The GDPR re-categorised biometric data as special category data and recent months have seen the ICO bringing its first enforcement action for (mis)use of such data, writes Brett Butcher, solicitor with Birketts LLP.
The action was brought against HMRC and concerned its failure to obtain proper consent for the use of voice identification technology.
The ICO has since reviewed the use of live facial recognition (LFR) technology by the Metropolitan Police Service and the South Wales Police Service.
Whilst the ICO concluded that fair processing obligations were broadly met in these cases, it did observe that the current lack of a statutory code of practice and national guidelines on the use of biometric data contributes to inconsistent practice and increases the risk of compliance failures.
With the conversation on biometric data looking set to continue well into 2020 and beyond, any organisation considering using biometric data would be well advised to take specific advice.