Every Voice Has a Name and a Signed Consent Form
YPAI's consent framework goes beyond checkbox compliance. Individual, project-specific, informed consent from every contributor. Auditable from speaker to dataset.
Norwegian entity. European servers. Individual consent per project.
Why Consent Failure Risks Billions in Fines
Voice recordings are biometric data under GDPR Article 9. The consent requirements are not a recommendation. They are a legal obligation with consequences measured in billions.
GDPR Article 9: Biometric Data
Voice recordings used for identification purposes constitute special category biometric data. Processing requires explicit consent that is freely given, specific, informed, and unambiguous. A buried clause in platform terms does not meet this standard.
Consent must be project-specific: the speaker must know what their data will be used for, by whom, and for how long. Generic "we may use your data for AI training" language fails the specificity test.
As of 2026. Regulators are enforcing. Meta alone was fined EUR 1.2B for inadequate data transfer safeguards. Voice data failures carry the same penalty framework.
EU AI Act Provenance Requirements
High-risk AI systems must document training data provenance. Article 10 requires a description of data sources, collection methods, and processing decisions. Consent traceability is a prerequisite for provenance documentation.
Right to Erasure Is Operational, Not Theoretical
When a contributor exercises their right to erasure, you need to actually find and delete their recordings. This requires knowing which speaker contributed which files to which dataset. If your vendor cannot trace a voice back to a named individual with a signed consent form, erasure is impossible to execute.
The YPAI Consent Process
Individual consent per project, not a blanket platform agreement. Every contributor goes through the same documented flow before a single recording begins.
Identity Verification
Every contributor is identity-verified before onboarding. Government ID cross-referenced. No anonymous contributors, no pseudonymous accounts. We know who is behind every voice in every dataset.
Project-Specific Consent Form
Each project generates a unique consent form that describes the specific purpose, the data controller, the retention period, and the downstream use. Contributors consent to a defined scope, not an open-ended licence.
Informed Consent Briefing
Contributors receive a plain-language explanation of what data is collected, how it will be processed, who will receive it, and what their rights are. No legalese walls. No pre-ticked boxes. Consent must be an affirmative action.
Right to Withdraw at Any Time
Contributors can withdraw consent at any point. Withdrawal triggers removal of their recordings from active datasets. This is not a theoretical right buried in terms of service. It is an operational process with a documented SLA.
Erasure Within 30 Days
When a contributor exercises their right to erasure, all associated recordings are identified, removed from datasets, and confirmed deleted within 30 calendar days. Processing records are updated. Audit trail maintained.
Platform Consent vs YPAI Consent
Most crowd platforms rely on broad terms of service that grant an open licence to use contributor data. YPAI operates under a fundamentally different model.
Crowdsourced Platform
Blanket terms of service accepted once at sign-up
Open-ended licence: "all content you submit may be used for any purpose"
No per-project consent. Same agreement covers all tasks.
Anonymous or pseudonymous contributors. No identity verification.
Erasure requests cannot be traced to specific recordings
No audit trail linking consent to delivered datasets
YPAI Consent Model
Individual consent form signed per project, per contributor
Specific scope: data use, controller identity, retention period defined
New project = new consent. No carryover from previous work.
Every contributor identity-verified. Government ID cross-referenced.
Full erasure within 30 days. Every voice traceable to its source.
Consent records linked to datasets. Auditable provenance chain.
For Your Legal Team
Every enterprise engagement includes the compliance documentation your DPO and legal team need for vendor due diligence and regulatory review.
Data Processing Agreements
GDPR Article 28-compliant DPA templates, pre-configured for speech data processing with sub-processor disclosures and EU Standard Contractual Clauses.
Consent Form Templates
Project-specific consent forms with clear purpose limitation, retention period, and data subject rights notice. Available in contributor's native language.
Records of Processing
Article 30-compliant processing activity records documenting lawful basis, data categories, recipients, and international transfer mechanisms for each project.
Right-to-Erasure SLA
Contractual 30-day erasure guarantee. When a contributor withdraws consent, their recordings are identified across all datasets, removed, and deletion is confirmed with an audit log. The SLA is in your contract, not in a FAQ.
Provenance & Audit Chain
Every audio file in a delivered dataset maps back to a verified contributor, a signed consent form, a project scope document, and a timestamped collection record. This chain is available for regulatory inspection on request.
Ready for Consent-Grade Data?
Talk to our team about consent documentation, DPA templates, and how YPAI's framework maps to your regulatory requirements. We provide the documentation your legal team needs before the first recording begins.
Norwegian entity · EU jurisdiction · GDPR Article 9 compliant