A federal judge has hung up, for now, on a class action accusing Fidelity of violating a California privacy law by recording and scanning the voices of people who call the investment brokerage firm.
Cecelia Lahr sued Fidelity on Sept. 11, 2022, alleging the company’s MyVoice system violated the California Invasion of Privacy Act because she never supplied express written consent to have the technology analyze her speech patterns to determine the veracity of her statements.
Fidelity’s website states MyVoice records calls and creates biometric voice prints, which are encrypted digital representations of “a combination of your physical and behavioral voice patterns. Like a fingerprint, it’s unique to you.” The intent is replacing passwords and personal identification number codes.
Lahr’s complaint alleged Fidelity deployed MyVoice “years prior to publishing its existence and seeking enrollment” and alleged the recordings began in at least 2017, if not earlier, citing a November 2017 CNBC report on emerging trading technology. She further alleged the Fidelity website didn’t reference MyVoice until May 2019 and the company didn’t put a disclaimer in its terms and conditions until January 2021. Furthermore, she said, if customers do give express consent, they do so over the phone, but CIPA requires written consent.
Curiel rejected Fidelity’s argument that Lahr couldn’t sue because her agreement with the company includes a Massachusetts choice-of-law provision. Although that provision is valid, he said, Lahr’s complaint is not a contract law dispute “and is not sufficiently related to the customer account agreement.”
Fidelity also argued Lahr provided the written consent CIPA requires when she opened her account electronically Nov. 25, 2020. But Lahr said the terms and conditions at that time only advertised MyVoice and offered evidence of other Fidelity procedures requiring affirmative enrollment. Curiel said those competing positions represent a dispute unsuitable for a motion to dismiss.
Whether Lahr “provided sufficient written consent in 2020, and whether Fidelity was recording voiceprints as early as 2017 absent any consent, is a factual matter that should be resolved following discovery,” Curiel wrote.
Curiel likewise declined to dismiss on grounds of statutory limitations, explaining that dispute also requires discovery for proper resolution. Although CIPA claims must be brought within a year, and Lahr filed her complaint almost 22 months after opening her Fidelity account, Curiel said at this stage Lahr adequately alleged her knowledge of the claimed violations didn’t occur more than a year before her lawsuit. He also said the question of whether the alleged conduct was based in California is premature.
However, Curiel ultimately sided with Fidelity on the interpretation of the law itself. The company argued CIPA doesn’t “regulate the use of biometric voiceprints for purposes of customer identification.” Curiel said Lahr’s complaint can only advance if she alleged Fidelity uses MyVoice for lie detection, as CIPA “is limited in scope to the use of voiceprints ‘to determine the truth or falsity of statements.’ ”
Curiel said the law itself “is crystal clear on this point” and noted legislative history supports Fidelity’s position, including references to late 1970s hearings on polygraphs and other machines. While Lahr said MyVoice is designed to prove the “truth or falsity” of a caller’s claim to be a certain account holder, Curiel sided with Fidelity.
“MyVoice does not require a caller to claim they are the account holder or to make any other claim or affirmative statement.,” Curiel wrote. “According to the MyVoice FAQs upon which the complaint heavily relies, the ‘natural conversation’ of the caller is examined and compared to the known voiceprint that is maintained by Fidelity. The MyVoice voiceprint essentially acts as a passcode. Rather than a customer inputting a four-digit PIN or signing into an account using facial or fingerprint recognition, a customer can simply call Fidelity and have their voiceprint analyzed and recognized. As described and alleged in the complaint, MyVoice is nothing more than a biometric passcode and is not a lie detector.”
Though Curiel dismissed the complaint, he gave leave for Lahr to amend her pleadings with regard to the lie detector deficiency. Her deadline is March 1.
Lahr is represented in the action by attorneys Joshua B. Swigart and Daniel G. Shay, both of San Diego.
Fidelity is represented by attorneys Randall W. Edwards, Jonathan P. Schneller and Rebecca A. Girolamo, of the firm of O'Melveny & Myers, of San Francisco & Los Angeles.