Every HR manager I have spoken to in the last six months has the same reaction when I describe what BarnOwl does. They lean forward. Not because of the transcription. Because of the word "local."
HR sits at the intersection of the most sensitive meetings in any organisation — disciplinary proceedings, performance reviews, termination conversations, union discussions. These are meetings where confidentiality is not a preference, it is a legal obligation. And for the past two years, AI notetakers have been quietly joining those meetings, sending audio to third-party servers, and creating records that nobody thought carefully about.
A class action lawsuit now pending in the U.S. District Court for the Northern District of California is making this concrete. In re Otter.AI Privacy Litigation — consolidated before Judge Eumi K. Lee — alleges that Otter.ai's notetaking tools recorded participants without the consent of all attendees, and used those recordings to train AI models without adequate disclosure. No substantive ruling has been issued yet. But employment attorneys say the case already signals where the liability will land — and it is not just with Otter.
The employer is the liable party
Bradford Kelley, a shareholder at Littler Mendelson who co-authored the firm's February 2026 analysis of the litigation, told HR Executive that human resource teams should be "very interested in this case."
The key point from Littler is that the employer cannot simply point to the vendor's terms of service. Otter's position in its motion to dismiss is that its terms place responsibility for obtaining participant consent on the account holder — the employee who turned the tool on — not on Otter itself. Courts may find that framing insufficient. And even if they accept it, what it means in practice is that the employee's employer is responsible for what that employee deployed.
Employers are ultimately responsible for how AI is used within their organization, even when the technology is provided by a third-party vendor. — Employment law firm Brody and Associates, as cited in the Basil AI analysis of the Otter.ai litigation, May 2026
Banning AI notetakers does not solve this. Littler's analysis states directly that banning these tools outright is likely unenforceable. A 2025 survey by SoftwareFinder.com found that one in five professionals reported frequently using AI to draft meeting notes. The attorneys' recommendation: get ahead of it. Select, configure, and control a vetted tool rather than cede that ground to whatever employees happen to download.
Seven risk areas HR has not fully mapped
Kelley and co-author Zoe Argento, also a Littler shareholder, identify seven distinct risk areas that a single AI notetaker can activate simultaneously. The breadth of the list is the point.
Consent. Approximately twelve states require all participants to consent before a conversation can be recorded. A virtual meeting with participants in California and Illinois simultaneously triggers two of the strictest consent regimes in the country.
Biometrics. AI notetakers that identify individual speakers by their voice create biometric voiceprints. Illinois's Biometric Information Privacy Act (BIPA) authorises statutory damages for improper collection of biometric identifiers. Fireflies.ai currently faces two separate BIPA class actions in Illinois on exactly this basis.
Accuracy. AI transcription tools may consistently misunderstand accents, speech impediments, or other characteristics tied to protected classes. If those transcripts inform performance reviews, hiring decisions, or disciplinary actions, disparate impact exposure follows.
Discrimination and disparate impact. Employers using these tools in employment decision-making may trigger AI-specific notice and audit requirements in New York City, Illinois, and California.
Attorney-client privilege. Consumer-grade AI tools typically disclaim confidentiality in their terms of service. If legal counsel is present in a meeting where an AI notetaker is running, privilege may be waived. The February 2026 United States v. Heppner ruling made this risk concrete.
Data retention. Most consumer AI tools retain transcripts on their servers for extended periods under their own retention policies — not the employer's. HR meetings involving terminations, complaints, or investigations create records that the organisation cannot control or delete.
Confidentiality. Transcripts from HR meetings can and do end up shared with people who were not in the meeting. The Theus complaint — one of the four consolidated into the Otter.ai case — alleges that Otter sent transcripts and promotional emails to individuals whose names simply appeared on a calendar invite, whether or not they attended.
The multinational problem
For HR teams at organisations with employees in the EU, the compliance picture is significantly more complex. Under GDPR, consent must be freely given, specific, and unambiguous from each individual whose data is processed. A model that relies on one meeting participant to authorise recording on behalf of all others does not satisfy this standard.
Data transfer adds another layer. When an AI notetaker sends meeting audio to US-based servers for processing, that transfer must comply with international transfer mechanisms such as Standard Contractual Clauses. HR meetings involving European employees — performance conversations, disciplinary proceedings, works council discussions — are exactly the meetings where this becomes a problem.
In co-determination countries including Germany and France, deploying an AI notetaker may require works council consultation before rollout. This is a requirement with no US equivalent that multinational HR teams frequently overlook.
A single virtual meeting that includes employees, customers or candidates in multiple jurisdictions can trigger overlapping and sometimes inconsistent consent obligations that many employers have not fully mapped. — Littler Mendelson, February 2026
The architecture question
The Littler recommendation — select, configure, and control a vetted tool — points toward a real question: what does a vetted tool look like for meetings that HR cannot record?
The answer cannot be a cloud-based tool with a better privacy policy. The structural problem is the pipeline: audio leaves the device, goes to a server, gets processed under someone else's terms. That pipeline is what creates the consent exposure, the GDPR transfer problem, the privilege waiver risk, and the retention issue simultaneously.
Local-first transcription eliminates the pipeline. Audio is processed on the device, in memory, and never transmitted. There is no third-party server receiving your termination conversations. No terms of service governing your investigation records. No data retention policy you cannot control.
In all-party consent states, users are recommended to inform all meeting participants that transcription is active before the meeting begins. That is the only practical disclosure step. Everything else — where the audio goes, who processes it, what they do with it — disappears when the processing happens on your machine.
Frequently asked questions
Is an employer liable if an employee uses an unauthorized AI notetaker?
Which states require all-party consent for meeting recording?
Does banning AI notetakers solve the compliance problem?
What is BIPA and how does it apply to AI notetakers?
What about HR meetings in the EU?
HR meetings stay on the device. Not on a server.
BarnOwl transcribes locally. No cloud pipeline. No third-party retention. No consent exposure from server-side processing. The tool HR needs for the meetings it cannot afford to get wrong.
Download BarnOwl FreeWindows · Free · Local only
Sources
HR Executive: A lawsuit over AI notetakers should be on every HR leader's radar — Jill Barth, April 6, 2026
Littler Mendelson: AI Transcription and Note-Taking Technologies — Seven Points for Employers to Consider — Bradford Kelley & Zoe Argento, February 2026