Is it legal to record calls & meetings? An explainer on call recording laws

Think about this for a second—when was the last time you left a meeting and said to yourself, “I’m not sure if I’ve captured everything perfectly. I wish I could go back and listen to the conversation again?” 

Happens often, right? Even when you think of recording a meeting, this question perhaps looms over your mind—Can I record meetings? Is it even legal? 

The short answer is: Yes, it is indeed legal to record virtual meetings and calls. 

The long answer is—there are nuances to it, depending on factors such as geographic location, reasons to record the meeting, security aspects, and more.

Through this blog post, we look at the call recording laws across different states & countries. We’ll discuss which ones among them are one party or two party consent states—and the specific compliance and legal requirements to keep in mind while recording virtual calls or meetings.

Disclaimer: We’re not legal experts. This post is an effort to consolidate and simplify the various recording laws across the world for easy understanding.

Firstly, when to record, and when not to record?

Recording meetings is one of the most helpful ways of making sure you make the most out of your conversation. Here are a few reasons why you should be recording your next meeting:

1. To ensure no critical information is lost in thin air
2. You have a reliable source of information to go back to
3. Keep people in the loop in case they missed the meeting
4. Review your meetings and improve yourself
5. Keep track of discussions related to a particular topic or project and more.

When not to record a meeting

While it is perfectly legal to record meetings or calls, certain situations have legal sensitivity when it’s best not to record. And if you have to record those meetings, you need to limit access to those recordings to the concerned parties. For example:

• Legal reasons: The laws for recording meetings are not universal. Certain states within the same country might require you to obtain consent from both parties, whereas, in other states, it could be legal to record with the consent of one party alone.
• Privacy sensitive conversations: In case of private conversations such as performance reviews and other 1:1 feedback meetings, you can record the conversation with their consent and restrict the access to the meeting participants alone.

How long can you retain the recordings?

Like assets organizations maintain their storage systems, audio and video recordings also require secure storage. However, the complexities and requirements regarding recording storage policies differ across industries. 

For instance, the meeting recording of a conversation between a patient and a healthcare professional is categorized as a healthcare record. Since these conversations typically contain patient health information and personally identifiable data, HIPAA rules apply to those recordings, and the data requires encryption at rest. So, if you need to share the recordings, they require password protection and should be shared only with other authorized users. 

Depending on organizations and on a case-to-case basis, you may at times need to keep the recordings for 6-10 years. And before you record any conversation, you need consent from one or more parties.

Different types of consent for recording meetings & calls

Recording virtual meetings typically refers to recording conversations on web conferencing apps such as Zoom, GoogleMeet, Webex, etc. In comparison, recording calls means recording conversations on the phone and using dialers such as Aircall, RingCentral, Kixie, etc.

From a legal standpoint, the most important factor to understand before recording a meeting or call is consent. So, for starters, if you want to record a conversation, let the participants know in advance that you plan to record the meeting and obtain their consent.   

There are four types of consent:

One-party consent:

One-party consent or single-party consent means that you can record a call or meeting as long as you have consent from one of the parties in the meeting. You don’t need explicit consent from the other party. Most of the countries in the United States allow one one-party consent.

Two-party consent:

Two-party consent means all parties have to be informed the call is being recorded, and the party recording the conversation must obtain prior consent from the other party. The consent may be given actively or passively. Countries that follow the two-party consent rule include the United Kingdom, Canada, India, Germany, Australia, and Romania.

Active consent: 

Active consent typically involves sending out a visual or audio cue to the meeting participants suggesting that the conversation would be recorded. The participants (other parties) need to actively give you their consent by either clicking an approval button or verbally giving their consent to record.

Passive consent:

Passive consent refers to the scenario where the meeting participant receives the audio or visual cue. For example: the announcement that says, “This meeting is being recorded” while in the meeting, and the participants don’t object to the recording. If the participants are willing to continue the meeting knowing it’s being recorded, they’ve passively given you their consent.

Now that we understand how ‘seeking consent to record meetings’ works, let’s look at the recording laws across countries.

