HMRC 'disregards data protection', collecting 5m UK citizens' voice recordings

Tax office creates "mass ID scheme" by the back door, Big Brother Watch claims

HMRC branded email used to fuel scam

Millions of taxpayers' voice recordings have been logged and stored by HMRC without their consent, according to a privacy campaign group.

The tax office has collected 5.1 million 'voiceprints' from UK citizens who found they were unable to access its services without repeating the phrase 'My voice is my password' on an automated line, Big Brother Watch (BBW) claimed today.

Advertisement - Article continues below

"Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing," said BBW director Silkie Carlo.

"The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door."

Its Freedom of Information (FoI) request revealed that HMRC started recording voiceprints of callers to its tax credits and self-assessment helplines in January 2017.

Callers were unable to speak to advisors without recording their voice, BBW claimed. Meanwhile, HMRC declined to provide BBW with a copy of the privacy impact assessment for the scheme, and BBW claimed the department has yet to consult with the UK data protection watchdog, the Information Commissioner's Office (ICO), about the data collection.

Capturing people's voice recordings without their freely given consent, or making clear what it's being used for, would be in contravention of the Data Protection Act 2018 and the EU's General Data Protection Regulation (GDPR) rules, unless HMRC can demonstrate a legitimate interest in collecting such data.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

However, Pat Walshe, data protection law expert and director of Privacy Matters, accused HMRC of "failing to meet basic data protection principles".

HMRC's automated phone line told callers: "I'll need you to say exactly those words", BBW found after members of the public drew its attention to the practice.

There was no way to opt out of recording your voice, BBW found, with callers saying 'no' repeatedly being told: "It's important you repeat exactly the same phrase. Please say 'My voice is my password'."

BBW managed to get around it by repeating 'no' three times, but this process wasn't made clear by HMRC's phone line.

A BBW spokesperson told IT Pro: "It's such a remarkable ID database nationally [but] there's no privacy impact assessment [that we can see] and they haven't engaged with the ICO about it."

HMRC has also not consulted with the Biometrics Commissioner about its storage of voiceprints.

Advertisement - Article continues below

While people have a right to the erasure of their data under the Data Protection Act 2018, HMRC declined to answer BBW's Freedom of Information request to find out what process people could follow to have their voiceprint deleted, citing the prevention or detection of crime exemption.

"This suggests that taxpayers' voiceprints are being used in ways we do not know about," BBW said.

However, HMRC refused to disclose which other government departments it has shared the voiceprints with, where and how they're stored, or what they're used for.

"These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives," Carlo added. "HMRC should delete the five million voiceprints they've taken in this shady scheme, observe the law and show greater respect to the public."

The Information Commissioner's Office (ICO) is now looking into the issue, and Walshe said it could order the tax office to suspend the scheme.

An HMRC spokesperson said: "Our Voice ID system is very popular with customers as it gives a quick and secure route into our systems. The Voice ID data storage meets the highest government and industry standards for security."

Image: Shutterstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/policy-legislation/general-data-protection-regulation-gdpr/355337/ico-will-reduce-gdpr-fines-due-to
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
Visit/security/privacy/355304/nhs-working-with-apple-google-coronavirus-tracking-app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Visit/policy-legislation/data-protection/355250/health-sites-sharing-users-medical-data-with-major-tech
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020