Voice Data: A focus point of privacy supervisory authorities.
Often overlooked in data privacy compliance strategies, voice is a personal data, and protected by the GDPR and numerous other data protection legislations worldwide. While more “traditional” identifier data such as social security numbers, names, birthdates, email addresses, images, fingerprints and DNA come to mind for most when thinking of personal data, many are unaware that voice is also protected.
GDPR Article 4.1 defines personal data as “all data related to a person and that allows them to be identified directly or indirectly (…) to one or several specific properties unique to their physical, physiological identity…”. The CNIL (French GDPR Supervisory Authority) provides examples of personal data such as photos, voice recordings, first or last names, pseudonyms, dates of birth, telephone numbers, social security numbers, postal addresses, email addresses, fingerprints, retinal prints and more.
The voice in almost all circumstances, infers an individual’s identity. Considered biometric data, voice is protected by Article 4.1 as it can be used to identify individuals, is specific to the physiological identity of people and discloses an abundance of personal information about a speaker. In addition to the words spoken, voice can be used to identify gender, age, education, language and accent, geographical and socio-cultural origins and more.
Voice data is particularly unique given that it often reveals what the GDPR categorizes as “special categories” of data – for example, a voice recording may reveal, inter alia, the ethnic origin of an individual (through accent) or a potential health condition (such as Parkinson’s which can affect speech) – sensitive personal data such as this is subject to even more stringent protections under the GDPR than “traditional” categories of personal data.
Which industries are processing voice data?
Voice data is certainly one of the most sensitive and dangerous personal data being exploited in our current data era, and the risks multiply daily. Technological progress in the arenas of AI, synthetic voice reproduction, voice assistants, audio and video conferencing platforms and speech-to-text technologies have turned voice-data into an urgent focal point for privacy supervisory authorities.
Voice data protection has far reaching implications on almost every industry in some way, shape or form.
While the voice technology industry has been profoundly impacted by voice data privacy regulations, a multitude of other sectors have also had to implement privacy framework. Fintech, medical and insurance sectors providing biometric voice recognition services struggle daily to secure collected personal data and to ensure they meet legal security & processing requirements.
Companies in every sector that record customer service calls have had to implement new processing policies that respect data subjects’ privacy rights.
Advertising and media & entertainment companies who collect and process voice samples of dubbing and voiceover actors have also had to adapt their workflows and data processing processes to respect privacy regulations.
Voice-data privacy and protection will continue to be at the core of many commercial wars over the next few years. Technologies offering voice recognition, replication and cloning have opened a doorway to potential fraud and identity theft, the extent of which our society has never before confronted.
Modification of voices is hardly new, however, we are in the midst of a new era where deepfake technologies are advancing quickly through intense machine algorithms and learning techniques.
Protecting this biometric personal data is urgent and companies processing voice in any context must ensure the data is secure and that they are respecting relative privacy legislations.
The information contained in this document is for informational purposes only and does not replace legal advice. We strongly recommend that you consult with legal counsel or a Data Protection Officer for your specific situation and legal obligations.
