Privacy campaigners ‘Big Brother Watch’ have recently brought to light an issue whereby voice profile data of over 5.1 million tax payers has been collected without the consent of the UK public.
The Information Commissioner’s Office (ICO) are currently investigating complaints about the service, their responses received so far include that the data has been held securely, they also highlighted that callers could opt to avoid using voice ID.
How does voice ID work?
Voice ID requests callers to speak the following phrase “my voice is my password”. Once the caller has completed this they can use the phrase for future authentication with the service.
What is the purpose of the service?
HMRC say the reasoning is to speed up security measures when a caller utilises the voice service
However Big Brother Watch claimed that taxpayers were being “railroaded into a mass ID scheme”, as they were not given the choice to opt out.
“These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives,” said Silkie Carlo, director of Big Brother Watch.
She went on to demand HMRC to “delete the five million voiceprints they’ve taken in this shady scheme”.
HMRC responded saying that the technology was very popular with customers
Are HMRC breaking any regulations?
The General Data Protection Regulation (GDPR) came into effect across the European Union last month, GDPR ensures organisations MUST obtain explicit consent before using data to identify someone, this includes voice recordings.
It would seem that HMRC have not obtained explicit consent when they responded to the freedom of information request with the following statement:
HMRC currently operates VoiceID on the basis of the implied consent of the customer, but is developing a new process which will be operated on the basis of the explicit consent of the customer.
Are there security risks with HMRC using this technology?
LHN were provided with an exclusive statement from Tom Harwood, CPO and Co-Founder at Aeriandi