Skip to main content

BIPA Voiceprint Violations

The Lyon Firm is actively reviewing Biometrics Data Privacy Class Action Lawsuits on behalf of employees nationwide
Request a No-Cost & Confidential Consultation
Nationwide Success

BIPA Voiceprint Violations: Illinois Biometric Privacy Lawsuits

Under the Illinois Biometric Information Privacy Act (BIPA), voiceprint collection is likely illegal. BIPA explicitly identifies voiceprints as protected biometric identifiers, placing them in the same category as fingerprints, retinal scans, and facial geometry data. If a company gathered, stored, or shared your voiceprint without following strict legal protocols, you may have the right to seek significant financial compensation. 

At The Lyon Firm, we represent individuals and classes of workers and consumers whose biometric data has been unlawfully handled. If your voice data was captured without your consent, our attorneys want to hear from you.

Most people think about fingerprints or facial scans when they hear the phrase “biometric data.” But there is another form of biometric information being collected, stored, and sometimes shared without consent every single day: your voice. Whether you called a customer service line, used a voice-activated drive-through window, interacted with a smart speaker, or enrolled in a telecommunications company’s identity verification program, your unique voiceprint may have been captured by a private company without your knowledge or written authorization.

Any breach of biometric data may be a violation you can file a legal claim. Contact The Lyon Firm by calling (513) 381-2333 for a free, fully confidential consultation regarding your options.

How Does BIPA Apply to Voiceprints?

The core purpose of the Illinois Biometric Information Privacy Act is straightforward: private companies that interact with biometric identifiers must follow strict rules before collecting, using, storing, or sharing that information.

In Wilcosky v. Amazon, Inc., a federal district court confirmed that voice-based virtual assistant technology generates biometric identifiers because voiceprints can be used to identify specific individuals. The court emphasized that BIPA’s protections are not limited to fingerprints or facial scans — they extend fully to voice data collection by technology platforms.

To comply with BIPA, any private entity that collects voiceprint data must:

  • Provide written notice that voiceprint data is being collected and stored
  • Disclose the specific purpose for which the voice data will be used
  • State how long the biometric data will be retained before it is destroyed
  • Obtain a written release — a signed authorization — from the individual before any collection takes place
  • Publish a written, publicly available retention policy detailing how the company handles biometric data
  • Refrain from selling or profiting from biometric information under any circumstances
  • Protect biometric data using the same or greater standard of care it applies to other sensitive confidential information

What Kind of Voiceprint Settlement Can Your Lawyer Secure Under BIPA?

Here are some common types of settlements or remedies that a biometric privacy lawyer may seek on your behalf:

  • Fees per violation (statutory damages): Many biometric privacy laws allow individuals to seek statutory damages for each violation. These damages are typically set at a specific amount per violation, which can add up if multiple voiceprint violations are proven.
  • Individual losses (actual damages): Individuals may be entitled to seek actual damages based on financial losses or other harm suffered as a result of the biometric privacy violation.
  • Stop the wrongdoing (injunctions): A lawyer may seek injunctive relief to stop the defendant from continuing to collect, use, or store biometric data unlawfully. An injunction can be a powerful remedy to prevent further violations.
  • Deletion of biometric data (destruction): In some cases, individuals may seek an order requiring the defendant to delete or destroy the unlawfully collected biometric data to protect their privacy.

It’s essential to consult with an experienced biometric privacy lawyer who can assess your case, advise you on potential remedies, and work to secure the best possible settlement on your behalf.

Where Are Voiceprints Being Collected Without Consent?

Voiceprint collection is far more widespread than most consumers realize. As voice recognition technology has become cheaper and more sophisticated, businesses across virtually every industry have quietly integrated it into daily customer and employee interactions. The following are among the most common settings where unauthorized voiceprint collection has become the subject of BIPA litigation.

Workplace Voice Systems

Large employers — particularly in the retail, logistics, and warehouse sectors — use voice-directed technology to route workers through tasks. These systems require employees to speak commands that the technology uses to guide operations. In the process, the system creates a unique voiceprint profile tied to each worker. Companies like Walmart have faced class action lawsuits alleging they failed to provide proper written notice or obtain worker consent before building these voiceprint profiles. Petco also settled a BIPA voiceprint lawsuit for $445,000, covering 445 workers who had their voice data collected through a Honeywell-powered warehouse system without proper authorization.

Customer Service Phone Lines and Voice ID Programs

Telecommunications and financial services companies have increasingly adopted voice identity verification tools. Verizon’s Voice ID program became the subject of litigation in 2024 when it was alleged that customers were enrolled in voiceprint collection during calls to customer service without being informed in writing or given the chance to consent. The complaint alleged that at no point during the enrollment process were customers told their biometric data was being collected, how it would be stored, or when it would be destroyed.

Automated Drive-Through and Ordering Systems

In Carpenter v. McDonald’s, a plaintiff alleged that voice recognition technology used at McDonald’s drive-through windows captured audio waveforms that could identify customers by their speech characteristics — including duration, pitch, national origin, gender, accent, and age. Similar lawsuits have named Applebee’s, Chipotle, Red Lobster, Portillo’s, Blaze Pizza, and other restaurant chains for allegedly using a third-party voice recognition provider to capture customer voiceprints when customers called to place orders.

Smart Home Devices and Virtual Assistants

Companies deploying Alexa-style voice assistants have also come under BIPA scrutiny. In Zaluda v. Apple Inc., a plaintiff argued that voice data collected through Siri captured physical information that, unlike passwords or Social Security numbers, cannot be separated from the individual or changed if compromised. This case drew attention to an important reality: even seemingly passive voice interactions with consumer devices can generate legally protected biometric data.

