Not legal advice. This site is an editorial reference. Laws change — always confirm with a qualified attorney in the relevant jurisdiction before recording, and check each page’s last reviewed date.

International Call Recording Laws — Overview

Outside the United States, call recording is most often analyzed not as a wiretap question but as a data-protection question: a recording captures personal data, and processing personal data requires a lawful basis. The result is that recording rules in most of the world are stricter than the US federal floor and more procedurally demanding than even the strictest US state.

Two regulatory frames

Most jurisdictions outside the US use one of two regulatory frames, often overlapping:

  • Criminal wiretap statutes. Older statutes that criminalize the interception of telecommunications without consent or judicial authorization. These usually require all-party consent or are silent on participant recording (where participant recording may still be permitted by judicial gloss). Examples: the UK Investigatory Powers Act 2016 framework, Germany’s § 201 StGB, France’s Article 226-1 du Code pénal.
  • Data-protection statutes. GDPR in the EU, the UK GDPR plus the Data Protection Act 2018, Canada’s PIPEDA, Australia’s Privacy Act 1988, Brazil’s LGPD. These do not prohibit recording outright; they require a lawful basis (consent, contract, legitimate interest, etc.), transparency to the data subject, retention limits, and security.

For a typical business call, both frames apply: the criminal statute determines whether the recording is lawful at all, and the data-protection statute governs how the recording must be handled afterward.

The recurring requirements

Across the jurisdictions we cover, a few requirements appear again and again:

  • Notice at the start of the call. An audible preamble stating that the call is being recorded, who is recording, and the purpose. GDPR Articles 13–14 make this a transparency duty independent of consent.
  • A lawful basis. Under GDPR, that may be consent (Article 6(1)(a)), performance of a contract (6(1)(b)), or a legitimate interest balanced against the data subject’s rights (6(1)(f)). Consent is the most defensible basis for ordinary recording.
  • Retention limit. Recordings must not be kept longer than necessary for the stated purpose. Several regulators have indicated that retention beyond six months without a specific justification is suspect.
  • Security. Recordings must be protected from unauthorized access, including by employees who do not need access for their role.
  • Data-subject rights. The recorded party has rights of access, rectification, and (in many cases) erasure, subject to exceptions for the recorder’s own legal or evidentiary needs.

The participant-recording question

US-style participant recording — a private individual on a call records it without telling the other side — sits awkwardly in most jurisdictions outside the US. The criminal statute usually does not reach it because there is no third-party interception; the data-protection statute applies only where the recording is part of an organized processing activity. In practice, individual participants recording for purely personal purposes are often outside the regulator’s focus. But the moment the recording leaves the personal sphere — a journalist publishes it, an employer uses it in discipline — the regulator’s view changes. See each country page for specifics.

Jurisdictions covered

Conflict of laws

For calls that cross national borders, several frameworks may apply at once. GDPR famously applies extraterritorially under Article 3 to processing of EU residents’ data, regardless of where the controller is located. A US company recording calls with EU customers is subject to GDPR. See cross-border calls for the analysis.

Related