HMRC Voice ID Scheme ‘Breaks GDPR’, Claim Campaigners

An HMRC telephone identification system that has collected and analysed millions of taxpayers’ speech patterns may break new pan-European data protection laws, campaigners have alleged.

HMRC said its Voice ID system, launched last June, was “extremely popular”, and said users had the choice to opt out of it.

The campaign group Big Brother Watch accused HMRC of using “shady” methods to collect the voice prints, and said the programme was creating “biometric ID cards by the back door”.

The programme has collected 5.1 million audio signatures to date, according to HMRC figures obtained by Big Brother Watch through a freedom of information request.

Legal questions

The Information Commissioner’s Office (ICO) said it has opened an investigation into Big Brother Watch’s complaint.

The EU’s General Data Protection Regulation (GDPR), which came into force last month, requires organsations to obtain explicit consent before they use biometric data, including voice recordings, to identify someone.

When it launched Voice ID last year, HMRC said users could opt out of the system.

But Big Brother Watch said this option is far from obvious. According to the group, callers to HMRC’s tax credits or self-assessment helplines are asked to repeat the phrase “My voice is my password”, and must refuse three times before they’re connected with an operator.

If a caller repeats the phrase, it’s used in future to help identify them.

GDPR allows organisations to process users’ data without consent in some cases, such as if it is necessary for compliance with a legal obligation or to deliver a task in the public interest. Big Brother Watch claims this loophole dosen’t apply, since Voice ID is not essential for HMRC’s work.

‘Shady scheme’

Big Brother Watch director Silkie Carlos said there was a “distinct lack of transparency” around the scheme and said the size of the database already accumulated was “alarming”.

“These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives,” she said. “HMRC should delete the 5 million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect to the public.”

HMRC said the programme was useful and secure.

“Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems,” it said in a statement. “The Voice ID data storage meets the highest government and industry standards for security.”

The agency said the data would only be used for authentication purposes, could not be traced back to an individual and would not be shared with other government departments.

The Home Office has said it plans to publish a framework for the use of bioimetric data in the public sector this month, four and a half years after it was originally due to be released.

How much do you know about privacy? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Near Miss With Drone At Gatwick Airport

Rogue drone came within 20m (65ft) of a passenger plane as it flew in to Gatwick Airport in July

13 hours ago

Microsoft, IBM Join Forces With Linux Foundation To Fight Patent Trolls

Don't feed the trolls. Partnership to fight 'Patent Assertion Entities', otherwise known as patent trolls

14 hours ago

Big Data: The Race for Talent

Data is now every business’s most precious commodity. Having a workforce that can manage this resource is an imperative for…

16 hours ago

Cisco Files Lawsuit Against Former Employees

Three former staffers allegedly stole thousands of confidential files when they detected to competitor

16 hours ago

Google Cloud Next UK: Google Highlights European Data Protections

Largest Google Cloud event in Europe sees search engine giant commit to enhance European data protection with additional tools

17 hours ago

Google Cloud Next UK: Google Touts Vodafone, John Lewis Deals

Google kicks off its largest Google Cloud event in Europe touting contracts with Vodafone, as well as the John Lewis…

19 hours ago