Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Biometric information is personal information and is regulated by the Privacy Act. It is particularly sensitive because it’s based on the human body and is fundamental to who a person is. There is growing concern about the level of regulation covering biometric information and the Privacy Commissioner is currently considering whether additional rules are needed.
Biometric information relates to people’s physical or behavioural features. For example, a person’s face, fingerprints, voice, keystroke patterns, or how they walk.
Biometric technologies, like facial recognition technology, analyse biometric information to recognise who someone is, or to work out other things about them (such as their gender or mood).
We use the term biometrics to mean when technologies like facial recognition are used to collect and process people’s biometric information to identify or classify them.
These are some examples of how biometrics can be used:
Biometric technologies can have major benefits, including convenience, efficiency, and security. However, they can also create significant risks, including risks relating to surveillance and profiling, lack of transparency and control, and accuracy, bias, and discrimination.
The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. Other countries are also considering how best to regulate these technologies, and some have enacted specific regulatory frameworks for biometrics or include biometrics in their ‘sensitive’ information categories which give biometric information greater protection (in contrast, New Zealand’s Privacy Act doesn’t have special rules for ‘sensitive’ information).
The Privacy Commissioner announced on 17 December 2024 that he will proceed with developing a code of practice for biometrics. The code will create more specific rules for agencies using biometric technologies to collect and process biometric information.
The Privacy Commissioner has been considering make specific rules for biometrics to protect people’s special biometric information, guard against risks, and ensure it is used safely. You can read more about this work in the next section.
December 2024 |
Decision to proceed with code and public consultation It’s important we get this right, so we want people to have a say on the proposed rules through public consultation running to 14 March. Read about how to have your say about biometrics. |
August 2024 |
Report-back on exposure draft of biometrics codeWe received 250 submissions; 180 from the public and 70 from agencies (businesses, government agencies and organisations). Almost every submission from members of the public told us that people were concerned about the use of biometrics in New Zealand. There was broad support for the proposed rules in the draft code. Agencies that sent in feedback were from diverse sectors. Agencies were generally supportive of the code proposals and for the proposed modifications to the three IPPs that we’d outlined. At times opinion was divided, but overall, the feedback gave us clear direction on what may need to be changed or reworked, which is what we’ll do now. Read detail about who commented and what the themes of the feedback were. |
April/May 2024 |
Public consultation on exposure draft of biometrics codeWe developed an exposure draft of a biometrics code of practice based on what we had learned in targeted engagement the previous year. A biometrics code of practice would create specific rules for agencies using biometric technologies to collect and process biometric information. The exposure draft included three new rules: a proportionality requirement, additional notification and transparency requirements, and fair processing limits that restrict some uses of biometric classification. We conducted a broad public consultation on the biometrics code exposure draft, seeking views from members of the public, Māori, businesses, government agencies, and advocacy organisations. Read our media release. |
November 2023 |
AnnouncementThe Privacy Commissioner announces he will release an exposure draft of a biometrics code for public consultation in early 2024. |
July/August 2023 |
Targeted engagementWe released a discussion document outlining proposals for a potential code of practice for biometrics. We sought views from key stakeholders: Māori, private sector users or providers of biometrics, public sector users of biometrics, privacy specialists, and advocates with expertise in human rights, employment, and consumer rights. We held workshops and meetings with stakeholders and received 54 submissions on our discussion document. Read the summary document (PDF) |
December 2022 |
Announcement |
August 2022 |
Public consultationWe revisited our position paper on biometrics and conducted a period of broad public engagement with a consultation paper to asking whether further regulation of biometrics was needed in New Zealand. We also talked to stakeholders, including Māori experts and organisations using biometric information, to ensure we were hearing from the right people. We received 100 submissions from individuals, businesses, government departments, and advocacy groups. Read the consultation paper. |
October 2021 |
Biometrics position paperWe launched a position paper on how the Privacy Act regulates biometrics. Read a one-page summary of key issues regarding biometric technologies and privacy. |
If you want to contact us about this work please email biometrics@privacy.org.nz