The UK’s tax authority is to delete the biometric voice records of five million people because it did not have clear consent from its customers to have those files. From a report: HM Revenue and Customs (HMRC) uses the Voice ID biometric voice security system to make it easier for callers to pass its security processes when discussing their account. It says using the system will reduce the time it takes to speak to an advisor and will help prevent anyone else accessing accounts. But the UK’s data privacy watchdog the Information Commissioners Office (ICO) said that HMRC failed to give customers sufficient information about how their biometric data would be processed and failed to give them the chance to give or withhold consent. “This is a breach of the General Data Protection Regulation,” the ICO said.
Steve Wood, Deputy Commissioner at the ICO, said: “We welcome HMRC’s prompt action to begin deleting personal data that it obtained unlawfully. Our investigation exposed a significant breach of data protection law — HMRC appears to have given little or no consideration to it with regard to its Voice ID service.” Under the GDPR, biometric data is considered special category information and is subject to stricter conditions.
Read more of this story at Slashdot.