HMRC App — HM Revenue & Customs

⚠️ The bottom line

7 million people's voiceprints collected without real consent. HMRC told callers to say "my voice is my password" — but never explained they were creating a permanent biometric record. Big Brother Watch caught them. The ICO ruled it a GDPR breach. HMRC had built one of the largest biometric databases in the UK and called it customer service. HMRC analyses 1 billion data points a year. Your eBay sales, Airbnb listings, Instagram photos showing a new car — all cross-referenced against your tax return. Their system, called Connect, is the most powerful financial surveillance tool in the UK. Post a photo of your holiday villa? Connect checks if you declared the rental income.

Legal jurisdiction

🇬🇧 United Kingdom (headquarters)

⚠Investigatory Powers Act read more →

Govt can bulk-intercept internet traffic and force companies to remove encryption

⚠Online Safety Act read more →

Ofcom can require scanning of private messages for illegal content

Spying

3/4 HIGH

Is someone spying on me?

Data Sharing

2/4 MODERATE

Who gets my data?

Security

3/4 HIGH

Is it actually secure?

Honesty

2/4 MODERATE

Can I trust what they say?

3Contradictions

1Critical

1High

1Medium

3Sources

Findings by concern

Spying 3/4 HIGH 2 findings

⚠️ criticalprivacy policy vs regulatory

What they claim: HMRC describes its Voice ID biometric system as optional and consent-based

What we found: Big Brother Watch filed a complaint with the ICO after discovering HMRC had enrolled 7 million taxpayers' voiceprints without explicit consent. Callers were told "say 'my voice is my password'" without being informed this created a biometric record. The ICO ruled HMRC had breached GDPR and ordered deletion of non-consensual voiceprints.

⚡ highprivacy policy vs regulatory

HMRC analyses 1 billion data points a year. Your eBay sales, Airbnb listings, Instagram photos showing a new car — all cross-referenced against your tax return. Their system, called Connect, is the most powerful financial surveillance tool in the UK. Post a photo of your holiday villa? Connect checks if you declared the rental income.

What they claim: HMRC privacy notice describes data collection as necessary for tax administration

What we found: HMRC operates one of the most extensive data collection programs in the UK, buying bulk data from banks, employers, property registries, social media platforms, and offshore financial databases. HMRC's Connect system analyses 1 billion data points annually, cross-referencing tax returns against eBay sales, Airbnb listings, and social media posts showing undeclared wealth.

Data Sharing 2/4 MODERATE 1 finding

⚫ mediummarketing vs third party research

HMRC's "Making Tax Digital" means you must buy commercial software from HMRC-approved vendors to file your own tax returns. Small businesses pay £2,770 on average to comply. The government turned filing taxes into a subscription service — the subscription goes to private software companies, and the mandate comes from the state.

What they claim: HMRC promotes Making Tax Digital as simplifying tax for businesses and individuals

What we found: HMRC's Making Tax Digital programme forces small businesses and self-employed individuals to use approved commercial software to submit tax records quarterly. Critics note this effectively mandates purchasing from HMRC-approved vendors (Sage, Xero, QuickBooks), creating a forced market for private companies using public policy. The Federation of Small Businesses estimated compliance costs of £2,770 per business.

Sources

Big Brother Watch: HMRC voice recognition campaign(link unavailable) (2019-05-01)
How HMRC uses data to catch tax dodgers (2018-03-15)
FSB: Making Tax Digital cost burden on small businesses(link unavailable) (2022-04-01)