“Voice ID? We’re Keeping It” Vows HMRC, Dodging Fine for GDPR Breach

May 07 13:30 2019 Print This Article

Taxman gets off with a slap on the wrist after GDPR breach

Her Majesty’s Revenue and Customs (HMRC) has vowed to continue using its controversial Voice ID system – but promised to delete the records of 5.1 million customers who did not consent to the harvesting of their biometric voice data.

The decision comes after the Information Commissioner’s Office (ICO) on May 3 found HMRC to be in breach of GDRP, saying its investigation “exposed a significant breach of data protection law – HMRC appears to have given little or no consideration to it with regard to its Voice ID service”. It has ordered the department to delete the records.

HMRC got off lightly: it will not be fined, the ICO confirmed to Computer Business Review, saying more details on the enforcement action will be published this week.

The ICO’s Deputy Commissioner Steve Wood said: “Innovative digital services help make our lives easier but it must not be at the expense of people’s fundamental right to privacy. Organisations must be transparent and fair and, when necessary, obtain consent from people about how their information will be used.”

“When that doesn’t happen, the ICO will take action to protect the public”.

Voice ID: Now GDPR-Compliant, Says HMRC
In a letter to the ICO late last week, HMRC Chief Executive Sir Jonathan Thompson wrote: “I am satisfied that HMRC should continue to use Voice ID.”

“It is popular with our customers, is a more secure way of protecting customer data, and enables us to get callers through to an adviser faster.”

He added: “HMRC has worked hard to ensure the system complies with GDPR requirements around explicit consent and our published privacy notice already makes clear that we will not use voice identification data for any other purposes.”

The letter came after advocacy group Big Brother Watch last year found that since January 2017, HMRC had been taking voice recordings from those who call the tax credits and self-assessment helplines to create a voiceprint to identify callers in the future. It did not offer an opt-out, with a transcript of a call reading as follows.

The original article was posted here: https://www.cbronline.com/news/voice-id-hmrc-gdpr

  Article "tagged" as:
  Categories:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment