Wave of BIPA Lawsuits Targets AI Note-Taking Software Over Biometric Data Collection

Summary

A surge of class-action litigation under the Illinois Biometric Information Privacy Act (BIPA) has emerged, targeting AI-powered meeting transcription and note-taking tools for allegedly collecting and storing voiceprints—unique biometric identifiers derived from speech—without proper written notice, informed consent, or transparent data retention policies. Companies like Fireflies.AI are facing legal challenges, exemplified by Cruz v. Fireflies.AI Corp. in the Northern District of Illinois, which alleges that the software recorded, analyzed, and retained participants' voices, including non-users, without satisfying BIPA's statutory requirements.

The litigation exposes a critical compliance gap in widely-deployed AI meeting assistants that automatically join calls, distinguish speakers, and generate attributed transcripts. Under BIPA's broad biometric definition, voiceprints qualify as protected biometric identifiers, triggering strict procedural requirements before collection. Many vendors lack clear mechanisms for disclosing biometric collection to all participants or securing written consent.

Employers using these tools face significant liability exposure. Illinois courts have established that multiple entities—including the employers deploying the technology—can be held responsible for biometric collection when they enable, authorize, or benefit from its use. Employers are advised to implement clear policies governing AI meeting tool use, build robust consent frameworks with written notification and data retention specifics, and conduct independent due diligence on vendor compliance practices rather than outsourcing responsibility entirely.