Voiceprints and Biometric Litigation

According to a report published in March 2022 by Global Market Insights Inc., the global market valuation for voice recognition technology will reach approximately $10 billion by 2028. As we know, many employers prefer and are already using (or considering) voice-powered timekeeping systems over fingerprints, and consumers are using voiceprint technology for health care apps, banking apps (and telephone systems), and hands-free vehicle use.

Recently, McDonald’s wanted to make its drive-thru experience more personalized. How would it do that? It set up artificial intelligence-based voice assistants (using Apprente) to take orders, extract the duration and pitch of a customer’s speech and then use those data to identify repeat customers to the drive-thru. Thereafter, in July 2021, a customer sued McDonald’s for capturing and storing her voiceprint without her consent in violation of the Illinois Biometric Information Privacy Act of 2008 (BIPA).

Lawsuits like the one against McDonald’s are unlikely to stop other companies from using voiceprints and other forms of biometric data collection; instead, it will probably spark more discussion on how to implement biometrics programs and comply with laws. These technologies surely have benefits, but the risks must also be understood and companies that use these technologies should be transparent and explain to employees and consumers what they are doing and why they are collecting the information.

The way in which companies navigate BIPA will most likely dictate how the business sector will comply with other (future) biometric laws in other states. Currently, Illinois’  BIPA is the only state biometric law that allows a private right of action. However, several other states are considering bills that would increase that number.
Over the past year, the use of voice-recognition technology has increased twofold. However, as more companies implement these technologies, the risk of litigation for failure to comply with biometrics laws increases. Companies must consider compliance before collecting and using such data; this is new territory for many companies as they are not accustomed to obtaining consent before collecting data or having to delete the data collected. Consumer privacy laws are on the rise and companies need to step up now to get ahead.