[that_guy_iain]

It wouldn't be in breach. otherwise, you sending an email with someone's email/phone number via gmail in it would cause Google to breach it. That would be on the software user. If you use somewhere that to breach GDPR, the software provider is not liable for how the user uses it.

[dspillett]

If you tell the software to do something that is a breach, or used it when you could reasonably be expected to know it would behave in such a way, then yes you are responsible.

If, for custom software/configuration, you specify software to do something automatically that is a breach, then yes also.

If the software does it without your instruction, especially if you explicitly opted out, that is in beach, then the service responsible for the software may be liable instead.

How enforceable this is, is a different discussion…

[handoflixue]

If the software is transcribing and sending emails without the user's awareness, much less permission... then the responsibility must rest with the software. Software isn't responsible for my deliberate decisions, but it is responsible for anything it does without consulting me.

[that_guy_iain]

That isn't going to fly is it? I didn't know this software did this when configured in this way isn't really something that moves the liability.

[sulam]

He specifically _didn't_ configure it in that way.

[that_guy_iain]

How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.

And he did have it configured to send out emails. So that part is true.

[pessimizer]

If they're lying or mistaken, let us discuss the lie or mistake, and even the possibility that there could have been a lie or mistake (based on something.) Just dismissing it based on a obvious counterfactual that you're declaring based on no evidence other than that you think users lie and developers don't make mistakes is a waste of time.

If you have some kind of insight into the specific configuration of otter.ai, or evidence that this specific person has made a mistake (and that all of the other people that have also seen this behavior are also mistaken) that would be constructive. As it is, you're not even carrying water for a company, you're offering water to a company that didn't ask for it by denigrating the people around you.

[arcticfox]

Thank you for defending me; my HN has anti-distraction timer so I wasn't able to respond to them.

Like I explained in the other comment, while mistaken configurations are frequently a user mistake, I was exceptionally careful in this instance because the same thing had just happened to my boss and I was wondering what the mistake she made was.

Also, I was hoping for a quality investigation and response from otter.ai but I think anyone can compare the credibility of my account to their response in this thread to figure out who they believe.

[arcticfox]

> And he did have it configured to send out emails. So that part is true.

This isn't true at all. This feature was and is disabled on my account.

> How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.

Normally I would agree with you - the same thing happened to my boss earlier in the day, the Otter bot joined a call before she did and she was baffled how it was there. I thought she must have accidentally enabled a new feature.

So when I looked at my otter.ai account after that I was exceptionally careful to not just click through the big blue "Enable Otter Assistant" button and find the light grey "Skip" button in the upper right. To no avail, as the Otter bot started to invade my meetings after that.

I only stopped it by disabling the Google Calendar integration they had had prior, which was only to suggest which meeting to link recordings to, and not the new "Otter Assistant" feature that automatically joins meetings.

[pbhjpbhj]

If you made a draft email with those details, then GMail sent that draft without your authority then they too would be in breach, albeit unwittingly. That seems like a reasonable analogy to what happened in the OP, assuming it was a bug and not some 'growth hacking' plan as others have speculated.