現場コンパス
Compliance

Meeting Recording Consent: A Country-by-Country Guide

Legal requirements for recording meetings across the US, EU, UK, Asia-Pacific, and beyond. Navigate consent laws to stay compliant.

MinuteKeep

Recording a business meeting in New York is perfectly legal—the recorder doesn't need to tell anyone. In California, do the same thing without explicit consent from every participant, and you've broken the law. This same story repeats across countries and continents.

Recording consent laws are fragmented, contradictory, and have real legal consequences. An international team member on a call with a California-based executive faces a two-party consent state. A European employee recording a meeting unknowingly triggers GDPR obligations. A Japanese team member assumes one-party consent applies globally and finds their recordings unenforceable elsewhere.

This guide cuts through the complexity. We map the legal landscape across regions, explain the core differences between consent models, and show you how to record meetings legally wherever your team operates.

Understanding Consent Models

Three consent frameworks govern recording laws worldwide:

One-Party Consent (or "single-party consent")
At least one participant—often the recorder—must know about and consent to the recording. The other parties don't need to know. This is the most permissive model.

Two-Party/All-Party Consent (often called "all-party consent")
Every single participant must know about and consent to the recording. With three people on the call, all three must agree. With ten people, all ten must consent.

Explicit Consent Model (primarily GDPR)
Participants must affirmatively opt in via a clear action (not silence, not pre-ticked boxes). Consent must be freely given, specific, informed, and documented.

The critical complication: if any participant is in a two-party consent jurisdiction, their law typically applies to the entire recording—even if you're in a one-party consent state.

Automate your meeting notes. MinuteKeep records your meeting and uses AI to transcribe, summarize, and extract action items. 9 languages, no subscription, 30 min free.

United States: State-by-State Overview

The US is the most fragmented legal landscape. 37 states plus D.C. permit one-party consent. Twelve states require all-party consent.

One-Party Consent States (37)

Alabama, Alaska, Arizona, Arkansas, Colorado, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, Wisconsin, Wyoming, and Washington D.C.

What this means: You can record calls without notifying other participants. You do not need their consent.

Practical implication: Many commercial call-recording tools and meeting platforms default to one-party consent behavior. MinuteKeep, for example, is an iOS app that requires you to manually initiate and control recording—there's no automatic or background recording, so consent issues are user-driven.

Two-Party Consent States (12)

California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Pennsylvania, and Washington.

What this means: Everyone on the call must know the recording is happening and must agree to it.

Connecticut and Oregon: The Mixed States

Connecticut requires all-party consent for electronic communications (calls, video meetings) but only one-party consent for in-person conversations. Oregon flips this: one-party consent for calls, all-party consent for in-person meetings.

Interstate Liability Risk

The most critical rule: If any participant is in a two-party consent state, their law typically applies. A person calling from California can invoke California's stricter law against someone recording from a one-party state. This creates liability exposure for out-of-state recorders.

Example: A team in Austin (Texas, one-party) records a meeting with a client in San Francisco (California, two-party). Texas law doesn't protect the recorder—California law does, and it requires consent from both parties.

European Union & UK: GDPR and Data Protection

The EU and UK operate under some of the world's strictest data protection regimes.

GDPR Framework (EU Member States)

Under GDPR, recording a meeting captures personal data (voices, names, content). This triggers Article 9 restrictions on processing special categories of data and requires a lawful basis for processing.

Consent under GDPR has strict requirements:

  • Freely given (no coercion or pressure)
  • Specific (participants understand exactly what they're consenting to)
  • Informed (clear explanation of purpose, storage, retention, and use)
  • Unambiguous (affirmative action required—silence, inactivity, pre-ticked boxes don't count)

Participants must be able to withdraw consent at any time, and organizations must maintain records proving consent was obtained.

Employment Context: GDPR prohibits using consent as the lawful basis for recording in employment relationships due to power imbalance. Employers must use "legitimate interest" or another lawful basis instead, and even then, must balance their interests against employees' privacy rights. This typically requires explicit notice and a compelling business reason.

UK GDPR

Post-Brexit, the UK operates under UK GDPR, which retains GDPR's core structure. Same rules apply: freely given, specific, informed, unambiguous consent. Participants must affirmatively opt in.

Important note: The UK Data (Use and Access) Act takes effect June 19, 2026, and may change guidance on consent and data usage. Organizations should monitor updates to UK GDPR interpretation.

Country-Specific Variations

Germany: Two-party/all-party consent under Section 201 of the German Criminal Code. Recording without everyone's consent is a criminal offense carrying up to 3 years in prison. Simply announcing "this call may be recorded" is insufficient without giving participants an opportunity to object or disconnect.

France: All-party consent under Article 226-1 of the Penal Code. Everyone involved in the conversation must consent.

Spain, Italy, Portugal, Netherlands: Generally follow GDPR consent requirements with additional national data protection laws. All require explicit consent.

Important: If you call between jurisdictions (UK to France, Germany to Spain), both countries' laws may apply. The stricter requirement typically governs.

