Under the EU General Data Protection Regulation, consent to process personal data must be freely given, specific, informed, and unambiguous, and the user must be able to withdraw it as easily as they gave it. For meeting copilots operating in the EU, GDPR consent typically requires: a clear disclosure that the meeting will be recorded and transcribed, the identity of the data controller, the legal basis for processing, the retention period, the user's rights (access, deletion, portability), and an explicit opt-in action — pre-checked boxes don't count. Implicit consent ("by attending this meeting, you consent...") is on shaky legal ground; best practice is an explicit join-time prompt that participants must actively dismiss to enter the call.