HMRC under investigation for alleged breach of data protection rules
HMRC are under investigation by the Information Commissioner following a complaint that the tax authority has breached data protection laws by saving taxpayers’ voices without consent
27 Jun 2018
The privacy watchdog Big Brother Watch alleges that HMRC has collected 5.1 million taxpayers’ voiceprints without their consent.
Callers to HMRC are required to repeat the phrase: ‘My voice is my password’ on an automated line before being able to access services. Big Brother Watch claim this amounts to ‘being railroaded into a mass ID scheme’ as callers are not given the choice to opt in or out.
The watchdog submitted Freedom of Information requests revealing the government department has acquired 5.1 million voiceprints.
Big Brother Watch said: ‘HMRC has refused to disclose which other government departments the voice IDs have been shared with, how the IDs are stored and used, whether it is possible to delete a voice ID, which legal territory the data is kept in, how much the scheme has cost taxpayers, or the legally-required “privacy impact assessment”.’
After members of the public raised concerns, Big Brother Watch say they tested the system and found there is no option for callers to opt out of the ID scheme, or have their voiceprint securely deleted.
HMRC’s automated line instructs callers: ‘I’ll need you to say exactly those words’.
Callers that say ‘no’ are repeatedly instructed by the automated line, ‘It’s important you repeat exactly the same phrase. Please say “My voice is my password”’.
Big Brother Watch claims the process amounts to collecting biometric data ‘by the back door'.
‘Taxpayers are being railroaded into a mass ID scheme that is incredibly disturbing. The tax man is building Big Brother Britain by imposing biometric ID cards on the public by the back door,’ said director, Silkie Carlo.
‘The rapid growth of the British database state is alarming. These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives. HMRC should delete the five million voiceprints they’ve taken in this shady scheme, observe the law and show greater respect to the public.’
The watchdog also claims the security of voice ID is dubious, citing a BBC investigation last year where a reporter was able to trick HSBC’s system into allowing access to a bank account.
An Information Commissioner’s Office spokesperson said: ‘We have received a complaint about HMRC’s voice ID scheme and will be making enquiries.’
Report by Rob Munro