Using Voice Biometrics in the World of the GDPR

It is well known across all companies working with private data that the date May 25, 2018 was a gamechanger, it was the date when the General Data Protection Regulation (GDPR) came into effect. The GDPR is a set of rules that regulates the processing of personal data related to individuals in the European Union. But how does the GDPR influence call centers, banks, insurance companies and other institutions that use voice biometrics?

First things first, it is important to mention what voice biometrics is and why it is related to the GDPR.

Is a Voiceprint Sensitive Personal Information?
Voice biometrics is one of the various fields of biometrics. Nowadays, it is possible to identify people based on their fingerprints, iris, signature and, believe it or not, the way you sit. Speaker identification technology is based on more than 600 features of every single person’s voice, which are converted to a mathematical expression commonly known as a voiceprint. According to the GDPR, biometric data is: “personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person”. A voiceprint is a unique authentication element. If it is used to uniquely identify a physical person, then it is perceived as sensitive personal information and you need informed consent to use such a specific purpose.

Appropriate Treatment Needed
The GDPR places power into customers’ hands. A voiceprint is considered sensitive personal information, therefore, it has to be deleted as well as other personal information on the request of the customer and cannot be used for a defined purpose anymore. Both sensitive personal information and personal information need to be treated appropriately. All companies collecting personal information have to care about data security more than ever before. Implementing voice biometrics helps you to identify points in the process that might be weak or contrary to the GDPR and helps you solve them.

One of the Safest Biometrics
Voice biometrics still belongs to one of the safest biometrics in terms of fraudulent activities. Nowadays, there is no standard for voiceprints, therefore, every company has a different approach to speaker identification. Voiceprints are not compatible across various voice biometrics providers. There is no possibility to generate an original recording from the voiceprint itself or any way to re-create a speaker’s voice. A voiceprint database is, thereby, of no interest to a fraudster, who can neither use it with another system or cheat your system. On the other hand, voice biometrics can help you to identify a fraudster who is calling under different identities and lower any damages caused.

Customers‘ Consent Is a Must
In the end, it is all about customers, to whom GDPR gives ultimate rights to give or not give consent for using their sensitive personal data, and therefore, have the possibility to also use their voiceprints. Good communication with your customers and promoting benefits are the main keys to success. A rich customer journey and enhanced customer experience in which they do not need to remember answers to control questions, a PIN or contract number anymore, but are verified in the background are among the vast pool of benefits. Voice biometrics brings an instant effect to a customer’s everyday life, you just need to let them know.

So, it is important to bear in mind when it comes to the GDPR and voice biometrics, be sure that you treat your customer’s data well, provide them with detailed information on its principles and stress out that the threats of actual fraudulent misuse are minimal in comparison with the benefits voice biometrics bring, then it will be easier to receive confirmation to use sensitive personal data. I believe this is the correct way used by responsible and innovative companies to approaching their customer base in the world of the GDPR.

DISCLAIMER: All data and information provided in this blog post are for informational purposes only. Phonexia makes no representations as to the accuracy, completeness, currentness, suitability, or validity of any information contained herein. We recommend consulting with a lawyer for any legal advice pertaining to data protection compliance.