HM Revenue and Customs, has been found by the Information Commissioner’s Office (ICO) to have breached data protection rules set out in the EU General Data Protection Regulation by failing to give users an option to opt out of voice identification software.
HMRC has published a letter sent by Jon Thompson, HMRC Chief Executive and Permanent Secretary, to the HMRC Data Protection Officer to clarify the situation:
“I have written to the ICO today to inform them of the actions the department has agreed, as follows.
I am satisfied that HMRC should continue to use Voice ID. It is popular with our customers, is a more secure way of protecting customer data, and enables us to get callers through to an adviser faster. HMRC has worked hard to ensure the system complies with GDPR requirements around explicit consent and our published privacy notice already makes clear that we will not use voice identification data for any other purposes.
In the interests of being transparent about the decisions we have made, I am arranging for this note to be made public and have advised the ICO accordingly.”