Background and Allegations

In Brewer v. Otter.ai, filed in August 2025 in the Northern District of California, the plaintiff, Justin Brewer, who was not an Otter.ai user, alleges that Otter’s Notetaker and OtterPilot tools joined virtual meetings on platforms such as Zoom, Microsoft Teams, and Google Meet, recorded participants’ conversations without consent, and then transmitted those recordings to Otter for use in training its automatic speech recognition and machine learning systems. The complaint suggests that these actions exposed individuals who had never signed up for the service to unauthorized monitoring and secondary data use.

Claims and Legal Framework

The complaint raises both statutory and common law claims. At the federal level, it relies on the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, alleging unauthorized interception and access to communications. At the state level, it invokes California’s Invasion of Privacy Act, which requires all-party consent to recording, and the Comprehensive Computer Data and Fraud Access Act, which prohibits unauthorized access. California’s Unfair Competition Law is also asserted, targeting the alleged unfair and deceptive nature of the practices. In addition, the plaintiff advances claims for intrusion upon seclusion and conversion, contending that the recordings and their reuse intruded upon privacy and misappropriated the value of the communications.

The underlying allegations focus on the recording of conversations without participant knowledge or consent beyond that of the meeting host. They also highlight the reuse of these conversations to train Otter’s AI models, raising the issue of whether participants ever meaningfully consented to such secondary use. Finally, the suit argues that Otter improperly shifted the burden of obtaining consent onto account holders, leaving non-users without recourse or notice.

Compliance Risks and Implications

The case underscores how consent deficiencies create risk in jurisdictions such as California that require all-party consent to recording. Reliance on single-party or host consent leaves both vendors and their enterprise customers exposed to statutory and tort liability. Secondary use of the recordings compounds the problem. Even when data is anonymized, voice data and conversational context carry high risks of re-identification, and reusing such data for training without explicit consent can be seen as an unlawful or unfair business practice.

There are also contractual and operational implications. Vendor agreements often fail to make clear who bears the responsibility for obtaining consent. They also may not specify whether the recordings can be retained, reused, or repurposed for AI training. The absence of transparency in these agreements leaves organizations vulnerable to both litigation and reputational harm.

Recommendations for Legal Counsel and Compliance Teams

Legal counsel should advise organizations to strengthen consent practices by ensuring that all meeting participants are informed in advance and provide clear consent to recording. Policies and technical safeguards should embed this requirement, especially in high-risk environments such as client meetings, board discussions, or regulated industries. Counsel should also review vendor contracts carefully, insisting on clarity regarding whether recordings may be reused and whether customers may opt out of training practices. In addition, employees should be trained on when AI transcription tools may be used, and escalation procedures should be established for situations where consent is unclear.

More broadly, this case illustrates that AI governance cannot be divorced from traditional privacy and communications laws. Regulators are increasingly scrutinizing AI tools that capture and repurpose personal data, and companies that deploy them must prepare for enforcement under existing statutes such as California’s Consumer Privacy Rights Act as well as future AI-specific regulation.

Conclusion

Brewer v. Otter.ai highlights the challenges of applying long-standing privacy and wiretap frameworks to new AI-driven services. The allegations illustrate how quickly technological innovation can outpace compliance structures. For lawyers and compliance professionals, the lesson is clear: efficiency gains through AI transcription and note-taking must be balanced with rigorous attention to privacy, consent, and contractual safeguards. Organizations that fail to embed these guardrails risk litigation, regulatory action, and reputational damage.