According to a report published in March 2022 by Global Market Insights Inc., the global market valuation for voice recognition technology will reach approximately $10 billion by 2028. As we know, many employers prefer and are already using (or considering) voice-powered timekeeping systems over fingerprints, and consumers are using voiceprint technology for health care apps, banking apps (and telephone systems), and hands-free vehicle use.

Recently, McDonald’s wanted to make its drive-thru experience more personalized. How would it do that? It set up artificial intelligence-based voice assistants (using Apprente) to take orders, extract the duration and pitch of a customer’s speech and then use those data to identify repeat customers to the drive-thru. Thereafter, in July 2021, a customer sued McDonald’s for capturing and storing her voiceprint without her consent in violation of the Illinois Biometric Information Privacy Act of 2008 (BIPA).

Lawsuits like the one against McDonald’s are unlikely to stop other companies from using voiceprints and other forms of biometric data collection; instead, it will probably spark more discussion on how to implement biometrics programs and comply with laws. These technologies surely have benefits, but the risks must also be understood and companies that use these technologies should be transparent and explain to employees and consumers what they are doing and why they are collecting the information.

The way in which companies navigate BIPA will most likely dictate how the business sector will comply with other (future) biometric laws in other states. Currently, Illinois’  BIPA is the only state biometric law that allows a private right of action. However, several other states are considering bills that would increase that number.
Over the past year, the use of voice-recognition technology has increased twofold. However, as more companies implement these technologies, the risk of litigation for failure to comply with biometrics laws increases. Companies must consider compliance before collecting and using such data; this is new territory for many companies as they are not accustomed to obtaining consent before collecting data or having to delete the data collected. Consumer privacy laws are on the rise and companies need to step up now to get ahead.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.