Is voice the other shoe to drop in biometrics legal battles?

It is easy to forget about the privacy implications of voice recognition deployments with the saturation coverage of Clearview AI complaints in North America and biometric legislation in Europe. Easy but not impossible.

A proposed $5 million class action alleges that fast foodery McDonalds is breaking Illinois biometric privacy law by using voice recognition software to store drive-through customers’ utterances without their express consent.

Specifically, the suit claims that McDonald’s wants to be able to identify repeat customers to customize orders and upsells. The company uses machine vision at some of its locations to read and store license plates for the same reason, and only does so after getting consent.

While a comparatively measly $5 million payout would be unlikely to gather much attention, the fact that both voiceprints and McDonald’s are attached indicates the case bears monitoring.

McDonald’s is based in Illinois, home to the revered and feared Biometric Information Privacy Act, or BIPA. It says it has not broken the law.

The company in 2019 bought voice-tech startup Apprente and that same year bought Israeli AI tool maker Dynamic Yield. McDonald’s also has created a research shop in Silicon Valley toying with both AI and voice recognition.

According to some legal observers, voice recognition and storage for identification and verification is growing in significance. Digital infrastructure at all levels is being upgraded, making compute-intensive voice tools practical.

McDonald’s is acting early with a 10-restaurant deployment of systems capable of 85 percent order accuracy, according to CNBC. Customer experience and company productivity are behind the move, the company has told reporters.

Perhaps a step behind is China-based video-based social network TikTok, which, according to TechCrunch, reportedly changed its privacy policy for U.S. members so that it can collect biometric identifiers including voiceprints.

Executives said that permission will be requested before harvesting voiceprints, TechCrunch reported.

Chicago attorney Mary Smigielski, co-chair of the law firm Lewis Brisbois’ BIPA practice, has said in interviews she is skeptical that the McDonald’s case will succeed. Voice cases have been rare so far, and few have made it to court.

Smigielski said she has not seen court decisions that define a voiceprint in the wake of BIPA. And it is not clear, she said, that what McDonald’s is doing is covered by the act.

Her caution is shared.

Jay Edelson, of Edelson PC in Chicago, told Law.com that the restauranteur’s data systems might only be recognizing that someone is speaking, not collecting voices, and that would not violate the Illinois act.

Article Topics

biometric data  |  biometric identifiers  |  Biometric Information Privacy Act (BIPA)  |  data protection  |  lawsuits  |  legislation  |  McDonald’s  |  privacy  |  voice biometrics  |  voice recognition  |  voiceprints