Evaluating Litigation Risk: Basich v. Microsoft

Risk assessment is one of the most challenging aspects of litigation forecasting. A precise evaluation requires structured, data driven analysis along with empirical modeling. Systematic evaluation of historical outcomes alongside specific case variables allows analysts to generate a probability weighted Model Settlement Value grounded in observable data and trends.

This analysis examines Basich et al. v. Microsoft Corporation, a newly filed putative class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA) arising from Microsoft Teams’ live transcription feature. Beyond summarizing the allegations, this piece demonstrates how Darrow evaluates case value and predicts likely outcomes at the outset of litigation.

Background: The Illinois Biometric Information Privacy Act

The Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq., regulates how private entities collect, use, store, and disseminate biometric identifiers – including fingerprints, facial-geometry scans, and voiceprints – requiring, among other things, informed written consent and the publication of compliant data-retention and destruction policies.

Enacted in 2008, BIPA lay relatively dormant for its first decade, generating fewer than 100 filings per year. That changed decisively with the Illinois Supreme Court's landmark decision in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, which held that a plaintiff need not allege actual injury or adverse effect beyond the statutory violation itself to maintain a claim under the Act. The decision triggered a wave of litigation, with annual filings climbing to approximately 400 per year between 2019 and 2024. However, filing volume declined to fewer than 200 cases in 2025, suggesting that plaintiffs have already pursued many of the most readily actionable claims. It is reasonable to expect this downward trend to continue, with filing volumes gradually reverting toward pre-Rosenbach levels.

Against this backdrop, 2026 has opened with a notable filing: a putative class action in the Western District of Washington alleging that Microsoft Corporation violated BIPA through the Live Transcription feature embedded in its Microsoft Teams collaboration platform. 

Summary of Allegations

Plaintiffs allege that Microsoft’s Live Transcription feature on Microsoft Teams violates BIPAby collecting, storing, and using the voiceprints of meeting participants without their informed written consent.

The complaint focuses on a specific background process known as “diarization,” which Microsoft uses to generate real-time meeting transcripts. According to the plaintiffs, to distinguish who is speaking at any given time (e.g., distinguishing "Speaker A" from "Speaker B"), Microsoft’s Azure servers automatically extract unique vocal characteristics such as pitch, tone, and timbre from each participant's audio feed. Plaintiffs contend that this process constitutes the collection of a “voiceprint,” which is defined as a type of “biometric identifier” under BIPA.

The proposed class is defined as:

All persons whose biometric identifiers or biometric information was captured by Microsoft during the transcription of Microsoft Teams meetings in which they participated while residing in (and/or present in) Illinois from March 1, 2021 to the present, other than those persons who voluntarily enrolled a Microsoft Intelliframe voice profile with Microsoft and were using their enrolled voice profile at the time of the transcription.

Based on this class definition, Darrow has estimated the putative class size using publicly available data. Beginning with the global Microsoft Teams user base as disclosed in Microsoft's annual reports, the analysis narrows to users located in Illinois and further refines the population to those reasonably likely to have participated in a Teams meeting where the meeting organizer enabled Live Transcription.  It’s worth noting that this feature is not enabled by default; it must be activated for each meeting. This substantially constrains the class. 

On this basis, Darrow estimates that approximately 2.2 million individuals fall within the proposed class definition.

Defendant Profile 

Microsoft Corporation is a multinational technology company headquartered in Redmond, Washington, and is one of the world’s largest providers of software, cloud computing, and digital services. Microsoft’s principal lines of business include enterprise and consumer software (including Windows and Microsoft 365), cloud infrastructure and services through Azure, professional networking via LinkedIn, and collaboration and communications platforms such as Microsoft Teams, which are widely used by businesses, educational institutions, and governmental entities worldwide.

As of the date of filing, Microsoft maintains a market capitalization of $3 trillion dollars, making it among the four most valuable publicly traded companies in the world. The company employs 228,000 workers globally with offices in more than 100 countries. For fiscal year 2024, Microsoft reported $281.7 billion in revenue and $162.7 billion in EBITDA, with $30.2 billion in cash and cash equivalents as of June 30, 2025.

Given Microsoft's financial position, the risk that any judgment or settlement would prove uncollectible is effectively nonexistent. It is reasonable to expect that plaintiffs will pursue maximum recovery for the class, looking to precedents such as the $650 million BIPA settlement secured against Facebook. See In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747 (N.D. Cal. Feb. 26, 2021).
However, the Facebook settlement involved distinct facts, namely, the deployment of facial recognition technology at scale across a massive user base. Any direct comparison should be approached with caution. More instructive for present purposes is an analysis of comparable matters, discussed in Section V below. 

