The protection of personal data has become a societal priority enforced by numerous regulatory texts. If social security numbers, birth dates and last names are considered personal data, why not voice, a personal attribute often considered as sensitive as fingerprints ?
In Article 4.1, the GDPR defines “personal date” as follows: All data attached to a person and that allows them to be identified directly or indirectly(…) to one or several specific properties unique to their physical, physiological identity…”.
Voice is protected by this article. It is often used to identify individual, with many banks now proposing identification of their customers via voiceprints. It is specific to the physiological identity of a person.
More and more AI software and fintech service and identification projects are based on vocal recognition, underlining the importance and sensibility of these data (ie Common Voice by Mozilla, VoCo by Adobe, Siri, Alexa…) that will be at core of commercial wars in the next few years, proving the urgency to regulate the use and processing of this personal today.
European data protection authorities have always leaned towards the widest possible interpretation of this concept. The European working group G29, uniting national authorities such as the French CNIL, has clearly stated that data comprised of sounds and images deserves to be considered as personal data.
GDPR is not about refusing technological progress, but was established and put into effect in order to protect businesses and technology’s reach and exploitation of our personal data, ensuring that respect and protection of privacy remains a priority.
Voice is certainly one of the most sensitive and dangerous personal data being exploited in our current data era, and the risks multiply daily.
Whether the voice data being handled and used was conceived in a personal or professional context is not the issue. Voice is legally defined as a persona data, no matter the context or support the data derives from.
Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.
Share this article