the vendor's published retention policy and time-stamp the URL. If the policy does not specify a destruction trigger or an outer-bound retention term, the tool is non-compliant under Section 15(a), and the conversation with the vendor needs to happen this quarter — not after a complaint names your employer as a co-defendant.