United Kingdom (Standalone)

Outside GDPR, the UK has additional requirements under the Regulation of Investigatory Powers Act 2000 (RIPA). Recording a private communication without consent can violate RIPA.

For business calls, UK GDPR applies (see above). For personal calls, consent is required unless the recorder is a party to the conversation and consents.

Canada: Two-Party Consent

Canada mandates two-party/all-party consent under Section 183.1 of the Criminal Code. At least one party must consent—typically interpreted as requiring all-party consent for safety. Most Canadian legal guidance recommends obtaining all-party consent.

Recording in Canada without consent can result in criminal liability and civil damages.

Australia: Territory-Specific Rules

Australia's recording laws vary by state and territory—a complexity similar to the US.

New South Wales: The Surveillance Devices Act 2007 requires all participants' consent. Recording without consent is illegal.

Queensland: Allows one-party consent (the recorder can record without notifying others).

Other territories: Generally follow all-party consent with some exceptions.

Practical implication: If any participant is in New South Wales, assume all-party consent is required.

Japan: One-Party Consent with Data Protection

Japan allows one-party consent under the effective interpretation of the Protection of Communications Secrets Act. A participant can record the conversation.

However, the Act on the Protection of Personal Information (APPI) imposes strict requirements on handling, storing, and processing recorded data. Organizations must:

  • Obtain consent before collecting personal data via recording
  • Clearly disclose the purpose of recording
  • Implement appropriate security measures
  • Comply with retention period limits

South Korea: Nuanced One-Party Consent

South Korea permits one-party consent under the Protection of Communications Secrets Act. A call participant can record without telling others.

Critical exception: Third-party recording (someone recording a call they're not part of) requires consent from all parties and is illegal.

Japan and South Korea are more permissive on recording than Western jurisdictions but impose strict requirements on data handling and privacy protection.

Best Practices for International Teams

1. Default to All-Party Consent

If your team spans multiple jurisdictions, the safest approach is always obtain all-party consent. This complies with the strictest requirements and eliminates most legal risk.

2. Disclose Recording Before Meetings Start

For any meeting where recording might occur:

  • Announce that recording will take place
  • Explain the purpose (transcription, summarization, compliance)
  • Identify how long recordings will be retained
  • Specify who will have access to recordings
  • State whether participants can opt out

Make this part of your standard meeting protocol. Include recording disclosure in calendar invites or at the start of every call.

3. Document Consent

Maintain records showing who consented and when. This is mandatory under GDPR and critical for defending against legal challenges. Document consent through:

  • Written acknowledgment in email or chat
  • Verbal confirmation at the start of recorded calls
  • Meeting attendance (implied consent in some contexts)
  • Formal opt-in forms for recurring meetings

4. Establish a Clear Data Retention Policy

Decide how long recordings will be kept, then enforce that consistently:

  • Delete or archive recordings after transcription
  • Retention periods should align with legal requirements (not indefinitely)
  • GDPR requires demonstrating a "necessity" for retention
  • For US contexts, retention should match your internal litigation hold policy

5. Segregate Participant Access

If you're recording and transcribing meeting content:

  • Only provide transcripts to attendees or authorized parties
  • Don't share raw recordings beyond what's necessary
  • Under GDPR, limit access to those with a legitimate business need
  • Document who can access what

6. Handle Opt-Out Requests Respectfully

Even in one-party consent jurisdictions, if a participant objects to being recorded, respect that objection:

  • Pause recording if requested
  • Reschedule without recording if necessary
  • Document the request and your response

This isn't always legally required, but it builds trust and demonstrates good faith.

Sample Meeting Recording Consent Template

Use this template as a starting point. Customize it for your organization and have legal counsel review for your jurisdiction:

Meeting Recording Consent Notice

Dear [Participant Names/Team],

This meeting will be recorded for the following purposes:

  • [Accurate transcription of discussion]
  • [Summarization for absent team members]
  • [Compliance record-keeping]
  • [Quality assurance]

Recordings will be:

  • Stored securely in [location/system]
  • Retained for [X days/months]
  • Accessible only to [list roles/people]
  • Deleted on [specific date]

Your data rights:

  • You have the right to opt out. If you prefer not to be recorded, please let me know before the meeting starts.
  • You may request access to your recording or transcript under applicable privacy laws.
  • You may request deletion in accordance with our retention policy.
  • If you have privacy concerns, please contact [legal/privacy contact].

By attending this meeting, you consent to recording under the terms above. If you do not consent, please contact [organizer] to discuss alternatives.

Thank you, [Meeting Organizer]

FAQ: Common Questions About Meeting Recording Consent

Q: Can I record a meeting without asking participants?

A: Only in one-party consent jurisdictions (37 US states, Japan, South Korea, parts of Australia). If any participant is in a two-party/all-party consent jurisdiction, you must obtain their consent first. When in doubt, ask.

Q: What happens if I record illegally?