AI-Powered Call Center Technology

Enterprise AI companies that provide voice authentication and call routing solutions to financial advisors, healthcare providers, and other firms have also entered the BIPA spotlight. In Cisneros v. Nuance Communications, Inc., a plaintiff alleged that a voiceprint created during a call to a financial advisor violated BIPA. The case reached the Seventh Circuit on appeal in 2025, with the outcome expected to shape how BIPA applies to third-party service providers operating in regulated industries.

How BIPA Voiceprint Cases Are Filed

BIPA cases involving voice data are typically filed as class action lawsuits, because voiceprint collection by employers or customer-facing businesses almost always affects a large group of people in the same way. A class action allows a single plaintiff, or a small group of named plaintiffs, to represent the interests of everyone affected, combining individual claims into one unified case. This structure makes it practical to pursue companies whose per-person violations might not justify individual litigation — but whose aggregate misconduct is substantial.

Some BIPA voiceprint cases have also proceeded through mass arbitration, particularly in the consumer context. Mass arbitration allows hundreds or thousands of individuals to simultaneously bring their own separate claims against a company, often achieving meaningful pressure even when class action waivers in consumer contracts would otherwise block a unified lawsuit.

To qualify as a class member in a voiceprint case, you generally need to show:

  • You are or were a resident of Illinois, or your biometric data was collected while you were in Illinois
  • A private company captured, stored, or disclosed your voiceprint
  • The company failed to provide written notice and obtain your written consent in advance
  • The company lacked a publicly available retention and deletion policy governing your voice data

You do not need to prove that you were personally harmed. The violation of the consent requirement itself is enough to trigger BIPA liability under settled Illinois law.

Real Settlements and What They Tell Us About BIPA Enforcement

The trajectory of BIPA voiceprint litigation over the past several years illustrates both the depth of corporate non-compliance and the real financial consequences for companies that fail to prioritize biometric privacy. Petco’s $445,000 settlement for workplace voiceprint violations. Walmart’s ongoing exposure over warehouse voice-directed technology. Verizon’s mass arbitration recruitment for Voice ID customers in Illinois. Restaurant chain litigation over automated ordering systems. These are not isolated incidents — they represent a pattern of industries adopting voice technology at scale without implementing the legal framework BIPA requires.

Broader BIPA settlements in the biometric space have produced landmark results. Clearview AI agreed to a $51.75 million settlement over its biometric data practices. Speedway reached a $12.1 million settlement. Illinois-based workers and consumers have consistently demonstrated that courts will hold companies accountable, and that plaintiffs’ attorneys can achieve real results even against large, well-resourced defendants.

photo of biometrics data privacy attorney Joe Lyon

Reviewing Voiceprint Privacy Violations

Why Hire Our Attorneys?

The Lyon Firm has a deep background in data privacy, biometric rights litigation, and consumer class action law. Our legal team understands both the technical dimensions of how voiceprints are captured and stored and the legal standards that companies are required to meet under BIPA. We represent plaintiffs in claims against employers, retailers, telecommunications companies, financial service providers, and technology platforms that have failed to follow the law.

If you received a workplace directive requiring you to use a voice recognition system, enrolled in a voice identity program with a telecom or financial company, or used a voice-activated device or ordering system in Illinois and were never asked to sign a written consent agreement, you may have a BIPA voiceprint claim. The window to act is open — but it will not stay open indefinitely.

CONTACT THE LYON FIRM TODAY

  • This field is for validation purposes and should be left unchanged.

Voiceprint Class Actions FAQs

Does BIPA protect me if I live outside of Illinois but my voiceprint was collected by an Illinois-based company?

Generally, BIPA’s protections apply based on where the biometric data was collected, not necessarily where the company is headquartered. If your voiceprint was captured while you were physically present in Illinois — for example, at a warehouse job, a restaurant, or a retail location in the state — you are likely covered regardless of where you permanently reside. However, if you were located outside of Illinois when the collection occurred, your BIPA claim may face jurisdictional challenges. An attorney can review the specific facts of your situation and identify whether state or federal privacy law offers an alternative path to recovery.

Can my employer retaliate against me for filing a BIPA voiceprint claim?

No. Illinois law prohibits employers from retaliating against workers who exercise their legal rights, including the right to bring a BIPA claim. If you were terminated, demoted, disciplined, or otherwise treated adversely because you raised concerns about voiceprint collection or participated in a BIPA lawsuit, that retaliation may give rise to a separate legal claim on top of your biometric privacy case. Workers sometimes hesitate to come forward out of fear of losing their jobs, but the law is designed to protect you from exactly that outcome. The Lyon Firm handles these matters with full confidentiality during the evaluation process.

If my voiceprint was collected years ago, is it too late to file a claim?

It depends on when the collection occurred. The Illinois Supreme Court confirmed in Tims v. Black Horse Carriers that BIPA claims carry a five-year statute of limitations. This means that if your voiceprint was collected without proper consent as recently as early 2020, your claim may still be timely today. However, the clock matters, and waiting too long can permanently bar your ability to recover compensation. If you are uncertain whether your situation falls within the filing window, the best course of action is to speak with a BIPA attorney as soon as possible. An initial consultation with The Lyon Firm is free and carries no obligation.

Your Right to Justice
Learn About Class Action Litigation

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for privacy violations or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your data privacy case into a valuable settlement. The current legal environment is favorable for workers and consumers involved in data privacy class actions.

data breach lawsuits
Discover the Ways We Can Help

Class Action Information Center