Can I Record My Customers?

The short answer: yes and no

Call Recording Legality
Data & Analytics

Published: November 16, 2022

John Flood

John Flood

In the 2006 film “Lives of Others,” an East German Stasi (state security) officer is ordered to spy on a couple in their East Berlin apartment.  

In the story, which takes place in 1984, the captain and his team bug their apartment, set up surveillance and recording equipment in an attic, and begin reporting on their activities.  

The film, which won an Academy Award, is a cautionary tale about how easy it was for governments to spy on their citizens during the Cold War.  

So, while the Cold War might be over, not much has changed in geopolitical terms. In technological terms, though, we live in an entirely different reality. 

Indeed, the life depicted in “Lives of Others” seems like it happened a century ago, before the Internet, before the cloud, before smartphones, and way before AI-based speech analytics. 

Call Recording Today. Is it Legal? Be Prepared.

Consider how easy and widespread it is for companies today to record every conversation in the contact center.  

The research firm DataIntelo, expects the global call recording software market to grow at a CAGR of 10.5 percent from 2022 to 2030. All spurred by the demand for cloud-based call-recording software and the increased adoption of mobile devices in business. 

A rising number of data privacy laws and regulations across different geographies are compelling organizations to adopt call recording solutions for compliance.  

But, before a company records conversations, it must do its due diligence. Understand the law and know that it varies from one jurisdiction to another. 

In general, here are basic guidelines:  

Different Rules Apply to Individuals and Businesses

In some US states and Canada, individuals may record a call even if they haven’t informed the other party. By contrast, companies must always declare their intent before initiating a call recording. Yet, this varies from region to region.  

Conversely, in Australia (except Queensland), calls may not be recorded, though there are exceptions.  

Meanwhile, in the UK, businesses should consider The Data Protection Act 1998. While it does not reference call recordings explicitly, it does refer to “processed data,” inferring the need to protect call recordings as the business would for written and digital data.  

However, they must also follow GDPR regulations – like those that operate in the EU – which remain part of British law, despite Brexit.  

Thankfully, these regulations are clearer, highlighting that businesses must justify recording calls in one of six ways, according to Atiq Rehman, a Partner Success Manager at NICE. These are:  

  1. The people involved in the call have given consent to be recorded 
  2. Recording is necessary for the fulfillment of a contract 
  3. Recording is necessary to fulfill a legal requirement 
  4. Recording is necessary to protect the interests of one or more participants 
  5. Recording is in the public interest or necessary for the exercise of official authority 
  6. Recording is in the legitimate interests of the recorder unless those interests are overridden by the interests of the participants in the call 

Don’t Underestimate GDPR. It Has Teeth.

GDPR demonstrated precisely how important it is to obtain consent and allow customers to retain control over their data.  

In most countries, it is illegal for ordinary businesses (i.e., non-government organizations) to not ask for consent through a live agent or an automated bot.  

In the US, a repeated audible beep may also be considered a recording notification.   

How You Use Recordings Is Subject to Legal Oversight   

As a result of tightening data regulations, organizations must also carefully plan how they store, utilize, and share recordings.  

In Denmark, for instance, forwarding or playing back private conversations is illegal, with particular exceptions. 

In Finland, libel laws and trade/national secret laws sometimes govern the use of recordings, depending on their content. Non-disclosure agreements are also critical to consider.   

Be Mindful of One-Party and Two-Party Consent

The US is an excellent example of this law. In some states, the affirmation of consent from a single party is enough to make the call recording valid under the law.  

Others, like California, Maryland, and Florida, require both parties to consent to be recorded. However, there are deeper nuances, such as requiring two-party consent, even in a one-party state like Wisconsin, if the recording is part of someone’s evidence in court.   

When In Doubt, Consult a Legal Expert

Call recording laws are incredibly intricate, and it can be challenging for companies with contact centers in different locations to keep up.  

That’s why working with a legal and compliance expert is advisable, carefully documenting your specific compliance requirements and training agents.   

Learn more about how to keep your contact center compliant by reading our article: Data Protection, Privacy, and Compliance in the Cloud 



Artificial IntelligenceAutomationCall RecordingChatbotsSecurity and Compliance

Share This Post