A federal class action lawsuit filed in August 2025 alleges that Otter.ai secretly captured and recorded confidential business conversations without the consent of all meeting participants, then used that audio data to train its artificial intelligence models. The case, Justin Brewer v. Otter.ai, centers on how the company’s meeting transcription software—specifically Otter Notetaker and OtterPilot—silently joined Zoom, Microsoft Teams, and Google Meet calls to record conversations, storing the audio on Otter’s servers without disclosure or permission from non-users who participated in these meetings. Plaintiff Justin Brewer, a California resident, discovered that his private, confidential conversations had been captured and converted into transcripts by Otter’s bot when he unknowingly participated in virtual meetings where someone else had enabled the service.
What makes this case particularly significant is the allegation that Otter.ai used the collected data—including conversations from people who never agreed to be recorded—to improve and train its AI systems. The lawsuit claims this conduct violated federal wiretapping laws, computer fraud statutes, and California’s strict two-party consent privacy laws, potentially affecting millions of meeting participants nationwide. As of June 2026, no settlement has been announced, though the case remains in active litigation with federal court hearings underway. Legal experts estimate potential damages could range from $50 million to $200 million, depending on how many people were secretly recorded and which statutes ultimately apply.
Table of Contents
- How Did Otter.ai’s Meeting Software Secretly Record Conversations?
- What Laws Does the Lawsuit Claim Otter.ai Violated?
- How Did Otter.ai Use the Recorded Conversations to Train AI Models?
- What Did Federal Courts Determine About Standing and Injury?
- What Are the Estimated Damages and Settlement Scenarios?
- What Changes Has Otter.ai Made in Response?
- What Does This Case Mean for Other AI Transcription Services and Privacy Going Forward?
- Conclusion
How Did Otter.ai’s Meeting Software Secretly Record Conversations?
The core allegation in this lawsuit involves the technical mechanics of how Otter’s software operates during virtual meetings. According to the complaint, when someone with an Otter account enables the Notetaker or OtterPilot feature on a Zoom, Teams, or Google Meet call, the bot joins the meeting as an invisible participant and records all audio. The distinction here is crucial: unlike a human participant who joins a visible video call, Otter’s bot integrates into the meeting’s audio stream without appearing as a named attendee or providing clear notification to other participants that recording is occurring.
The software then transmits this audio to Otter’s servers, where it is automatically transcribed and stored. What distinguishes this from typical recording scenarios is that Otter allegedly gave people who weren’t even users of the service no opportunity to opt out. Imagine a manager at a company enables Otter on a call with 15 employees—under Otter’s previous system, only the manager would receive notification that recording was happening, while the other 14 participants might have no idea their words were being captured and stored. This becomes especially problematic when those recorded conversations contain sensitive information like medical details, legal advice, salary discussions, or proprietary business strategies.
What Laws Does the Lawsuit Claim Otter.ai Violated?
The complaint asserts violations across multiple federal and state statutes, each carrying different legal standards and potential damages. At the federal level, the lawsuit invokes the Electronic Communications Privacy Act (ECPA), which prohibits the unauthorized interception of electronic communications, and the Computer fraud and Abuse Act (CFAA), which can apply when someone accesses computer systems without authorization. Under ECPA alone, the statutory damages framework allows for the greater of $10,000 per violation or $100 for each day of violation—a substantial exposure when multiplied across thousands or millions of recorded calls. California state law provides even more aggressive remedies. The California Invasion of Privacy Act (CIPA) imposes $5,000 in statutory damages per violation, but California also requires consent from all parties to a recorded conversation, not just one party.
This “two-party consent” requirement is stricter than federal law and represents a critical distinction that could amplify damages significantly. Some commentators have compared this situation to the Illinois Biometric Information Privacy Act (BIPA) cases, where companies faced massive statutory damages ($1,000 to $5,000 per violation) for collecting biometric data without explicit consent. In two-party consent states, recorded meetings involving multiple participants could theoretically result in penalties multiplied by the number of non-consenting participants per call. The lawsuit also includes claims for common law intrusion upon seclusion—a tort that recognizes damages when someone invades another person’s reasonable expectation of privacy. Additionally, Otter.ai faces allegations of conversion (wrongfully taking something of value, in this case the proprietary conversations) and violations of California’s Unfair Competition Law (UCL), which prohibits deceptive business practices.
How Did Otter.ai Use the Recorded Conversations to Train AI Models?
Beyond the recording itself, the lawsuit highlights a second layer of alleged misconduct: using the captured audio data to train and improve Otter.ai’s artificial intelligence systems. The complaint alleges that Otter used transcripts and recordings from thousands of meetings—including confidential conversations from people who never agreed to the service—to enhance its AI models’ accuracy and capabilities. This practice raises distinct legal and ethical concerns beyond simple unauthorized recording. Consider a scenario where a law firm uses Otter on a client conference call without informing all attendees. Under the allegations, Otter would have captured attorney-client privileged discussions, proprietary legal strategies, and sensitive client information.
That data would then be fed into Otter’s AI systems to improve transcription quality, essentially allowing the company to benefit commercially from confidential professional information it had no right to capture. This mirrors concerns raised in other AI training disputes where companies have been accused of using copyrighted material or personal data without permission to improve their models. The distinction here is that AI training creates a permanent, ongoing use of the data even after the initial recording—meaning the violation doesn’t end once the call concludes. From Otter.ai’s perspective, the company likely argued that using anonymized data for model training is a standard industry practice and that the transcripts don’t contain personally identifiable information. However, the lawsuit contests this reasoning by emphasizing that the recordings themselves were obtained unlawfully—and therefore cannot be cleansed of their illegal origin simply by anonymizing them. This “poisoned fruit” theory suggests that improperly obtained data should not be usable for any purpose, regardless of anonymization.
