Why Consent Has Become a Problem for Meeting AI
AI meeting tools are now mainstream: 75% of professionals use one in their work meetings, making them core workplace infrastructure (Source: Fellow.ai, 2025). But that rapid adoption has surfaced a real tension — most of these tools record your meetings, and recording conversations carries legal weight in nearly every jurisdiction.
In many countries you can’t simply start recording a meeting without telling everyone. Some require consent from all participants, others only from one. The rules vary significantly between countries — and even between US states.
For teams collaborating across borders — which now applies to most remote teams — this creates a compliance challenge that’s hard to ignore. Understanding where the legal lines sit starts with understanding how these tools actually work.
Two Models, Two Consent Profiles
The consent question depends almost entirely on one thing: does the tool create a recording?
Model 1: Bot-based tools (recording)
Traditional AI meeting assistants send a bot into your call. The bot records everything, processes the audio, and produces a summary after the meeting. This means:
- A recording of the conversation exists on the provider’s servers
- All participants’ voices and statements are stored as personal data
- GDPR, HIPAA, and other regulations apply to that stored data
- Explicit consent from all participants is typically required before recording begins
Model 2: Real-time processing (no recording)
Some AI tools process audio in real time — capturing it from your microphone or browser tab, running it through AI processing, and discarding it immediately. No recording is created, no audio is stored. This means:
- No personal data is retained after the session
- The consent equation changes fundamentally
- Storage-related obligations (retention limits, right to erasure, breach notification for recordings) become moot
For a deeper look at how no-recording tools work, see our guide on no-bot meeting assistants.
The Privacy Paradox: Why This Matters for Meeting Culture
Consent isn’t just a legal box to check. Recording changes how people behave in meetings.
According to Fellow.ai’s 2025 survey of professionals, 84% of users say they change how they speak when an AI note-taker is present. The meeting gets captured — but the conversation itself becomes more guarded. Separately, 50% of professionals who haven’t adopted AI meeting tools cite privacy and security as their primary barrier.
For any team leader deploying meeting AI, this behavioural impact is as consequential as the legal question. A tool that makes participants guarded undermines the very meetings it’s supposed to improve.
This is one of the strongest practical arguments for choosing tools that minimise their data footprint — not just for compliance, but for team trust.
GDPR: What Actually Matters
GDPR is the most relevant framework for European teams, but its principles influence privacy law worldwide. Here’s what matters for meeting AI.
Data minimisation (Article 5(1)(c))
GDPR requires you to collect only the data you need, for only as long as you need it (see the official Regulation text on EUR-Lex). A tool that records entire meetings and stores them is harder to justify under this principle than one that processes audio in real time and immediately discards it.
Legal basis for processing (Article 6)
Recording a meeting typically requires either explicit consent from all participants or a documented legitimate-interest assessment. Real-time processing without storage is easier to justify — especially when the purpose is personal productivity, not surveillance of others.
Storage limitation (Article 5(1)(e))
Personal data may not be kept longer than necessary for the stated purpose. If no data is stored, this principle is satisfied by default — one of the strongest compliance arguments for no-recording tools. The ICO’s official guidance confirms that organisations must determine and justify their retention timeframes.
Data subject rights (Articles 15–22)
When recordings exist, participants can ask to access, correct, or delete their data. If no recording exists, these rights are simpler to honour — there’s nothing to access, correct, or delete.
One-Party vs. Two-Party Consent
Outside of GDPR, many jurisdictions use a “party consent” framework for recording conversations:
| Consent type | What it means | Examples |
|---|---|---|
| One-party | Only one person in the conversation needs to consent to the recording | Most US states, Netherlands, South Korea |
| Two-party (all-party) | Every participant must consent before recording begins | Germany, France, Spain, UK (business context), California, Illinois |
United Kingdom. Under UK GDPR and the Data Protection Act 2018, recording in a professional context requires informing all participants. The one-party exception in UK law applies to personal use only, not workplace meetings.
Germany, France, Spain. Recording a private conversation without all-party consent can be a criminal offence — under § 201 of the German Strafgesetzbuch, Article 226-1 of the French Code pénal, and Article 18 of the Spanish Constitution combined with the LOPDGDD.
California and Illinois. California’s Penal Code §§ 632 / 632.7 has long required all-party consent. The California Supreme Court confirmed in Smith v. LoanMe, Inc. (April 2021) that the rule applies to participants, not just third-party eavesdroppers. Illinois treats unlawful recording as a Class 4 felony on a first offence under 720 ILCS 5/14-2.
