Voiceprint you didn’t mean to create: What Delgado v. Meta means for employers
Employers and tech companies face real litigation risk when they process voice data in ways that could be used to identify individuals, even if they never actually use the data for that purpose. That is the key takeaway from Delgado v. Meta Platforms, Inc., where a federal court in California denied Meta’s request for summary judgment (dismissal without a trial) in a proposed class action alleging voiceprint collection in violation of the Illinois Biometric Information Privacy Act (BIPA).
Understanding BIPA and voiceprints
BIPA regulates how private entities collect, retain, disclose, and destroy “biometric identifiers.” That classification of data expressly includes voiceprints, along with fingerprints, retina or iris scans, and scans of hand or face geometry. Before collecting biometric data, an entity must provide written notice, obtain a written release, and maintain a publicly available retention and destruction policy. Violations carry statutory damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation, and that exposure scales rapidly in a class action.
A voiceprint, however, is distinct from a simple audio recording. It involves the analysis of unique vocal characteristics (pitch, tone, cadence, and speech patterns) to identify or distinguish a specific speaker. When software processes voice data in a way that attributes speech to a particular individual, that process may create a “biometric identifier” under BIPA.
Notice and consent