Jon Baines, Data Protection Advisor at Mishcon de Reya, was quoted in The Register discussing the HMRC's Voice ID system that has amassed a database of 5.1 million people's voiceprints.
Since January 2017, when the Voice ID system was introduced, UK tax payers are required to record a key phrase that acts as a digital signature that unlocks their account when calling HMRC.
Big Brother Watch, a company that 'exposes and challenges threats to privacy' argues that users have not been given enough information on the scheme and that callers are given no option to opt out, suggesting that the system currently works by assuming the implied consent of the customer.
The articles notes that, under GDPR, a system that identifies a person by their voice, would likely be defined as biometric data.
Jon said: "Where [biometric processing] takes place, GDPR says that the person must give 'explicit consent'. 'Consent' also means a 'freely given, specific, informed and unambiguous' indication of the person's wishes, and it must be a 'clear, affirmative action' … It is difficult to square these requirements with what seems to have taken place here: callers were apparently given no option to opt out, let alone opt in."
Read the rest of the article and additional comments from Jon here.