With a no-recording tool, this entire distinction becomes largely irrelevant — there’s nothing to consent to, since no recording is created.
How No-Recording Tools Simplify Compliance
The practical impact of using a tool that doesn’t record:
- No consent collection needed for recording — you should still be transparent, but the legal burden is dramatically reduced
- No data retention policy required — nothing is stored, so there’s nothing to retain or delete
- No breach notification for recordings — if there’s no recording, it can’t be leaked or accessed improperly
- Simpler vendor assessment — your legal team has fewer concerns when no personal data leaves your device
- Cross-border simplicity — varying consent laws between countries matter less when there’s no recording
For a deeper look at how this works in practice, see our guide on private meeting transcription.
Before You Choose: 5 Questions to Ask
When evaluating any AI meeting tool, work through these questions to understand your consent obligations:
- Does this tool record audio? If yes, consent requirements apply in most jurisdictions.
- Where is data stored? On-device only, or on the provider’s servers? Server storage creates additional GDPR obligations.
- How long is data retained? Indefinitely? 30 days? Or is it immediately discarded?
- Does a bot join the meeting? A visible bot will prompt participants to ask about recording and consent — sometimes after the fact.
- What does the data processing agreement actually say? Even if the tool claims “no storage,” verify it in writing.
Where LiveSuggest Stands
LiveSuggest is built around the no-recording model. It processes meeting audio in real time — via your microphone or browser tab audio sharing — and discards the audio immediately after processing. No bot joins your call. No recording is created. No audio is stored on any server. Our privacy policy and consent page document exactly what is processed and why.
This architecture was chosen specifically to minimise consent obligations and make the tool usable in privacy-sensitive environments. For details on how the audio processing works, see our technical overview of meeting AI without a bot.
Frequently Asked Questions
Do I need to tell participants I’m using an AI meeting tool?
It depends on whether the tool records. If an AI bot joins and stores the meeting audio, you generally need explicit consent from all participants. If the tool processes audio in real time without storing anything, the consent burden is significantly reduced — though transparency with colleagues is always recommended as a matter of professional ethics.
Is using AI meeting tools legal in Europe?
Under GDPR, the key factor is whether personal data is stored. Bot-based tools that record and store meeting audio create personal data subject to the full set of GDPR obligations. Real-time processing tools that immediately discard audio avoid most of these obligations, making them easier to use legally in Europe. Always check your country’s national law as well — several Member States have rules that go beyond GDPR.
What’s the difference between recording and real-time processing for GDPR?
Recording creates a stored copy of personal data (voices, statements), triggering the full set of GDPR obligations: storage limitation, right to erasure, breach notification, and more. Real-time processing analyses audio as it streams and discards it immediately — no personal data is retained, so most storage-based GDPR obligations don’t apply.
Can I use AI meeting tools in healthcare or legal meetings?
Healthcare and legal professionals face stricter rules around recording (HIPAA, attorney-client privilege, professional secrecy laws). AI tools that don’t record or store any audio are generally more compatible with these requirements, since no patient or client data is retained. Always verify with your compliance team for your specific jurisdiction and use case.
Conclusion
The consent question around AI meeting tools is simpler than it looks: it mostly comes down to whether the tool records. If it does, you need consent — and you inherit the full set of storage-related obligations that come with it. If it doesn’t, the equation changes dramatically.
As AI meeting tools become standard in professional settings, choosing one that minimises your compliance burden isn’t just convenient — it’s responsible. A no-recording, real-time approach lets you benefit from AI assistance without creating legal exposure for yourself or discomfort for your colleagues.
This article is for informational purposes only and does not constitute legal advice. Consult a qualified legal professional for guidance specific to your jurisdiction.
Sources
- The State of AI Meeting Notetakers 2025 — Fellow.ai, 2025 — adoption rates, privacy concerns, and behavioural impact statistics
- Regulation (EU) 2016/679 (GDPR) — official consolidated text — EUR-Lex (European Union) — Articles 5, 6 and 15–22
- Storage limitation principle — Information Commissioner’s Office (UK) — official guidance on GDPR Article 5(1)(e)
- Smith v. LoanMe, Inc., 11 Cal.5th 183 (2021) — Supreme Court of California — all-party consent under Penal Code § 632.7
- 720 ILCS 5/Article 14 — Eavesdropping — Illinois General Assembly — criminal penalties for unlawful recording
- § 201 StGB — Verletzung der Vertraulichkeit des Wortes — Bundesministerium der Justiz (Germany) — criminal prohibition on recording private conversations
- Article 226-1 — Code pénal — Légifrance (France) — criminal prohibition on recording private conversations without consent