Dressing old laws in class-action suits: Applying anti-wiretapping laws to AI transcription services

Class action lawsuits have long been a means of enforcing privacy rights, as privacy harms "are often spread among a larger group and harder to identify than typical consumer harms." Because privacy harms can be "small," class actions enable plaintiffs to collectively enforce their rights, distribute litigation costs amongst a large group, and impose larger penalties on defendants.

Recently, privacy class action lawsuits have been levied against artificial intelligence-powered transcription services under the Electronic Communications Privacy Act and the California Invasion of Privacy Act. Originally enacted decades ago to protect telephonic and electronic communications from unwarranted surveillance, these anti-wiretapping laws have found new significance due to the emergence of automated technologies capable of eavesdropping. This evolution has been spurred by a creative plaintiff's bar, which continues to find new applications of old privacy laws to pursue defendants.

AI trained on intercepted data may violate ECPA

The ECPA updated the Federal Wiretap Act to include digital and electronic communications. Under Section 2511(a), ECPA prohibits the intentional interception of any wire, oral, or electronic communication using a device, providing an exception to liability where one party consents to interception under ECPA Section 2511(2)(d). 

While the CIPA offers a similar scope, the state law contains a narrower consent exception, requiring that all parties consent. Even so, this distinction may not matter where the wiretap is carried out for the purpose of committing a tort, such as intrusion upon seclusion or conversion, which eliminates the one-party consent exception under the ECPA.