Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Biometric information is personal information and is regulated by the Privacy Act. It is particularly sensitive because it’s based on the human body and is fundamental to who a person is. There is growing concern about the level of regulation covering biometric information and the Privacy Commissioner is currently considering whether additional rules are needed.
Biometric information relates to people’s physical or behavioural features. For example, a person’s face, fingerprints, voice, keystroke patterns, or how they walk.
Biometric technologies, like facial recognition technology, analyse biometric information to recognise who someone is, or to work out other things about them (such as their gender or mood).
We use the term biometrics to mean when technologies like facial recognition are used to collect and process people’s biometric information to identify or classify them.
These are some examples of how biometrics can be used:
Biometric technologies can have major benefits, including convenience, efficiency, and security. However, they can also create significant risks, including risks relating to surveillance and profiling, lack of transparency and control, and accuracy, bias, and discrimination.
The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. Other countries are also considering how best to regulate these technologies, and some have enacted specific regulatory frameworks for biometrics or include biometrics in their ‘sensitive’ information categories which give biometric information greater protection (in contrast, New Zealand’s Privacy Act doesn’t have special rules for ‘sensitive’ information).
The Privacy Commissioner has been considering make specific rules for biometrics to protect people’s special biometric information, guard against risks, and ensure it is used safely. You can read more about this work in the next section.
We developed an exposure draft of a biometrics code of practice based on what we had learned in targeted engagement the previous year. A biometrics code of practice would create specific rules for agencies using biometric technologies to collect and process biometric information. The exposure draft included three new rules: a proportionality requirement, additional notification and transparency requirements, and fair processing limits that restrict some uses of biometric classification.
We conducted a broad public consultation on the biometrics code exposure draft, seeking views from members of the public, Māori, businesses, government agencies, and advocacy organisations.
We are currently analysing submissions received on the exposure draft. There will need to be a further period of formal code consultation before any biometrics code of practice can be issued. If you would like to be notified when the Privacy Commissioner announces his decision, email us at biometrics@privacy.org.nz.
Read our media release.
Read the exposure draft (Word).
Read the consultation document (Word).
Read the one-page summary (PDF).
View our infographic (PDF).
The Privacy Commissioner announces he will release an exposure draft of a biometrics code for public consultation in early 2024.
Read the media release.
Read the explainer document (PDF).
We released a discussion document outlining proposals for a potential code of practice for biometrics. We sought views from key stakeholders: Māori, private sector users or providers of biometrics, public sector users of biometrics, privacy specialists, and advocates with expertise in human rights, employment, and consumer rights. We held workshops and meetings with stakeholders and received 54 submissions on our discussion document.
Read the summary document (PDF)
Read the summary document (Word)
Read the full discussion document (Word)
Read the summary of submissions.
December 2022: announcement
The Privacy Commissioner announces he will explore the option of a code to regulate biometrics.
We revisited our position paper on biometrics and conducted a period of broad public engagement with a consultation paper to asking whether further regulation of biometrics was needed in New Zealand.
We also talked to stakeholders, including Māori experts and organisations using biometric information, to ensure we were hearing from the right people. We received 100 submissions from individuals, businesses, government departments, and advocacy groups.
Read the consultation paper.
Read a one-page summary.
Read the summary of submissions.
We launched a position paper on how the Privacy Act regulates biometrics.
Read a one-page summary of key issues regarding biometric technologies and privacy.
Read the biometrics position paper (PDF).
Read our blog post.
