InternetNZ submission on biometrics code of practice
Policy Team •
In April 2024, the Office of the Privacy Commissioner released a draft code of practice on the use of biometrics in New Zealand. The code of practice would create requirements for organisations that use biometric information to recognise or classify people. Biometric information refers to people’s physical or behavioural features like their face, fingerprints or voice.
Why are we involved?
Biometrics are becoming increasingly prevalent in our day-to-day lives, both online and offline. The combination of an open and accessible Internet with new technologies has enabled large amounts of sensitive biometric data to be shared rapidly on a global scale.
It is important for Aotearoa’s Internet community to be part of the development of rules on biometrics, given the increasing use of New Zealanders’ biometric information online and as part of the Internet of Things.
As the home of .nz, we want to see biometric systems in Aotearoa implemented in a way that addresses the risk of harm to people online. Rules on biometrics must also enable all the people of Aotearoa to access and effectively use the Internet to equitably participate in and benefit from our society, democracy, and economy, while also protecting their right to privacy.
What does our submission say?
We strongly support the creation of a code of practice to address the increased privacy risks created by the use of biometrics in Aotearoa, together with the global nature of the Internet.
We broadly support the aims of the draft code of practice. We have recommended that the Office of the Privacy Commissioner makes changes to increase protections for individuals and clarify expectations for organisations in the code.
In particular, we think the critical areas of focus should be improving engagement with Māori, tightening limits on what biometric information can be collected, strengthening assessment and enforcement, and creating clear requirements around privacy safeguards and consent.
Want to read more?
You can read our full submission to the Office of the Privacy Commissioner.