Recording laws in the United States (US)

In the US, the Electronic Communications Privacy Act (ECPA) guides the recording of calls. It includes video conference meetings and calls because the ECPA primarily governs acquiring aural transfer (any transfer containing the human voice from the point of origin to reception) through electronic communication channels.

The ECPA states that it is illegal to record a call without the consent of at least one party. As discussed above, the consent sought need not always be ‘active consent.’ But that said, different states have developed variations of the recording laws, which are either similar or more stringent in nature.

Let’s take North Carolina as an example—it is a one-party consent state. That means a meeting participant can actively or passively imply consent to a meeting recording as long as they’re notified that the meeting or call is recorded.

On the contrary, states such as California and Florida are two-party consent states, meaning both parties must consent before recording the meeting. It means you need to share the intent to record the meeting in advance. The notification can be in the form of emails, audio disclaimer announcements, clickable CTAs, etc. Also, in this case, the meeting attendees can actively or passively give their consent.

Here’s a snapshot of the states in the US based on the governing recording law:

One-party consent states:

Here is a list of 37 states (+DC) considered one-party consent states. In addition, Connecticut can also, at times, be regarded as a one-party consent state ​​because there are different laws for in-person conversations and phone/online conversations.

• Alabama
• Alaska
• Arizona
• Arkansas
• Colorado
• District of Columbia
• Georgia
• Hawaii
• Idaho
• Indiana
• Iowa
• Kansas
• Kentucky
• Louisiana
• Maine
• Minnesota
• Mississippi
• Missouri
• Nebraska
• Nevada
• New Jersey
• New Mexico
• New York
• North Carolina
• North Dakota
• Ohio
• Oklahoma
• Rhode Island
• South Carolina
• South Dakota
• Tennessee
• Texas
• Utah
• Vermont (there’s no recording law per se, hence the Federal law applies)
• Virginia
• West Virginia
• Wisconsin
• Wyoming

Two party consent states (all-party consent):

A two party consent state is where both or all parties should consent to the recording of a conversation. This is in contrast to a one-party consent state, where only one party needs to consent to the recording. Following states require you to obtain consent from two or all parties to record a conversation:

• California
• Delaware
• Florida
• Illinois  
• Maryland 
• Massachusetts 
• Michigan 
• Montana (requires notification only)
• New Hampshire 
• Oregon (One party consent for electronic conversations; two-party consent for in-person conversations)
• Pennsylvania 
• Washington
• Connecticut (Two party consent for electronic conversations; one-party consent for in-person conversations)

Mixed Consent States 

There are several states that either have ambiguous recording laws or none at all. Vermont, for example, does not have a call recording law, while Hawaii and Nevada are one-party consent states but still require two-party consent to record conversations.

Connecticut requires all-party consent for electronic recordings and one-party consent for in-person conversations. Oregon, on the other hand, follows one-party consent for electronic recordings and two-party consent for in-person conversations.

Illinois requires consent from all parties to record, transmit, or listen to non-electronic private conversations. Michigan and South Dakota require one-party consent until the recording party is a participant in the conversation. 

Regions may also have separate laws when it comes to recording phone calls, video meetings, or in-person conversations, so ensure that you’re well-versed with specific regulations in your state/area/location before recording conversations. 

Recording laws in the European Union (EU)

The recording laws don’t change drastically in the EU, but we can certainly say that the EU has some of the most stringent recording laws. As long as your organization operates in the EU member states or has customers in the EU, you’re required to follow the rules outlined in the European Union’s General Data Protection Regulation (GDPR). 

GDPR states you need to justify the need to record a call or meeting and obtain unambiguous consent from all parties before recording the conversation. The law works very similarly to the two-party consent states in the US.

Some acceptable reasons to record meetings as per GDPR:

• The recording is necessary for the fulfillment of a contract in which the party is involved.
• The recording is done for the fulfillment of legal obligations.
• The recording is necessary to protect the interests of one or more parties.
• The recording is in the public’s interest or done in official authority.
• The recording is in the legitimate interest of the recorder as long as such interests are not overridden by the interests of other parties to the call or conversation.

