Last year HMRC launched something called 'Voice ID', a vocal recognition system that would recognise a user's voice (and password) to confirm their identity. While HMRC claims the system is optional, it's been accused of storing and analysing the voices of millions of taxpayers without consent.
Big Brother Watch has accused the tax man of creating "biometric ID cards by the back door", and collecting 5.1 million audio signatures in the process. It claims that users aren't being given the option to opt-out of the system, and has called on HMRC to "delete the five million voiceprints they've taken in this shady scheme". Silkie Carlo, director of the orgsniation, also said that the same IDs could let the government identify people in other areas of their private lives.
HMRC claims that the service is optional, but has proven popular among users for speeding up the security process and improving access to its digital services. It also told the BBC that the system was secure, with identifying details stored separately.
The Information Commissioner's Office has confirmed it has launched an investigation into the matter. But has me wondering, what happens should a government organisation end up being found guilty of breaching GDPR rules? Storing and analysing voice prints without consent or the option to opt out is a violation of the new law, even if it's been going on since last year. We're just going to have to wait and see what happens. [BBC News]