Microsoft hit with IL biometric class action over Teams call transcriptions

By Jonathan Bilyk | Legal Newsline
The Center Square

Microsoft has been hit with a class action lawsuit under Illinois’ stringent biometrics privacy law, potentially worth many millions or even hundreds of millions of dollars, accusing the company of improperly recording users’ voices when they are using the companies Teams videoconferencing app.

Attorneys from the firms of Byrnes Keller Cromwell, of Seattle; Levin Law, of Miami; and Labaton Keller Sucharow, of New York, filed the lawsuit in Seattle federal court.

The lawsuit was filed on behalf of named plaintiffs Alex Basich, Kristin Bondlow, Marquis Boyce, Jessica Brewer and Jamari Brown, all identified as Illinois residents. However, the plaintiffs said they are seeking to expand the action to potentially include “many thousands or tens of thousands” of others who have videoconferenced on Microsoft Teams.

The lawsuit specifically takes aim at Microsoft’s use of so-called “automated real-time transcription services” within the popular Teams app.

The videoconferencing feature stands as the primary alternative and rival to Zoom, the company whose name has become eponymous with the act of videoconferencing.

The use of such services has particularly exploded since the onset of the Covid pandemic and the simultaneous and sustained rise of work-from-home in 2020 and 2021, as they enabled members of far-flung remote work teams and others to communicate and collaborate while being able to view each other’s faces and body language.

According to industry statistics, both Microsoft Teams and Zoom boast more than 300 million daily active users each.

The lawsuit, however, zeroes in on Microsoft Teams users from Illinois.

According to the complaint, Microsoft Teams launched “live automated transcription” service in 2021. The lawsuit notes the feature allowed Teams “users to create a real-time, archivable written record of meeting dialogue complete with speaker attributions and timestamps.”

According to the complaint, the key to accomplishing such transcription is the use of technology known as “diarization,” which allegedly can distinguish and identify users “based on their voice characteristics.”

“Put simply, this is the determination of ‘who said what, when,'” the complaint said.

The complaint asserts that process requires Microsoft to record the meeting and process and analyze the audio, in part, by creating identifying “voiceprints” for individual users.

While a useful feature, the plaintiffs assert this “voiceprint” creation process ran afoul of the law known as the Illinois Biometric Information Privacy Act (BIPA), because Microsoft allegedly failed to properly notify users of the recording and “voiceprint” analysis and secure their authorization before the technology was activated on their video conference calls, as allegedly required by BIPA.

Further, they assert Microsoft failed to provide users with certain notices concerning data collection, storage, sharing and disposal, also allegedly in violation of BIPA.

While filed in Washington federal court, the lawsuit is is just one of a growing number of thousands of class action lawsuits lodged against businesses in Illinois courts and elsewhere under the BIPA law.

While the bulk of those lawsuits have targeted Illinois employers, a large number of BIPA suits have also assailed tech giants, including Microsoft, as well as Meta, Google, Amazon and others.

The lawsuits have typically accused targeted companies of violating the law by scanning people’s fingerprints, faces, voices and other so-called biometric identifiers, without first obtaining written consent or providing notices about how that information might be stored, used, shared and ultimately destroyed.

To coerce compliance, the law gave plaintiffs the so-called right of private action, allowing them to sue businesses accused of violating the BIPA law. Those sued can face potentially steep payment demands of $1,000-$5,000 per violation.

Under Illinois Supreme Court rulings, the law was interpreted broadly, as plaintiffs could bring their lawsuits against businesses without showing they were ever actually harmed.

When multiplied across potentially thousands or tens of thousands of plaintiff class members, those payouts could quickly rise into the many millions or hundreds of millions of dollars.

Meta, the parent company of Facebook and Instagram, for instance, famously agreed to pay $550 million and $68 million to settle claims against them for alleged improper face scans of people including in photos uploaded to Facebook and Instagram, respectively.

Like those other suits, the plaintiffs in the new case against Microsoft are also seeking damages of $1,000 or $5,000 per violation and seeking to multiply those damages across potentially tens of thousands of Illinois residents who may have used Microscft Teams since 2021 on calls and meetings using the automated transcription service.

Microsoft has not yet responded to the BIPA complaint in court.