Data retention, storage and protection requirements:

The law clearly states that all recordingData retention, storage, and protection requirements:

The law clearly states that all recordings can only be stored for as long as it is necessary to fulfill the purposes for which the data were collected or processed. However in cases of public interest, scientific or statistical, or research purposes, the data can be stored for more extended periods.

While you retain the recordings, you need to:

• Pseudonymize (ensure the personal data cannot be linked to a specific individual) and encrypt all personally identifiable data. 
• Ensure the confidentiality, integrity, availability, and resilience of processing systems and services, thus protecting from unauthorized access.
• Guarantee the availability and access to personal data on time in case of a physical or technical incident.
• Have an established process for regularly testing, assessing, and evaluating the effectiveness of security measures.

Right to access recordings

The participants of the calls and meetings have the right to access the recording and also request more information on:

• The purpose of the information gathered and processed
• Categories of personal data concerning them
• The parties that’ll have access to the recording
• How long the data would be stored (if possible)
• The existence of automated decision-making, including profiling and meaningful information about the logic involved, significance, and possible consequences of such processing for the data subject.

Right to request erasure

GDPR also allows the data subjects to request the erasure of the data concerning them, and it needs to be erased without any delay. The data subjects can request deletion of data if:

• The data is not collected from them.
• The data is no longer needed for the purposes they were collected or processed.
• They withdraw consent for the processing.
• The recording has been illegally processed.
• The personal data involves children.

Recording laws in the United Kingdom

Post-Brexit, most of the EU regulations that applied to the UK were no longer applicable. The UK introduced its own data legislation law called UK-GDPR, however, the call recording laws remained largely unchanged from before.

Though, for anyone to record calls in the UK, they also have to comply with the Data Protection Act 2018 and the Human Rights Act 1998—other than the UK-GDPR. These laws safeguard your personal data, establish recording guidelines for businesses and the government, and ensure your data is stored securely. 

Recording laws in Canada

Canadian recording laws are straightforward. They have a ‘two-party/ all-party consent’ mandate. So, when you record a conversation involving a Canadian meeting participant, you need to:

• Obtain consent for recording in advance (actively or passively)
• Share the purpose of recording in advance
• Seek consent from every meeting participant

Recording laws in Australia

Across Australia, it’s perfectly legal to record meetings and calls as long as you have two-party consent by informing them in advance. In case of outbound cold calls, you need to let them know at the beginning of the conversation that you will be recording, and the participants have the right to request to be transferred to a non-recording line.

Certain territories, such as Queensland, allow one-party consent for recordings. However, if you’re situated in New South Wales, remember that the Surveillance Devices Act 2007 applies to you, and it’s illegal to use a recording device without all participants' consent.

Recording laws in South Africa (RICA Act)

In South Africa, call recordings are regulated by the Regulation of Interception of Communications and Provision of Communication-Related Information Act of 2002 (known as RICA). Unless you’re a party to the conversation, have written consent from one of the parties, or are conducting a discussion pertaining to the business (where specific exceptions apply), recording a call in South Africa would be considered unlawful.

However, being party to the conversation broadly means either you’re a part of the conversation (virtually or in person) or invited to the meeting/call, which means you can go ahead and record calls or meetings without any hassle.

Compliance aspects to look for when evaluating call recording software

As you get to evaluating call recording software for recording and analyzing calls and meetings across dialers and web conferencing tools, you’ll notice that pretty much everyone adheres to compliance. But then, most platforms are compliance capable and not necessarily compliance optimal.

Compliance capable solutions

Compliance capable solutions refer to a product’s capability to comply with the regulations, but they might not necessarily incentivize the users to keep those compliance levers switched on.

Not every user will remember and switch on or off a compliance safety measure. And this is where compliance-capable solutions miss the mark by not balancing the capabilities with user experience.

