The automatic recording of meetings using AI tools promises enormous efficiency gains. Yet while the technology is available, legal implementation lags behind in many companies. In particular, the question of whether explicit consent from all participants is mandatory poses a hurdle for many organizations.
In this article, you’ll learn under what conditions transcription can be made legally compliant and which technical configurations can pave the way for use without active consent.
The Legal Context: Why Transcription Is Risky
Anyone who uses transcription software operates at the intersection of two areas of law:
1. Criminal Law (Section 201 of the German Criminal Code)
Section 201 of the German Criminal Code protects the confidentiality of speech. Anyone who records “non-public speech” on an audio medium without permission is acting unlawfully. Since most AI apps first record the conversation in order to process it, the criminal law implications here are usually more significant than those under data protection law.
2. Data Protection Law (GDPR)
A person’s voice is biometric data. Furthermore, meetings often contain confidential company data or personal information. Processing therefore requires a legal basis under Article 6 of the GDPR - usually consent or a legitimate interest.
Is transcription without consent legally permissible?
The short answer is: Yes, but only under very specific technical conditions.
In order to dispense with explicit consent (the active “click to agree”), the balancing of interests under Article 6(1)(f) of the GDPR must favor the company. This is only possible if the risk to participants is drastically reduced. Many AI apps do not offer these capabilities. But there are tools that can do the following:
Technical adjustments for a consent-free solution
If you configure a tool to maximize privacy protection, digital transcription becomes very similar to traditional, manual note-taking. The following aspects are crucial:
No permanent audio storage (RAM-only): The app should be configured so that the audio stream is processed only in volatile memory and never saved as a file (MP3/WAV). Without “recording” on a sound carrier, the elements of Section 201 German Criminal Code are generally not met.
On-device processing: Ideally, the data does not leave the end device. Local AI models (e.g., based on Whisper) process the spoken content directly on the user’s laptop. This eliminates the problematic transfer of data to third countries (e.g., the U.S.).
Deactivation of speaker recognition: If the AI refrains from assigning voices to individual profiles (diarization), no biometric features are analyzed. The transcript remains a purely textual summary of the content.
No AI training: The app settings must ensure that the provider does not use the data to improve its own models.
Checklist for Legal Precautions
Technology alone is not enough. Before rolling out an app like Fireflies, Otter, or Microsoft Teams AI company-wide, you should take the following steps:
Data Processing Agreement (DPA): Enter into an agreement with the provider in accordance with Article 28 of the GDPR.
Transparency requirements: Even without consent, participants must be informed in accordance with Article 13 of the GDPR (e.g., via a notice in the meeting invitation).
Data Protection Impact Assessment (DPIA): In cases of widespread use, a DPIA is often essential to assess the risks to personal rights.
Company Agreement: In the context of an employment relationship, the use of such tools should be accompanied by a clear company agreement to safeguard employee data protection.
Conclusion: Technology Determines Compliance
The use of AI transcription tools is not a legal no-go, but it requires precise legal guidance and a careful selection of software. A “standard installation” without customization is almost always illegal in German companies. Anonymized real-time transcription without storage, on the other hand, can be a permissible and powerful tool.
Do you have questions about the legally compliant implementation of AI tools in your company?
As experts in tech law, we support you in designing your processes to be both efficient and legally compliant.