Privacy campaigners have said they believe HM Revenue and Customs (HMRC) analysed and stored the voices of millions of British taxpayers without their consent.
The Information Commissioner’s Office is looking into complaints by Big Brother Watch against HMRC’s VoiceID system, which was launched last year.
The privacy campaigners have accused the service of creating ‘biometric ID cards by the back door’ through its collection of 5.1 million audio signatures.
HMRC says the data is held securely and that callers had the option not to use VoiceID.
The Voice ID scheme asks callers to repeat the phrase “my voice is my password” to register. It then lets users confirm their identity when calling in about their taxes.
However Big Brother Watch is concerned that taxpayers have been “railroaded into a mass ID scheme” as they weren’t given the choice to opt out.
With the General Data Protection Regulation (GDPR) in full force since May, organisations must get explicit consent from users before gathering biometric data that could be used to identify them.
“These voice IDs could allow ordinary citizens to be identified by government agencies across other areas of their private lives,” said Big Brother Watch director Silkie Carlo.
The company has told HMRC to “delete the five million voiceprints they’ve taken in this shady scheme”, as there’s no lawful basis for the collection of the voice samples, which aren’t necessary to the service’s ‘statutory function’.
An HMRC spokesperson told BusinessCloud that it takes its GDPR responsibilities extremely seriously and is “resolving the issues between implied and active consent that may exist with our VoiceID system”.
It said that customers could access its systems without using VoiceID and that there is no possibility of digital signatures being traced back to an individual outside of the system.
It added: “Our VoiceID system is very popular with customers as it gives a quick and secure route into our systems. Our customers’ data, including for VoiceID, is stored securely. ”