[xyos]

I just deleted my account because of that, also they share conversations with everyone in the meeting by DEFAULT, it wasn't nice receiving a message from a co-worker telling me that he received an email with the transcription it generated.

[AJRF]

Also deleted account. If anyone from Otter.ai is here - don't do this, reverse this change, email anyone affected since the change and apologise and also, i'd advise you to lawyer up.

[cc-d]

Odds are they know their market better than you do, and are fully aware of just how serious the consequences from shit like this can be.

but this is capitalism afterall, kind of the point

[chris_wot]

He is the market, so I'm pretty certain he knows what he wants.

[arikr]

Wtf, that's terrible UX.

[yashap]

For sure, it’s almost certainly a “growth hacking” attempt (they’re hoping the ppl they email signup to otter.ai), but a pretty terrible one. Every other similar growth hacking attempt I’ve seen will explicitly ask for consent before sending anything to non-users of the app.

Overall, sounds like a VERY unscrupulous company, that you shouldn’t trust with your personal data.

[refulgentis]

Even more terrible is using a recording service when you're in a meeting with me, not telling me, then complaining the real problem is the service told me

[chris_wot]

He didn't want Otter.ai to transcribe. He had turned it off!

[jrumbut]

As understandable as the mistake is, I would be upset if I had arranged a private meeting with someone and they let a third party into the conversation (excluding force majeure such as sophisticated hacking, violence, etc).

Especially if it was some unaccountable third party recording agent! Who knows where that data is going?

[chris_wot]

OK, and nobody is disputing this. The fact remains, he did not let any third party into the conversation.

[kordlessagain]

That's not what the UI says, or does. I signed up and actually looked, before posting.

[darkteflon]

Same, deleted my account over this. One of the most comically egregious UX fuckups I’ve ever seen.

Maya Angelou is apposite: “When people show you who they are, believe them the first time.”

[and0]

Yeah, I just signed up to play with this and was surprised that a random "get started" sort of forced me into it to continue. After I noticed an incredibly faint "SKIP" text button in the corner. I disabled it afterwards.

[turtleman1338]

If some of the participants are located in the EU this is a GDPR violation.

[airstrike]

If any of the participants are in many US states including California, this is also likely illegal.

https://www.romanolaw.com/2022/05/09/are-recorded-conversati....

[JumpCrisscross]

There are also call-recording issues in all-party consent states [1]. The transcript not only shows recording, it could also be used as evidence that consent was never sought.

[1] https://recordinglaw.com/party-two-party-consent-states/

[that_guy_iain]

How so?

[Etheryte]

If the bot transcribes anything GDPR considers personal data and then emails it out you're already in breach. Simply someone telling their phone number to another participant over the call would result in a violation.

[that_guy_iain]

It wouldn't be in breach. otherwise, you sending an email with someone's email/phone number via gmail in it would cause Google to breach it. That would be on the software user. If you use somewhere that to breach GDPR, the software provider is not liable for how the user uses it.

[dspillett]

If you tell the software to do something that is a breach, or used it when you could reasonably be expected to know it would behave in such a way, then yes you are responsible.

If, for custom software/configuration, you specify software to do something automatically that is a breach, then yes also.

If the software does it without your instruction, especially if you explicitly opted out, that is in beach, then the service responsible for the software may be liable instead.

How enforceable this is, is a different discussion…

[handoflixue]

If the software is transcribing and sending emails without the user's awareness, much less permission... then the responsibility must rest with the software. Software isn't responsible for my deliberate decisions, but it is responsible for anything it does without consulting me.

[that_guy_iain]

That isn't going to fly is it? I didn't know this software did this when configured in this way isn't really something that moves the liability.

[pbhjpbhj]

If you made a draft email with those details, then GMail sent that draft without your authority then they too would be in breach, albeit unwittingly. That seems like a reasonable analogy to what happened in the OP, assuming it was a bug and not some 'growth hacking' plan as others have speculated.