HMRC unveiled a new customer verification process in January 2017. This resulted in nearly 6 million biometric data sets being collected from helpline users. The ICO, thanks to the right-wing Big Brother Watch pressure group, has found that HMRC customers did not get access to “sufficient information” and maybe did not consent in the right way – post-GDPR!
According to the HMRC:
“We welcome HMRC’s prompt action to begin deleting personal data that it obtained unlawfully. Our investigation exposed a significant breach of data protection law – HMRC appears to have given little or no consideration to it with regard to its Voice ID service.
Innovative digital services help make our lives easier, but it must not be at the expense of people’s fundamental right to privacy. Organisations must be transparent and fair and, when necessary, obtain consent from people about how their information will be used. When that doesn’t happen, the ICO will take action to protect the public.”