BLOG POSTS

HMRC Deletes Voice Prints Due to Privacy Violation

Old man frustrated over the phone

Her Majesty’s Revenue and Customs (HMRC) had to delete around 5 million of its users’ voice prints as it failed to comply with the European Union’s General Data Protection Regulation (GDPR).

HMRC is tasked with collecting taxes, administrating other regulatory regimes and paying some form of state support. In 2017, HMRC implemented a voice biometric system, provided by Nuance, that allowed customers to verify their identity using their voice. At its peak, HMRC had managed to enrol the voice prints of over 13% of the United Kingdom’s adult population.

The courts found that HMRC did not provide an ‘opt out’ option for its users. Now, HMRC states that they will only keep the voice prints of users that received explicit consent to use voice biometrics to verify their identity and were offered the option to ‘opt out’. This massive voice print deletion means less than 3% of the UK’s adult population have a valid voice print enrolled.

The Australian Taxation Office (ATO) also uses Nuance voice biometric technology for identity verification. Since implementation, the ATO has enrolled voice prints of around 14% of the adult population of Australia.

In contrast, the Inland Revenue Department (IRD) in New Zealand uses Auraya’s voice biometric capability, ArmorVox, for their voice identification and verification system. More than 75% of adults in New Zealand have enrolled in IRD’s system. The IRD system complies with the relevant local privacy regulations, which includes allowing its users to opt in or out of using the biometric authentication process.

NEWSLETTER

sign up to our mailing list