# A question for forensic phoneticians from privacy officers: when are speech recordings identifiable?

- Type: Literature
- Source: Universitätsbibliothek Trier
- Date: 2026-07-15
- Original: https://doi.org/10.25353/ubtr-5dad-aa65-6463
- Canonical: https://overview.legal/posts/132122
- Topics: Identification, Consent

## Summary

Classic forms of speech data collection involve explicit consent from speakers, which is the most well-known legal basis for processing personal data. More recently, however, researchers use data scraped from platforms like YouTube or data recorded from broadcast media, in response to an increasing appetite for more challenging real-world settings (Leschanowsky et al., 2025). The (re)usability of speech data is a pressing issue, since access to representative data is key for the development of s

## Full text

Classic forms of speech data collection involve explicit consent from speakers, which is the most well-known legal basis for processing personal data. More recently, however, researchers use data scraped from platforms like YouTube or data recorded from broadcast media, in response to an increasing appetite for more challenging real-world settings (Leschanowsky et al., 2025). The (re)usability of speech data is a pressing issue, since access to representative data is key for the development of speech technology. Furthermore, access to forensically realistic audio materials (ideally: casework data) is invaluable for validation and teaching (Brown, Ross Kirchhübel, 2021).Whether it is actually legal to collect and use certain speech data is a complex matter, and depends on the purpose as well as the jurisdiction. Aside from copyright and intellectual property issues, I will focus on the topic of personal data protection as laid down in the EU General Data Protection Regulation (GDPR, European Parliament and Council, 2016). A central question for the applicability of the GDPR is whether we are dealing with information that can be related to a natural person.It is clear that speech data is usually considered to be personal data. Speech data can also fall within the scope of sensitive data1, since it can reveal identity, ethnic origin, political opinions, religious or philosophical beliefs, health conditions and sexual orientation (Nautsch et al. 2019a,b). Yet, even if speech data is likely to qualify as sensitive data, this still leaves open the possibility of (a comprehensive list of) conditions under which speech data is not (or no longer) sensitive or even personal data. The IAFPA community would appear well suited to explain the difficulties of identifying an unknown speaker in an open identification task.A first question that we can shed some light on is: when can we say that it is practically impossible to trace a speech recording back to its speaker, i.e., that a recording is effectively anonymized? It’s relatively straightforward to understand what kind of content and metadata should be removed, but then the question remains if the speaker could still be identified through voice recognition. Privacy officers and those wanting to anonymize speech data struggle with this question, as they usually have no expertise in the area of voice recognition.A second question for us to consider is: when does speech data meet the GDPR’s definition of biometric data? A close look at the legal definition of biometric data is required before we can begin to answer this question. An outstanding matter here is whether speaker embeddings, often part of DNN-based speech technology applications, should always be regarded as biometric data.This talk will present an outline of the relevant legal definitions, before offering an initial answer to the questions posed above. Given that the European Data Protection Board (EDPB) has issued extensive guidance on the processing of photos and videos carrying face images, we will also examine the parallels between face and voice recognition.

---
Generated by overview.legal · https://overview.legal/posts/132122 · 2026-07-18