What Did Federal Courts Determine About Standing and Injury?
An important recent legal development emerged in early 2026 when the federal court ruled that plaintiffs have legal standing to pursue these claims. This may sound technical, but it’s critically important: in many privacy cases, companies argue that people suffered no concrete injury—that being recorded without consent is merely a technical violation without real-world harm. However, the court rejected this argument and determined that being secretly recorded without consent constitutes a concrete, particularized injury that entitles people to sue. This ruling carries significant implications for the case’s viability.
It means that plaintiffs don’t need to prove they were actually harmed by the data being misused or that Otter.ai sold their information—the unauthorized recording and storage itself is injury enough to support a lawsuit. This contrasts with some other privacy settlements, where courts were skeptical about whether mere data exposure (without actual fraud or identity theft) caused sufficient harm. The ruling substantially strengthens the plaintiffs’ position and makes settlement negotiations more likely because Otter.ai now faces a much clearer path to liability. A comparison might be made to the Apple CSAM case, where courts had to grapple with how to measure injury from technologies that could enable privacy violations—here, the federal court drew a bright line that secret recording equals injury.
What Are the Estimated Damages and Settlement Scenarios?
While no settlement has been finalized as of June 2026, legal analysts have projected the potential exposure based on statutory damages frameworks and comparable privacy cases. If courts ultimately find Otter.ai liable under ECPA alone, with statutory damages of $10,000 per violation and potentially millions of recorded meetings captured, the exposure could easily exceed $50 million. However, if California’s two-party consent statute applies more broadly—assessing damages per non-consenting participant rather than per meeting—estimates climb toward $100 million to $200 million or higher.
A key limitation of these estimates is that they depend on several unsettled questions: the exact number of meetings recorded without full consent, how many people were affected per meeting, which laws ultimately apply to which conduct, and whether courts will award full statutory damages or reduce them based on equitable principles. Additionally, settlement amounts are heavily influenced by the defendant’s ability and willingness to pay. Unlike a massive tech company like Google or Meta, Otter.ai is a smaller, venture-backed company, so the ultimate settlement could be constrained by the company’s actual financial resources rather than the theoretical maximum damages. A comparison might be drawn to the Zoom Video Communications privacy settlement in 2020, where the company paid $85 million following similar unauthorized access claims—though Zoom faced somewhat different allegations and had greater resources.
What Changes Has Otter.ai Made in Response?
Following the lawsuit’s filing, Otter.ai updated some of its consent notification features and added more visible alerts when its bot joins a meeting. These changes reflect what companies typically do when facing privacy litigation—implement fixes that suggest the issue was a procedural oversight rather than deliberate misconduct. However, critics of these modifications argue they don’t fully address the core problem: even with better notifications, the fundamental concern remains that people on calls where someone else enables Otter may not receive direct, clear, affirmative warning before being recorded.
It’s important to recognize that these updates, while well-intentioned, occurred after the lawsuit was already filed. In privacy litigation, companies that implement fixes retroactively sometimes argue these measures demonstrate good faith, but plaintiffs’ lawyers counter that if the company knew clear consent was necessary, it should have required it from the start. The question of whether improved disclosures will influence the final settlement amount remains open as negotiations continue.
What Does This Case Mean for Other AI Transcription Services and Privacy Going Forward?
The Otter.ai lawsuit is likely to influence how other AI transcription and note-taking services operate going forward. Companies offering similar products—including Zoom’s own transcription features, Microsoft’s meeting recording tools, and other emerging AI note-takers—are watching how courts handle the consent and data-use issues raised in this case. If Otter.ai faces significant liability, competitors will likely implement stricter consent requirements and more transparent data practices, particularly in states with two-party recording consent laws.
Broader implications extend to how courts and regulators view AI training on user-generated data without explicit consent. This case could establish precedent that companies cannot justify using personal audio data to improve AI models simply because they anonymized it afterward. As AI applications become increasingly pervasive in workplace and personal communication, the Otter.ai case may signal that consent will remain a critical requirement, not an optional best practice. Legal observers will be watching both the settlement amount and any injunctive relief imposed on Otter—such as requirements to delete previously collected data or obtain retroactive consent—to understand what the enforcement landscape looks like for AI-powered recording services.
Conclusion
The Otter.ai Privacy Class Action Lawsuit represents a significant test of how courts balance the convenience of AI tools with strict privacy protections, particularly in two-party consent jurisdictions like California. The case alleges that Otter.ai secretly recorded millions of virtual meeting participants without their knowledge or permission and then used those recordings to train its AI systems—conduct that violates federal wiretapping laws and state privacy statutes that could result in statutory damages of $50 million to $200 million or more.
If you participated in virtual meetings where someone else used Otter’s transcription service, or if you work in an industry where Otter was enabled on calls, you may be part of the affected class. As of June 2026, no settlement has been announced, but the case continues to move through the federal court system with motion hearings scheduled. Eligible class members should monitor settlement announcements and claims administrator notices, which will provide details on how to submit claims for compensation.