ElevenLabs collects voice recordings and AI-generated voice models submitted by users and states that this data may be used to train and improve its AI systems, with consent obtained where legally required.
This analysis describes what ElevenLabs's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision directly implicates biometric privacy statutes in multiple U.S. jurisdictions, including Illinois BIPA, which requires opt-in written consent before collecting biometric identifiers, and may engage GDPR Article 9 if voice data is processed to uniquely identify individuals. The scope of consent required, and whether existing consent mechanisms satisfy applicable statutory standards, warrants legal evaluation.
Interpretive note: The adequacy of ElevenLabs' consent mechanism for voice data AI training use under BIPA's written consent requirement and GDPR Article 9's explicit consent standard cannot be determined from policy text alone and requires review of implemented consent flows.
Added explicit consent requirement language and simplified the provision to focus on collection and training purposes without specifying particular use cases like text-to-speech or voice cloning.
View full change record →Under this clause, voice recordings and voice models submitted to the ElevenLabs platform may be used to train ElevenLabs AI systems. The agreement states that consent will be obtained where required by applicable law, but the specific consent mechanism and its adequacy under biometric privacy statutes may vary by jurisdiction.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
ElevenLabs has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect voice recordings and voice models that you create or upload to our platform. We may use this data to train and improve our AI models and services, subject to your consent where required by applicable law.— Excerpt from ElevenLabs's ElevenLabs Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages Illinois BIPA (requiring informed written consent before biometric data collection), Texas CUBI, Washington My Health My Data Act, and potentially GDPR Article 9 where voice data is processed to uniquely identify natural persons. The Illinois Attorney General and private plaintiffs have enforcement authority under BIPA. EU supervisory authorities enforce GDPR Article 9 obligations. The FTC may also assert jurisdiction over unfair or deceptive data practices related to voice data. (2) GOVERNANCE EXPOSURE: High. The collection of voice recordings for AI training purposes without clearly documented opt-in consent mechanisms creates exposure under BIPA and analogous statutes that provide for statutory damages per violation. Whether ElevenLabs' consent process satisfies BIPA's written consent requirement and GDPR's explicit consent standard for special category data requires direct verification against implemented consent flows. (3) JURISDICTION FLAGS: Illinois presents the highest litigation exposure due to BIPA's private right of action and statutory damages of $1,000 to $5,000 per violation. Texas and Washington biometric statutes provide for state enforcement. EU/EEA users are protected by GDPR Article 9's explicit consent requirement for biometric data. California's CPRA addresses sensitive personal information categories that may include voice data. (4) CONTRACT AND VENDOR IMPLICATIONS: B2B customers and API developers who collect end-user voice data through the ElevenLabs platform should assess whether their own end-user agreements and consent disclosures are sufficient to cover downstream AI training uses. Data Processing Agreements between ElevenLabs and business customers should address the allocation of responsibility for biometric consent compliance. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit the specific consent mechanism presented to users at the point of voice data submission to assess compliance with BIPA's written consent standard and GDPR's Article 7 specificity requirements. Data mapping should identify which voice data is retained beyond immediate service delivery and for what duration. Retention schedules for voice recordings and models should be reviewed against GDPR data minimization principles.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision directly implicates biometric privacy statutes in multiple U.S. jurisdictions, including Illinois BIPA, which requires opt-in written consent before collecting biometric identifiers, and may engage GDPR Article 9 if voice data is processed to uniquely identify individuals. The scope of consent required, and whether existing consent mechanisms satisfy applicable statutory standards, warrants legal evaluation.
Under this clause, voice recordings and voice models submitted to the ElevenLabs platform may be used to train ElevenLabs AI systems. The agreement states that consent will be obtained where required by applicable law, but the specific consent mechanism and its adequacy under biometric privacy statutes may vary by jurisdiction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ElevenLabs.