I just deleted my account because of that, also they share conversations with everyone in the meeting by DEFAULT, it wasn't nice receiving a message from a co-worker telling me that he received an email with the transcription it generated.
Also deleted account. If anyone from Otter.ai is here - don't do this, reverse this change, email anyone affected since the change and apologise and also, i'd advise you to lawyer up.
For sure, it’s almost certainly a “growth hacking” attempt (they’re hoping the ppl they email signup to otter.ai), but a pretty terrible one. Every other similar growth hacking attempt I’ve seen will explicitly ask for consent before sending anything to non-users of the app.
Overall, sounds like a VERY unscrupulous company, that you shouldn’t trust with your personal data.
Even more terrible is using a recording service when you're in a meeting with me, not telling me, then complaining the real problem is the service told me
As understandable as the mistake is, I would be upset if I had arranged a private meeting with someone and they let a third party into the conversation (excluding force majeure such as sophisticated hacking, violence, etc).
Especially if it was some unaccountable third party recording agent! Who knows where that data is going?
Yeah, I just signed up to play with this and was surprised that a random "get started" sort of forced me into it to continue. After I noticed an incredibly faint "SKIP" text button in the corner. I disabled it afterwards.
There are also call-recording issues in all-party consent states [1]. The transcript not only shows recording, it could also be used as evidence that consent was never sought.
If the bot transcribes anything GDPR considers personal data and then emails it out you're already in breach. Simply someone telling their phone number to another participant over the call would result in a violation.
It wouldn't be in breach. otherwise, you sending an email with someone's email/phone number via gmail in it would cause Google to breach it. That would be on the software user. If you use somewhere that to breach GDPR, the software provider is not liable for how the user uses it.
If you tell the software to do something that is a breach, or used it when you could reasonably be expected to know it would behave in such a way, then yes you are responsible.
If, for custom software/configuration, you specify software to do something automatically that is a breach, then yes also.
If the software does it without your instruction, especially if you explicitly opted out, that is in beach, then the service responsible for the software may be liable instead.
How enforceable this is, is a different discussion…
If the software is transcribing and sending emails without the user's awareness, much less permission... then the responsibility must rest with the software. Software isn't responsible for my deliberate decisions, but it is responsible for anything it does without consulting me.
How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.
And he did have it configured to send out emails. So that part is true.
If they're lying or mistaken, let us discuss the lie or mistake, and even the possibility that there could have been a lie or mistake (based on something.) Just dismissing it based on a obvious counterfactual that you're declaring based on no evidence other than that you think users lie and developers don't make mistakes is a waste of time.
If you have some kind of insight into the specific configuration of otter.ai, or evidence that this specific person has made a mistake (and that all of the other people that have also seen this behavior are also mistaken) that would be constructive. As it is, you're not even carrying water for a company, you're offering water to a company that didn't ask for it by denigrating the people around you.
Thank you for defending me; my HN has anti-distraction timer so I wasn't able to respond to them.
Like I explained in the other comment, while mistaken configurations are frequently a user mistake, I was exceptionally careful in this instance because the same thing had just happened to my boss and I was wondering what the mistake she made was.
Also, I was hoping for a quality investigation and response from otter.ai but I think anyone can compare the credibility of my account to their response in this thread to figure out who they believe.
> And he did have it configured to send out emails. So that part is true.
This isn't true at all. This feature was and is disabled on my account.
> How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.
Normally I would agree with you - the same thing happened to my boss earlier in the day, the Otter bot joined a call before she did and she was baffled how it was there. I thought she must have accidentally enabled a new feature.
So when I looked at my otter.ai account after that I was exceptionally careful to not just click through the big blue "Enable Otter Assistant" button and find the light grey "Skip" button in the upper right. To no avail, as the Otter bot started to invade my meetings after that.
I only stopped it by disabling the Google Calendar integration they had had prior, which was only to suggest which meeting to link recordings to, and not the new "Otter Assistant" feature that automatically joins meetings.
If you made a draft email with those details, then GMail sent that draft without your authority then they too would be in breach, albeit unwittingly. That seems like a reasonable analogy to what happened in the OP, assuming it was a bug and not some 'growth hacking' plan as others have speculated.
