On February 5, 2026, five Illinois residents filed a class action lawsuit against Microsoft in a federal court in Washington. The plaintiffs, including Alex Basich, Kristin Bondlow, and three others, claimed that Microsoft, through its video conferencing platform (Teams), was illegally collecting voice data in violation of the Illinois Biometric Information Privacy Act (BIPA).
The class action suit claims that the software giant illegally collected voice data through Teams' real-time transcription feature, which was shipped in 2021 and captures speakers' voices during online meetings and even assesses pitch, tone, and timbre to easily identify who made a certain comment or idea.
While this isn't necessarily illegal, Microsoft's failure to inform users about the collection of their voice data violates BIPA.
According to the plaintiffs, the company should have categorically informed users, elaborated on how the data would be used, and how long it would be stored. Perhaps more interestingly, they claimed that Microsoft would require a user's written consent to collect their voice data.
Microsoft never informed Teams meeting participants that their biometrics, such as voiceprints, were being collected during Microsoft Teams Meetings. Microsoft also failed to inform Teams meeting participants of the specific purpose for the collection or storage of their biometrics and failed to provide meeting participants with a schedule setting out the length of time which those biometrics would be collected, stored, used, and destroyed.
Microsoft class action lawsuit
The plaintiffs seek to represent a class of Microsoft Teams users in Illinois whose biometric data was unlawfully collected through the platform’s transcription feature beginning March 1, 2021.
The class action lawsuit requests either actual damages or statutory damages of $1,000 per negligent violation, whichever is greater. If the court determines that Microsoft willfully or recklessly violated the BIPA, damages could increase to $5,000 per violation.
Elsewhere, an Austrian privacy regulator has ruled that Microsoft illegally set tracking cookies on a school‑issued device used by a child, even though the issue stemmed from how the school deployed Microsoft 365 services rather than anything Microsoft directly controlled.
Should companies face higher penalties when they intentionally misuse biometric data? Let me know in the comments.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
