Voice is a personal data

Protected by European GDPR and worldwide data protection laws, voice has become a focal point of supervisory authorities.

Often overlooked in data privacy compliance strategies, voice is a personal data, and protected by the GDPR and numerous other data protection legislations worldwide. While more “traditional” identifier data such as social security numbers, names, birthdates, email addresses, images, fingerprints and DNA come to mind for most when thinking of personal data, many are unaware that voice is also protected, in fact, the collection and processing of this data is strictly regulated.

GDPR Article 4.1 defines personal data as “all data related to a person and that allows them to be identified directly or indirectly (…) to one or several specific properties unique to their physical, physiological identity…”.  Considered biometric data, voice is protected by this article as it’s often used to identify individuals, is specific to the physiological identity of people and discloses an abundance of personal information about a speaker. In addition to the words spoken, voice can be used to identify gender, age, education, language and accent, geographical and socio-cultural origins, health, and more.

The CNIL, (French GDPR Supervisory Authority), defines personal data as any information that can be used to identify a natural person directly or indirectly. For example, first or last name, telephone number, social security number, email, image or voice. 

Technological progress in the arena of AI and synthetic voice reproduction has turned voice-data into a primary point of focus for supervisory authorities. While modifying voices is hardly new, we are in the midst of a new era where deepfake technologies are advancing quickly through intense machine learning techniques. 

Technologies offering voice recognition, replication and cloning have opened a doorway to potential fraud and identity theft, the extent of which our society has never before confronted.  Voice-data privacy and protection will be at the core of a number of commercial wars in the next few years and strictly enforced regulation of voice-data processing is critical.

GDPR is not about refusing technological progress, but was established and put into effect in order to protect businesses and technology’s reach and exploitation of our personal data, ensuring that respect and protection of privacy remains a priority.

Voice is certainly one of the most sensitive and dangerous personal data being exploited in our current data era, and the risks multiply daily.  

The dubbing and voice industry is no exception to the qualification of voice as a personal data, no matter the medium.  Learn more…


Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.

Share this article


Share This Post