This article is more than 1 year old
UK taxman falls foul of GDPR, agrees to wipe 5 million voice recordings used to make biometric IDs
Yes, yes, yes, we've told the ICO we are doing so, says HMRC
Her Majesty’s Revenue and Customs, aka the tax collector, has agreed to delete five million voice recordings it used to create biometric IDs.
The Voice IDs were used to speed access to its phone line but were created before the implementation of the European General Data Protection Regulation (GDPR) and fell foul of the tougher rules.
HMRC will keep about 1.5m Voice IDs which are in use, but delete around five million where explicit consent was not received and where those people had never used the system since creating the ID.
Just keep slurping: HMRC adds two million taxpayers' voices to biometric database
READ MOREThe Rev’s chief executive, Sir Jonathan Thompson KCB, said in a letter to his data controller:
“I have informed ICO that we have already started to delete all records where we do not hold explicit consent and will complete that work well before ICO’s 5 June 2019 deadline. These total around 5 million customers who enrolled in the Voice ID service before October 2018 and have not called us or used the service since to reconfirm their consent.”
HMRC followed several banks and other organisations in using a "my voice is my password" system to identify account holders. It will continue to use the system but in line with GDPR rules and its own published privacy policy.
Director of Big Brother Watch, Silkie Carlo, said in a statement:
"This is a massive success for Big Brother Watch, restoring data rights for millions of ordinary people around the country. To our knowledge, this is the biggest ever deletion of biometric IDs from a state-held database.
"This sets a vital precedent for biometrics collection and the database state, showing that campaigners and the ICO have real teeth and no Government department is above the law."
Thompson said in his letter the Revenue will continue to use Voice ID because it is "popular with our customers, is a more secure way of protecting customer data, and enables us to get callers through to an adviser faster."
The letter is available as a PDF from this page on the HMRC site. ®