Think about this for a second—when was the last time you left a meeting and said to yourself, “I’m not sure if I’ve captured everything perfectly. I wish I could go back and listen to the conversation again?”
Happens often, right? Even when you think of recording a meeting, this question perhaps looms over your mind—Can I record meetings? Is it even legal?
The short answer is: Yes, it is indeed legal to record virtual meetings and calls.
The long answer is—there are nuances to it, depending on factors such as geographic location, reasons to record the meeting, security aspects, and more.
Through this blog post, we look at the call recording laws across different states & countries. We’ll discuss which ones among them are one party or two party consent states—and the specific compliance and legal requirements to keep in mind while recording virtual calls or meetings.
Disclaimer: We’re not legal experts. This post is an effort to consolidate and simplify the various recording laws across the world for easy understanding.
Recording meetings is one of the most helpful ways of making sure you make the most out of your conversation. Here are a few reasons why you should be recording your next meeting:
While it is perfectly legal to record meetings or calls, certain situations have legal sensitivity when it’s best not to record. And if you have to record those meetings, you need to limit access to those recordings to the concerned parties. For example:
Like assets organizations maintain their storage systems, audio and video recordings also require secure storage. However, the complexities and requirements regarding recording storage policies differ across industries.
For instance, the meeting recording of a conversation between a patient and a healthcare professional is categorized as a healthcare record. Since these conversations typically contain patient health information and personally identifiable data, HIPAA rules apply to those recordings, and the data requires encryption at rest. So, if you need to share the recordings, they require password protection and should be shared only with other authorized users.
Depending on organizations and on a case-to-case basis, you may at times need to keep the recordings for 6-10 years. And before you record any conversation, you need consent from one or more parties.
Recording virtual meetings typically refers to recording conversations on web conferencing apps such as Zoom, GoogleMeet, Webex, etc. In comparison, recording calls means recording conversations on the phone and using dialers such as Aircall, RingCentral, Kixie, etc.
From a legal standpoint, the most important factor to understand before recording a meeting or call is consent. So, for starters, if you want to record a conversation, let the participants know in advance that you plan to record the meeting and obtain their consent.
There are four types of consent:
One-party consent or single-party consent means that you can record a call or meeting as long as you have consent from one of the parties in the meeting. You don’t need explicit consent from the other party. Most of the countries in the United States allow one one-party consent.
Two-party consent means all parties have to be informed the call is being recorded, and the party recording the conversation must obtain prior consent from the other party. The consent may be given actively or passively. Countries that follow the two-party consent rule include the United Kingdom, Canada, India, Germany, Australia, and Romania.
Active consent typically involves sending out a visual or audio cue to the meeting participants suggesting that the conversation would be recorded. The participants (other parties) need to actively give you their consent by either clicking an approval button or verbally giving their consent to record.
Passive consent refers to the scenario where the meeting participant receives the audio or visual cue. For example: the announcement that says, “This meeting is being recorded” while in the meeting, and the participants don’t object to the recording. If the participants are willing to continue the meeting knowing it’s being recorded, they’ve passively given you their consent.
Now that we understand how ‘seeking consent to record meetings’ works, let’s look at the recording laws across countries.
In the US, the Electronic Communications Privacy Act (ECPA) guides the recording of calls. It includes video conference meetings and calls because the ECPA primarily governs acquiring aural transfer (any transfer containing the human voice from the point of origin to reception) through electronic communication channels.
The ECPA states that it is illegal to record a call without the consent of at least one party. As discussed above, the consent sought need not always be ‘active consent.’ But that said, different states have developed variations of the recording laws, which are either similar or more stringent in nature.
Let’s take North Carolina as an example—it is a one-party consent state. That means a meeting participant can actively or passively imply consent to a meeting recording as long as they’re notified that the meeting or call is recorded.
On the contrary, states such as California and Florida are two-party consent states, meaning both parties must consent before recording the meeting. It means you need to share the intent to record the meeting in advance. The notification can be in the form of emails, audio disclaimer announcements, clickable CTAs, etc. Also, in this case, the meeting attendees can actively or passively give their consent.
Here’s a snapshot of the states in the US based on the governing recording law:
Here is a list of 37 states (+DC) considered one-party consent states. In addition, Connecticut can also, at times, be regarded as a one-party consent state because there are different laws for in-person conversations and phone/online conversations.
A two party consent state is where both or all parties should consent to the recording of a conversation. This is in contrast to a one-party consent state, where only one party needs to consent to the recording. Following states require you to obtain consent from two or all parties to record a conversation:
There are several states that either have ambiguous recording laws or none at all. Vermont, for example, does not have a call recording law, while Hawaii and Nevada are one-party consent states but still require two-party consent to record conversations.
Connecticut requires all-party consent for electronic recordings and one-party consent for in-person conversations. Oregon, on the other hand, follows one-party consent for electronic recordings and two-party consent for in-person conversations.
Illinois requires consent from all parties to record, transmit, or listen to non-electronic private conversations. Michigan and South Dakota require one-party consent until the recording party is a participant in the conversation.
Regions may also have separate laws when it comes to recording phone calls, video meetings, or in-person conversations, so ensure that you’re well-versed with specific regulations in your state/area/location before recording conversations.
The recording laws don’t change drastically in the EU, but we can certainly say that the EU has some of the most stringent recording laws. As long as your organization operates in the EU member states or has customers in the EU, you’re required to follow the rules outlined in the European Union’s General Data Protection Regulation (GDPR).
GDPR states you need to justify the need to record a call or meeting and obtain unambiguous consent from all parties before recording the conversation. The law works very similarly to the two-party consent states in the US.
The law clearly states that all recordingData retention, storage, and protection requirements:
The law clearly states that all recordings can only be stored for as long as it is necessary to fulfill the purposes for which the data were collected or processed. However in cases of public interest, scientific or statistical, or research purposes, the data can be stored for more extended periods.
While you retain the recordings, you need to:
The participants of the calls and meetings have the right to access the recording and also request more information on:
GDPR also allows the data subjects to request the erasure of the data concerning them, and it needs to be erased without any delay. The data subjects can request deletion of data if:
Post-Brexit, most of the EU regulations that applied to the UK were no longer applicable. The UK introduced its own data legislation law called UK-GDPR, however, the call recording laws remained largely unchanged from before.
Though, for anyone to record calls in the UK, they also have to comply with the Data Protection Act 2018 and the Human Rights Act 1998—other than the UK-GDPR. These laws safeguard your personal data, establish recording guidelines for businesses and the government, and ensure your data is stored securely.
Canadian recording laws are straightforward. They have a ‘two-party/ all-party consent’ mandate. So, when you record a conversation involving a Canadian meeting participant, you need to:
Across Australia, it’s perfectly legal to record meetings and calls as long as you have two-party consent by informing them in advance. In case of outbound cold calls, you need to let them know at the beginning of the conversation that you will be recording, and the participants have the right to request to be transferred to a non-recording line.
Certain territories, such as Queensland, allow one-party consent for recordings. However, if you’re situated in New South Wales, remember that the Surveillance Devices Act 2007 applies to you, and it’s illegal to use a recording device without all participants' consent.
In South Africa, call recordings are regulated by the Regulation of Interception of Communications and Provision of Communication-Related Information Act of 2002 (known as RICA). Unless you’re a party to the conversation, have written consent from one of the parties, or are conducting a discussion pertaining to the business (where specific exceptions apply), recording a call in South Africa would be considered unlawful.
However, being party to the conversation broadly means either you’re a part of the conversation (virtually or in person) or invited to the meeting/call, which means you can go ahead and record calls or meetings without any hassle.
As you get to evaluating call recording software for recording and analyzing calls and meetings across dialers and web conferencing tools, you’ll notice that pretty much everyone adheres to compliance. But then, most platforms are compliance capable and not necessarily compliance optimal.
Compliance capable solutions refer to a product’s capability to comply with the regulations, but they might not necessarily incentivize the users to keep those compliance levers switched on.
Not every user will remember and switch on or off a compliance safety measure. And this is where compliance-capable solutions miss the mark by not balancing the capabilities with user experience.
Here’s an example: As discussed earlier, one of the mandates for obtaining consent is to make a mandatory announcement saying, “This meeting is being recorded” when someone joins the meeting. A compliance-capable solution announces every time someone joins the meeting to the entire room, instead of announcing only the new attendees. From a user experience standpoint, you don’t want to interrupt the conversation flow of people in the middle of a meeting.
Compliance-optimized solutions balance compliance requirements and user experience quite well. They deliver the goal of being fully compliant without making the user perform a lot of manual steps.
For example:
Below is a list of questions that you should consider asking call recording providers when you’re evaluating their compliance:
At Avoma, we take compliance seriously. While it’s your responsibility to comply with the regulations and seek consent, Avoma offers ways to automate and enable the process.
1. You can enable the following notifications to seek consent from your participants:
2. For more clarity, we recommend you explicitly name the bot, so it’s clear that the bot has joined the call to record. Example: You can name it – ‘Avoma Recorder.’
3. When you record meetings natively using a conferencing tool, you’ll always see a constantly blinking red button indicating that the call is recorded.
4. If you’re recording the meeting natively using Zoom or Google Meet, every new meeting participant joining the call gets an audio alert/announcement that the meeting is being recorded. The announcement is heard only by the new meeting participant without interrupting the conversation flow of existing participants.
And if you choose to record using the Avoma Bot, you have to enable the audio announcement, and your meeting participants will start hearing the announcements.
5. The meeting recording is accessible to both parties as long as they are Avoma users. And in case of sharing the meeting with a non-Avoma user, you can control the access permission on what they get to see.
6. Regardless of the meeting participants being from a single-party or two-party consent state, we recommend that you proactively notify all of them and seek consent.
7. In case of a cold outbound call made from a dialer, we recommend the SDRs and BDRs explicitly announce that the call is being recorded right at the beginning of the call. For example, they can say something like, “Hey! This is John Doe from Acme Inc., and I’m calling from a recorded line.” And if the called party continues to stay on the call, it means that they have passively consented. This disclosure isn’t required in single-party consent states, but we recommend standardizing the process across the board.
We hope this blog post gives you a good perspective on the legal aspects of recording meetings and calls worldwide. With Avoma, we make it easy for you to ensure compliance with the call recording laws by automating the process—and are committed to keeping up with the changes and updates.
We also ensure that this post is continuously updated as the changes occur.