The Consent Problem
Under GDPR, processing personal data — including meeting transcripts — requires a lawful basis. For many meeting scenarios, that basis is consent. But how do you obtain consent in a meeting? Do you need it from every participant? What counts as valid consent? And what happens when someone says no?
These questions are not theoretical. Organisations across Europe and the UK are grappling with them as AI meeting tools become standard.
What GDPR Requires
GDPR Article 7 sets a high bar for consent:
- Freely given: Participants must not feel pressured to agree. "Everyone else consented, so you should too" is not valid.
- Specific: Consent must be for a defined purpose. "We will process your data" is too vague. "We will create a text transcript of this meeting for team reference" is specific.
- Informed: Participants must understand what they are consenting to before the meeting begins.
- Unambiguous: Silence or inaction is not consent. There must be a clear affirmative action.
How Beaver AI Handles Consent
Beaver AI includes built-in consent management designed to meet GDPR Article 7 requirements:
- Consent capture: Before a meeting begins, participants can be presented with a clear consent notice explaining what will be processed and how
- Consent methods: Support for both digital consent (clicking to agree) and verbal consent (recorded in the system by the facilitator)
- Audit trail: Every consent decision is logged with timestamp, IP address, and the consent text that was presented
- Withdrawal: Participants can withdraw consent, triggering appropriate data handling
Practical Approaches for Teams
Recurring internal meetings: Obtain consent once and record it. Review periodically and when team composition changes.
External meetings: Include a brief consent notice in the meeting invitation. At the start of the meeting, confirm verbally and note the consent.
Large meetings: For all-hands or town halls, announce the use of AI at the start and provide an opt-out mechanism.
When Consent Is Not the Right Basis
Consent is not the only lawful basis under GDPR. Legitimate interest may apply for internal team meetings where documentation is a standard business practice. Consult your legal or DPO team to determine the appropriate basis for your organisation's use case.
Get It Right
Beaver AI's consent management features help you meet GDPR requirements without adding friction to your meetings. Start a free trial and see how compliance can be built into your workflow.
