AI Call-Monitoring Under Fire: What Galanter v. Cresta Intelligence Means for Florida Employers

A recently filed class action, Galanter v. Cresta Intelligence Inc., No. 3:25-cv-05007 (N.D. Cal. June 13 2025), alleges that Cresta’s “conversation-intelligence” software intercepted, transcribed, and analyzed a customer’s call with United Airlines without the all-party consent required by the California Invasion of Privacy Act (CIPA). The complaint seeks statutory damages of up to $5,000 per call and proposes a nationwide class of California callers whose conversations passed through the platform.

Cresta’s system does more than record audio; it converts live speech to text, applies sentiment analysis, and uses the data to train future AI models. The plaintiff argues that these downstream uses exceed the “quality-assurance” disclosures commonly heard on customer-service lines. Because the suit names both the vendor and the airline, it signals that anyone in the data-processing chain can face direct liability.

Florida’s legal landscape

Florida, like California, is an all-party-consent state. The Florida Security of Communications Act (FSCA) makes it unlawful to intercept or use any wire, oral, or electronic communication unless every participant consents. Fla. Stat. § 934.03(1)(d). The statute provides a private right of action that allows statutory and punitive damages as well as attorney’s fees.

For Florida employers, these developments pose three intertwined risks. First, vendor practices can flow downstream: if an AI provider captures calls without proper consent, the business using that tool can be sued for “aiding” the interception. Second, legacy call-recording scripts rarely cover real-time transcription, sentiment analysis, or model training, leaving disclosures incomplete. Third, plaintiffs will scrutinize whether call data is reused for unrelated purposes—such as developing new AI products—because courts have treated that secondary use as a separate violation of consent statutes.

Action plan for Florida employers

1. Map every call-processing workflow and identify where third-party AI tools capture, store, or repurpose audio.

2. Revise caller disclosures to state, plainly and at the outset, that AI services may transcribe, analyze, or learn from conversations.

3. Update service agreements to prohibit vendors from using call data for product development without express written approval, including deletion timelines and indemnity provisions.

4. Standardize consent scripts so agents obtain verbal confirmation where required; add IVR prompts that reference AI analytics for callers who hold for an agent.

5. Monitor FSCA and CIPA litigation; decisions in either jurisdiction can reshape compliance expectations nationwide.

6. Train frontline staff to route callers to non-recorded channels (for example, email or secure web forms) when a caller refuses consent.

Looking ahead

Galanter demonstrates that privacy statutes written long before the advent of AI are being stretched to encompass sophisticated speech analytics tools. Florida businesses that rely on conversational AI should assume that the theories now tested under CIPA will migrate to FSCA claims. A proactive review of consent language, vendor contracts, and data-retention practices remains the best defense against becoming the next target.