A: Consequences range from civil lawsuits (damages, attorney fees) to criminal liability (fines, imprisonment in some countries like Germany). Illinois, for example, has imposed sanctions on people recording calls without consent. It's not worth the risk.

Q: Does GDPR apply to my meeting recordings?

A: If any participant is in the EU or UK, or if they're an EU/UK resident, GDPR likely applies. GDPR treats voice recordings as personal data, so you'll need a lawful basis (usually consent) and must comply with data subject rights (access, deletion, portability).

Q: Is "I'm recording this call" enough disclosure?

A: Not always. GDPR requires "freely given, specific, informed, and unambiguous" consent. Simply stating you're recording is disclosure but may not constitute valid consent. You should explain the purpose, how long it will be kept, and who can access it. Ask for affirmative acknowledgment.

Q: Can I use AI transcription tools on recorded meetings?

A: Not without addressing consent again. If you recorded with consent to create a transcript, that's typically covered. But if you're using an external AI service (OpenAI, Google, etc.), ensure your privacy terms and consent disclosure cover third-party processing. GDPR requires identifying processors. Some jurisdictions may require separate consent for AI processing.

Q: What about recordings made before GDPR awareness?

A: If you have recordings that weren't properly consented to under GDPR, delete them. Keep documentation of deletion. Don't compound the problem by continuing to store or use them.

Q: Can an employee refuse to be recorded in a meeting their employer calls?

A: Under GDPR, yes—even if the employer is paying the employee's salary. Consent cannot be used as a lawful basis in employment because of power imbalance. Employers need a different lawful basis (legitimate interest) and must balance that against employee privacy. This is a gray area in EU employment law, and practices vary by company.

Q: What if someone is on a call without realizing they're being recorded?

A: If you're in a two-party/all-party consent jurisdiction, that's illegal. If you're in a one-party consent state, it's legal but ethically problematic. Disclosing that recording is happening before it starts is the standard practice everywhere.

Key Takeaways

  1. Consent laws vary dramatically by jurisdiction. One-party consent in the US (37 states), all-party consent elsewhere (California, EU, Canada, Germany, France, most of the world). When in doubt, get all-party consent.

  2. Jurisdiction applies where participants are located. If any participant is in a two-party consent state or country, their law typically governs. Make recordings compliant with the strictest jurisdiction on the call.

  3. GDPR imposes the strictest consent standard. Freely given, specific, informed, unambiguous consent. This is the global gold standard. If you're recording meetings with EU participants, GDPR applies.

  4. Document consent and maintain records. Especially under GDPR, but also for defensive purposes in US contexts. Proof that consent was obtained is critical in disputes.

  5. Disclose before you record. Make recording part of your standard meeting protocol. Announce it, explain the purpose, and ask for confirmation. This approach complies with nearly all jurisdictions and builds trust.

  6. Delete recordings after their purpose is served. GDPR requires demonstrating necessity for retention. Don't keep recordings indefinitely. Match retention to your business purpose and legal requirements.

  7. AI transcription and processing require separate consideration. Recording consent doesn't automatically cover AI processing. Ensure your consent disclosures and processor agreements cover how recordings will be analyzed and stored.

  8. Get legal counsel for employment recording. Recording employees has special rules in most jurisdictions, especially under GDPR. Consult employment counsel before implementing employee meeting recording policies.

Legal Disclaimer: This article is informational and does not constitute legal advice. Recording consent laws are complex and vary significantly by jurisdiction. Consult with legal counsel in your specific jurisdiction before recording meetings. MinuteKeep is an iOS app designed for personal transcription and note-taking; users are responsible for obtaining all necessary consent before recording any meeting or conversation.

Further Resources

About MinuteKeep

MinuteKeep is an iOS meeting transcription app that puts recording and consent control in your hands. With support for 9 languages and accurate AI transcription, MinuteKeep helps teams capture meeting notes without the compliance headaches of automatic recording. Download from the App Store.

No subscriptions. No bots. No automatic recording. Just on-demand transcription, whenever you need it.

Related Reading

Try MinuteKeep Free

30 minutes of free recording. No subscription required.

Download on the App Store

Related Articles

MinuteKeepの辞書機能で固有名詞の誤変換をゼロにする方法

Whisperが変換した『誤り→正解』パターンを実例で解説。社内の人名・社名・専門用語の誤変換を辞書登録で確実に修正。業界別登録例とメンテナンスのコツを紹介。

過去の会議をAIチャットで検索する使い方ガイド|「あの決定は何だっけ?」を3秒で解決

MinuteKeepのAIチャット機能で、保存された全ミーティングノートから即座に情報を引き出す方法を解説。RAG技術を活用した類似度検索・自然言語質問に対応。実践的な質問例10個、精度を上げるコツ、よくある質問まで。

The Async Meeting Playbook: Document Everything, Meet Less

Replace unnecessary meetings with documented async updates. When you DO meet, AI captures everything for those who couldn't attend. The playbook for async-first teams.

← Back to MinuteKeep Blog