Key Litigation Risk Drivers

1. Presiding Judge

This matter is assigned to Judge John H. Chun in the Western District of Washington, a jurist confirmed in March 2022 with extensive commercial litigation experience and prior state court service. His early federal tenure suggests a methodical approach to complex class actions. Although Judge Chun lacks a specific track record with Illinois BIPA claims, his rulings in other matters demonstrate a willingness to trim complaints while allowing well-pleaded claims to proceed to discovery. This suggests the assignment is neutral to modestly favorable for the plaintiff class regarding threshold dismissal risks.

2. Defense Counsel 

While defense counsel has not yet formally appeared, Microsoft generally relies on elite firms for high-stakes class action and privacy litigation. Experienced defense teams are more likely to mount aggressive motions to dismiss, contest class certification vigorously, and pursue appellate relief where warranted, factors that can extend timelines and increase attrition risk for plaintiffs.That said, sophisticated defense counsel also tend to approach settlement pragmatically once liability exposure is established and damages exposure becomes concrete.

3. Substantive Risk Factors

The central question is likely to be whether the challenged diarization process creates a “voiceprint” under BIPA. While voiceprints are protected identifiers, Microsoft will likely argue that diarization is a temporary signal-processing tool that merely distinguishes speakers (e.g., “Speaker A” vs. “Speaker B”) without uniquely identifying them. If a court accepts this distinction, the claims could fail entirely. However, the plaintiff’s allegation that Microsoft links these vocal patterns to identifiable user profiles (such as names and email addresses) may bridge this gap, at least at the pleadings stage. 

Additionally, Microsoft can be expected to invoke the Illinois extraterritoriality doctrine, arguing that the alleged violations did not occur “primarily and substantially” in Illinois since Azure servers are managed globally from Washington. Recent case law has been mixed. While plaintiffs often survive this challenge at the pleading stage by focusing on the user’s location, it remains a potent defense for Microsoft if the case comes to summary judgment.

‍
Expected Settlement: $41M - $61M

‍
Although BIPA allows for statutory damages of $1,000 per violation, increasing to $5,000 if the behaviour is intentional or reckless, it is highly unlikely that this matter will proceed to trial. Defendants in comparable BIPA actions have consistently elected to resolve claims via settlement, often at a fraction of statutory exposure, in order to avoid the risk of an eight- or nine-figure verdict and, in some instances, to limit aggregate defense costs that can exceed the cost of early resolution.

Darrow estimates expected settlement values using internally developed models informed by outcomes in prior cases with similar fact patterns that have already settled. For this case, the analysis draws from a dataset of almost 500 BIPA cases filed over the past five years, from which key predictive variables, including the nature of the alleged violation, defendant profile, class characteristics, and procedural posture, have been extracted and coded. 

Rather than relying on broad averages across privacy litigation, the analysis focuses on a narrower set of closely comparable matters, which improves the reliability of settlement estimates. BIPA violations can be categorized in two ways; (i) the relationship between the defendant and the affected individuals (e.g., employer–employee versus technology company–user), and (ii) the category of biometric data at issue.   While the majority of resolved BIPA claims involve employers collecting fingerprint data from employees, matters involving technology companies collecting biometric data from end users constitute a far smaller subset. Of these, none to date have specifically involved voice-derived biometric identifiers. Notwithstanding the absence of a directly analogous precedent, the model is able to derive a reliable estimate by reference to the most closely comparable settlements available. 

‍
For this case, our model estimates a likely settlement range between $41 million and $61 million, representing the interquartile range (25th to 75th percentile)  from our model’s simulation of settlement outcomes. This settlement range is broadly consistent with other similarly sized claims against major tech companies including those set out below.

The below graph presents the outcomes of our model’s settlement simulation.

‍

Likely Outcomes‍

As noted above,  the probability of this case reaching trial is remote. Defendants overwhelmingly prefer to settle early on to avoid the possibility of an eight to nine figure verdict. However, this does not mean that settlement is certain.

Darrow’s data indicates that of all BIPA cases that have reached a final disposition, only 18% have been resolved by settlement. Defendants frequently elect to contest these claims aggressively, and in the majority of cases, succeed in doing so. However, cases that advance to the motion-to-dismiss stage tend to favor plaintiffs: Darrow's data show that approximately 63% of motions to dismiss in BIPA actions are denied.

Plaintiffs accordingly face a number of meaningful hurdles on the path to recovery, including surviving dispositive motions, obtaining class certification, and navigating substantive defenses, including those outlined in Section IV above.

The below graph presents the outcomes of our model’s case value simulation. 

‍