Here’s an example: As discussed earlier, one of the mandates for obtaining consent is to make a mandatory announcement saying, “This meeting is being recorded” when someone joins the meeting. A compliance-capable solution announces every time someone joins the meeting to the entire room, instead of announcing only the new attendees. From a user experience standpoint, you don’t want to interrupt the conversation flow of people in the middle of a meeting.

Compliance optimized solution

Compliance-optimized solutions balance compliance requirements and user experience quite well. They deliver the goal of being fully compliant without making the user perform a lot of manual steps.

For example:

1. The mandatory announcements are made only to individual attendees and not to the whole group in the meeting or call
2. Instead of sending a separate email notifying the intent to record the call (which can get missed), compliance optimized solutions ensure visibility by placing the cue within the calendar right where they accept the meeting.

5 questions to ask your vendor before buying their call recording software

Below is a list of questions that you should consider asking call recording providers when you’re evaluating their compliance:

1. What are your call recording best practices in One-Party Consent / Two-Party Consent states?
2. Is obtaining consent from your attendees across geographies an automated feature your platform offers?
3. How do you ensure compliance if the meeting participant hasn’t opened the notification email before the meeting?
4. How do you announce the recording disclaimer?
5. How do you handle consent for cold calls?

Here is the updated section with all headers in sentence case, incorporating the specific granular controls and the two-step setup from your app.

How does Avoma comply with call recording laws?

At Avoma, we take compliance seriously. While it’s your responsibility to comply with regulations, Avoma provides an automated, organization-wide consent policy framework. This allows admins to choose from four enforcement levels to match their specific legal and cultural requirements.

1. Select your recording consent mode

You can now control how strictly recording consent is enforced across every meeting in your organization

• Disabled: No automated notifications are sent.
• Notified only: Participants are informed via pre-meeting or in-meeting notifications, and recording continues by default. This is ideal for teams where notification is a courtesy.
• Acknowledgment required: Participants see a consent notice before joining. By entering the meeting, they acknowledge they will be recorded. (Available on Enterprise plans).

• Permission required: This provides the highest level of compliance. Participants must explicitly accept or decline recording. If consent is denied, Avoma automatically ensures the meeting is not recorded. (Available on Enterprise plans).

2. Choose your notification touchpoints

Once a policy is set, you can automate exactly where participants see recording notices to ensure total transparency:

Pre-meeting transparency:

• Calendar invite disclaimer: Avoma automatically adds a custom disclaimer (e.g., "This meeting will be recorded for note-taking purposes") directly into your meeting descriptions.

‍

• Reminder email disclaimer: A consent notice is embedded in Avoma’s reminder emails, which can be timed differently for internal vs. external participants.

In-meeting awareness:

• Voice announcement: For bot-recorded meetings, the Avoma Bot verbally announces that the meeting is being recorded. You can even customize the bot's voice preference (Male or Female). This is a critical feature for platforms like Google Meet or Microsoft Teams that do not provide native voice announcements.
• Chat notification: The Avoma Bot can automatically post a written recording notice in the conferencing app’s chat (Zoom, Google Meet, or Microsoft Teams) the moment it joins.

3. Native indicators and bot clarity

• Native alerts: When recording via Zoom, Google Meet, or Teams, Avoma respects native indicators, such as blinking red icons and platform-specific banners.
• Bot identification: We recommend naming your bot clearly (e.g., “Avoma Recorder”) so there is no ambiguity about why the bot has joined the call.

4. Secure access and best practices

• Granular permissions: Recordings are accessible to both parties if they are Avoma users. For external sharing, you maintain strict control over what non-users are permitted to see.

‍

• Standardized disclosure: Regardless of "single-party" or "two-party" consent laws, we recommend a proactive approach. For outbound dialer calls, we suggest a standard opening: “This is a recorded line.” If the party stays on the call, they have provided passive consent. Standardizing this process across your board is the safest approach for enterprise compliance.

Summing up… 

We hope this blog post gives you a good perspective on the legal aspects of recording meetings and calls worldwide. With Avoma, we make it easy for you to ensure compliance with the call recording laws by automating the process—and are committed to keeping up with the changes and updates.

We also ensure that this post is continuously updated as the changes occur.