Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Resources

Print | Email this page

Biometrics

Biometric information is personal information and is regulated by the Privacy Act. It is particularly sensitive because it’s based on the human body and is fundamental to who a person is. There is growing concern about the level of regulation covering biometric information and the Privacy Commissioner is currently considering whether additional rules are needed.

Biometric information relates to people’s physical or behavioural features. For example, a person’s face, fingerprints, voice, keystroke patterns, or how they walk.

Biometric technologies, like facial recognition technology, analyse biometric information to recognise who someone is, or to work out other things about them (such as their gender or mood).

We use the term biometrics to mean when technologies like facial recognition are used to collect and process people’s biometric information to identify or classify them.

These are some examples of how biometrics can be used:

  • verifying people’s identities
  • border control
  • policing and law enforcement
  • retail security
  • controlling access to devices or physical spaces
  • monitoring attendance (for example, in workplaces or schools).


Biometric technologies can have major benefits, including convenience, efficiency, and security. However, they can also create significant risks, including risks relating to surveillance and profiling, lack of transparency and control, and accuracy, bias, and discrimination.

The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. Other countries are also considering how best to regulate these technologies, and some have enacted specific regulatory frameworks for biometrics or include biometrics in their ‘sensitive’ information categories which give biometric information greater protection (in contrast, New Zealand’s Privacy Act doesn’t have special rules for ‘sensitive’ information).

The Privacy Commissioner has been considering make specific rules for biometrics to protect people’s special biometric information, guard against risks, and ensure it is used safely. You can read more about this work in the next section.

Biometrics papers and past consultation

August 2024

Report-back on exposure draft of biometrics code

We received 250 submissions; 180 from the public and 70 from agencies (businesses, government agencies and organisations).

Almost every submission from members of the public told us that people were concerned about the use of biometrics in New Zealand. There was broad support for the proposed rules in the draft code.

Agencies that sent in feedback were from diverse sectors. Agencies were generally supportive of the code proposals and for the proposed modifications to the three IPPs that we’d outlined. At times opinion was divided, but overall, the feedback gave us clear direction on what may need to be changed or reworked, which is what we’ll do now.

Read detail about who commented and what the themes of the feedback were.

April/May 2024

Public consultation on exposure draft of biometrics code

We developed an exposure draft of a biometrics code of practice based on what we had learned in targeted engagement the previous year. A biometrics code of practice would create specific rules for agencies using biometric technologies to collect and process biometric information. The exposure draft included three new rules: a proportionality requirement, additional notification and transparency requirements, and fair processing limits that restrict some uses of biometric classification.

We conducted a broad public consultation on the biometrics code exposure draft, seeking views from members of the public, Māori, businesses, government agencies, and advocacy organisations.

Read our media release.
Read the exposure draft (Word).
Read the consultation document (Word).
Read the one-page summary (PDF).
View our infographic (PDF). 

November 2023

Announcement

The Privacy Commissioner announces he will release an exposure draft of a biometrics code for public consultation in early 2024.

Read the media release.
Read the explainer document (PDF).

July/August 2023

Targeted engagement

We released a discussion document outlining proposals for a potential code of practice for biometrics. We sought views from key stakeholders: Māori, private sector users or providers of biometrics, public sector users of biometrics, privacy specialists, and advocates with expertise in human rights, employment, and consumer rights. We held workshops and meetings with stakeholders and received 54 submissions on our discussion document.

Read the summary document (PDF)
Read the summary document (Word)
Read the full discussion document (Word)
Read the summary of submissions.
December 2022

Announcement
The Privacy Commissioner announces he will explore the option of a code to regulate biometrics.

Read the media release.

August 2022

Public consultation

We revisited our position paper on biometrics and conducted a period of broad public engagement with a consultation paper to asking whether further regulation of biometrics was needed in New Zealand.

We also talked to stakeholders, including Māori experts and organisations using biometric information, to ensure we were hearing from the right people. We received 100 submissions from individuals, businesses, government departments, and advocacy groups.

Read the consultation paper.
Read a one-page summary.
Read the summary of submissions.

October 2021

Biometrics position paper

We launched a position paper on how the Privacy Act regulates biometrics.

Read a one-page summary of key issues regarding biometric technologies and privacy.
Read the biometrics position paper (PDF).
Read our blog post.

If you want to contact us about this work please email biometrics@privacy.org.nz

Back to top