FB pixel

UK tax agency said to have collected 5.1 million biometric voiceprints without explicit consent

UK tax agency said to have collected 5.1 million biometric voiceprints without explicit consent
 

The UK tax agency has collected 5.1 million biometric voice records through its Voice ID authentication service since January 2017, according to a report by Big Brother Watch.

Her Majesty’s Revenue and Customs (HMRC) said it would allow callers to opt-out when it announced the service, but it does not present any option to British taxpayers calling the agency’s self-assessment helpline. Instead, it asks users to repeat the phrase “my voice is my password,” though Big Brother Watch discovered through investigation that it is possible to avoid providing the biometric record by saying “no” three times at certain points in the process.

The first two times the user says “no,” the system responds: “Sorry, it’s important you repeat exactly [emphasis in recording] the same phrase. Please say ‘My voice is my password’” Big Brother Watch reports.

“The EU General Data Protection Regulation (GDPR), incorporated in UK law through the Data Protection Act 2018, prohibits the processing of biometric data for the purpose of uniquely identifying a person, unless the there is a lawful basis under Article 6,” Big Brother Watch says in the report. “However, because voiceprints are such sensitive data – and voice IDs are not necessary for dealing with tax issues – HMRC must also request the explicit consent of each taxpayer to enrol them in the scheme, as required by Article 9 of GDPR. However, HMRC has in fact railroaded taxpayers into this unprecedented ID scheme. On our analysis, that means HMRC must now delete this giant biometric database.”

The privacy group has filed a formal complaint with the Information Commissioner’s Office (ICO), which is investigating. While the number of Voice ID records was revealed by HMRC in response to requests filed under the freedom of information act (FOIA), the agency did not disclose whether the records are shared with third parties or other government agencies, or how users could have their records deleted from the database.

“HMRC’s voiceprint scheme appears to be almost surreptitious, failing to meet basic data protection principles,” said Privacy Matters Director and data protection law expert Pat Walshe. “The non-transparent manner harvesting of people’s data and significant questions of lawfulness are troubling. Given the significant number of citizens involved, and the potential for broader use of biometric voiceprints by government agencies, the ICO could issue a notice requiring the temporary suspensions of the scheme.”

“Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems,” an HMRC spokesperson responded. “The Voice ID data storage meets the highest government and industry standards for security.”

The use of biometrics by the UK’s Home Office and police have drawn criticism for a lack of clear governance rules and slow oversight procedures.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

New PIA for US Secret Service’s use of facial recognition raises questions

The U.S. Department of Homeland Security (DHS) issued a new Privacy Impact Assessment (PIA) for the U.S. Secret Service’s (USSS)…

 

Report explores efforts to curb environmental risks posed by identity documents

In the past couple of years, the identity industry has been involved in efforts to shift away from the use…

 

Malta opposition party demands minister’s resignation over ID card fraud scandal

Malta’s Green Party, ADPD, has intensified its demands for the resignation of a Maltese government minister following revelations of a…

 

Philippines’ central bank enters arbitration over failed ID card project

After the Philippines’ central bank decided to cancel its contract with identification system company AllCard Inc. (ACI) to produce the…

 

Visa biometrics provider VFS in talks to sell minority stake to Temasek

A significant minority stake of about 20 percent in the Blackstone-owned digital services outsourcing company VFS Global might be sold…

 

UK Virgin Islands launch digital transformation tender

Tourist hotspots Thailand, Sri Lanka, the Seychelles and the Virgin Islands are not just offering beaches and sunshine, they are…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events