Voice recognition technology has enabled life to be more convenient in many ways. They are completing the task of controlling your television easier with a smart remote, or making everyday inquiries with a smart assistant, such as checking the weather, quick and easy.
In recent years, voice recognition has become ubiquitous and more sophisticated. Recent studies indicate that by 2026 voice recognition technology will be worth approximately $7 billion to the global market. Soon, voice recognition will be even further ingrained within everyday life, and regulators will have to account for this growing usage, especially regarding privacy. As a result, there has been increasing awareness around the ways voice recognition can, and should, be used.
Users, manufacturers, and brands will all benefit from knowing who regulates voice recognition, how it is regulated today, and what changes in regulation are expected to be seen in the years to come as the technology develops.
In this blog, we highlight the many ways governments and institutions worldwide are regulating voice recognition technology.
European Union’s GDPR (General Data Protection Regulation)
Since May 2018, the GDPR classes “Voice” as “Personal Data.” As a result, businesses must abide by a new set of restrictions and regulations when interacting with, and storing voice recognition data.
The European Data Protection Board has said that voice recognition is an example of a biometric identification technique and that the voice can be used as biometric data. Therefore, European Union (EU) residents are granted a range of rights relating to voice recognition, including the right to access and delete. Accordingly, businesses that process and control voice recognition data must abide by the new important security and privacy obligations.
CCPA (California Consumer Privacy Act)
Like the EU’s GDPR, the CCPA seeks to protect residents’ personal data, and defines how voice recognition relates to “biometric information.” In this case, a business must provide any California resident interacting with their service with information about its data collection practices. The CCPA states an individual cannot waive their right to consumer privacy.
The Act’s definition of “biometric information” is as follows: “biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted.”
BIPA (Biometric Information Privacy Act)
Also, in the US, the Biometric Information Privacy Act was introduced in 2008 and continues to serve a regulatory purpose in Illinois for companies collecting biometric identifiers and information on Illinois state residents.
Under BIPA, “voiceprint” is included as a biometric identifier. Voiceprint is a factor that is central to voice recognition technology and has been the subject of significant BIPA litigation in recent years.
Companies operating in Illinois must be aware of BIPA regulations. When it comes to voice recognition, pay particular attention to features such as ‘Informed consent before collection,’ ‘Prohibition on profiting from biometric data,’ and ‘Limited right of disclosure of biometric information.’
COPPA (Children’s Online Privacy Protection Act)
The Children’s Online Privacy Protection Act of 1998 also serves to regulate voice recognition technology in the US. There are strict consent requirements for collecting and storing data under COPPA, and these also apply to voice recordings.
The Federal Trade Commission released guidance on COPPA concerning voice recordings and technology in 2017, stating that, “Verbal commands may be a necessity for certain consumers,…when a covered operator collects an audio file containing a child’s voice solely as a replacement for written words… [they] must provide the notice required by the COPPA Rule, including clear notice of its collection and use of audio files and its deletion policy, in its privacy policy.”
State/Common Law Mandates
Many states have common law mandates that require businesses to impose an affirmative duty to use reasonable measures to safeguard any personal data they collect.
These mandates will more often than not refer to biometric information such as data relating to voice recordings and voiceprint. Usually, these safeguarding law mandates will provide a framework for compliance without imposing specific measures.
Additional State Mandates Regarding Data Destruction/Disposal
More than thirty US states have data destruction and disposal laws. According to many of these laws, businesses must take reasonable steps to dispose of any records that contain personal information securely. As with other regulations, the definition of personal information often includes biometric information such as voiceprints.
Data Breach Notification Laws
All fifty US states currently have data breach notification laws, and they are an integral part of modern privacy and security protocols. The definition of personal information differs throughout the states, but California, Florida, Arizona, and Texas all consider biometric information (such as voiceprint) subject to data breach notification laws.
Vendor Contract Statutes
Today, states like Massachusetts and California have statutory requirements to ensure that businesses conduct due diligence before sharing personal information with third-party service providers. Some of these statutes will also help obligate the vendor to put safeguards in place appropriate to the sensitivity of the data.
As discussed, voice recognition is currently regulated by governments around the world in various ways. Ultimately, whether you are a user, developer, retailer, or manufacturer, it’s important to keep abreast of the regulatory landscape as the world of voice recognition evolves, expands, and makes life easier in the next few years.
How Ambiq Contributes
By enabling always-on voice detection and recognition, voice-powered devices can do more than play music. Overnight, these hearables are evolving into voice assistants capable of integrating into our personal and work lives for a wireless and hands-free guidance.
With the mission to foster a cleaner, greener, and safer environment where mobile and portable devices could either reduce or eliminate their total power consumption from the batteries, Ambiq has been laser-focused on inventing and delivering the most revolutionary System-on-Chip (SoC) solutions in the market for the last ten years. Through the advanced Subthreshold Power Optimized Technology (SPOT®) platform, Ambiq has helped many leading manufacturers worldwide create products that can operate for days, months, and sometimes years on a lithium battery or a single charge.