HMRC issued with enforcement notice following GDPR violation

May 14 14:11 2019 Print This Article

HMRC has been ordered to delete voice recognition data after contravening the General Data Protection Regulation (GDPR).

Following a complaint from the privacy watchdog, Big Brother Watch, the Information Commissioner’s Officer (ICO) conducted an investigation into HMRC for failing to gain explicit consent from individuals about their biometric data. The ICO reported that there had been a “significant breach” of data protection laws after concluding that HMRC did not have adequate consent from its customers. The ICO have ordered HMRC, via an enforcement notice, to delete any data it continues to hold without consent.

The Commissioner highlighted the scale of the data collection and that “HMRC collected it in circumstances where there was a significant imbalance of power between the organisation and its customers…..It did not explain to customers how they could decline to participate in the Voice ID system. It also did not explain that customers would not suffer a detrimental impact if they declined to participate.”

For more information, see HMRC handed an enforcement notice following GDPR violation.

The original article was posted here:

  Article "tagged" as:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment