Guidance

Fingerprint self-enrolment feasibility trials: privacy information notice

Published 2 December 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/fingerprint-self-enrolment-feasibility-privacy-information-notice/fingerprint-self-enrolment-feasibility-trials-privacy-information-notice

Why we collect your data 

The Home Office collects face and fingerprint biometrics from foreign nationals applying for a visa. Following the UK’s departure from the European Union, we plan to expand this biometric requirement to additional immigration cohorts.   

The long-term aim is that all visitors and migrants to the UK will provide their biometric facial images and fingerprints under a single global immigration system. To maximise customer convenience and security, we will increasingly look to provide capabilities for biometric self-enrolment, integrated within digital application processes for immigration products. 

The Home Office previously held Biometric Self-Enrolment Feasibility Trials in November 2021; details can be found on GOV.UK. As part of this particular strand the Home Office will be testing the self-enrolment of fingerprints using a smartphone app. This trial will evaluate how effectively these novel solutions can capture biometrics and help the Home Office to improve the biometric processes we use for immigration applications. It will also assess the smartphone app’s ability to detect fraudulent attempts to enrol, known as Presentation Attack Detection (PAD). 

The trail exercises are being held to evaluate the maturity of the technology at a smaller scale. We will then move to large-scale trials, once a defined set of success criteria have been met. These will ensure the technology readiness level has advanced since our feasibility trials in 2021 and that new insights can be gained by progressing.  

Your data captured during this trial is collected by the Home Office (data controller) on behalf of the UK government.  

The data we collect from you during these trials will be used for the purpose of: 

1. Testing solutions for the fingerprint enrolment and fingerprint PAD. 

2. Assessing the suitability of biometric self-enrolment technology in meeting the responsibilities and priorities of the Home Office. Details about these can be found here: About us - Home Office - GOV.UK (www.gov.uk)

3. Enhancing self-enrolment technology. The Home Office aims to give participating suppliers feedback on their solutions at the end of this benchmarking exercise.  

This Privacy Information Notice (PIN) explains how: 

1. The Home Office may use your data and disclose it to other organisations. 

2. These organisations may use this personal data to carry out their functions. 

Personal data that will be processed 

1. name 

2. contact details (mobile number, email) 

3. fingerprint biometrics

4. age  

5. sex 

6. ethnicity  

7. accessibility (e.g. missing fingers, damaged skin, which could make using the technology challenging) 

8. any disabilities, health conditions or impairments (which could make using the technology challenging) 

Your personal data will not be linked to your contact details unless there is a need to do so. For example, to notify you in the event of a data breach or if you wish to withdraw or amend your consent.  

How we protect your personal data 

Your personal data will be processed securely. We have systems and policies in place that limit access to your information and prevent unauthorised disclosure. In addition, we limit access to your personal data to Home Office staff, and Home Office contractors or third parties who have appropriate security clearance and Suppliers who are subject to the signed Security Control Assurance. Their activity is subject to audit and review and is authorised only if it is a genuine business need. 

Your personal data will be protected by the Home Office Biometrics Security Control Assurance for the purpose of these trails. We will share example images to suppliers when providing them with 1:1 feedback. However, we will not be sharing your data with the suppliers in a retainable format.  

How long we will keep your data 

The Home Office will retain your data for testing solutions for the self-enrolment of fingerprint biometrics.

The need to retain this data will be subject to annual review. The data will be retained for as long as necessary for the original purposes for processing, or up to 6 years and data will be deleted in line with whichever event occurs sooner.

There will be biometric technology suppliers taking part in these trials and they will be able to request access to fingerprint biometrics, age, ethnicity, sex and accessibility details, but not your contact details. However, to access the trial data following the trials, suppliers must request permission from the HO and clearly define their use cases. The use-cases have been restricted to troubleshooting or improving their technology. If successful in their application to access the data, the technology suppliers will have access to the data for up to 12 immediate months following the feasibility trials, at which point the data must be deleted.

How your data will be stored 

The Home Office will have access to and store your personal data to test solutions for the self-enrolment of fingerprint biometrics.  

The Home Office will store your data in a secure stand-alone environment with strict security procedures in place. 

All participating suppliers have signed a legally enforceable Non-Disclosure Agreement with the Home Office and completed checks to make sure that your personal data will be processed securely on their systems.  

Suppliers who we will process your data during the trials: 

Suppliers: 

  1. VF Worldwide Holdings Ltd

  2. Touchless ID (Identy)

  3. Dermalog Identification Systems GmBH

  4. Veridium IP Ltd

  5. iProov Ltd

  6. Telos Corporation

  7. Integrated Biometrics LLC

  8. Blue Biometrics Ltd

  9. Thales DIS UK

  10.  IdLoop

Sub-suppliers: 

  1. Sciometrics

  2. Tech 5

  3. DXS

  4. Gambit

Trials support services:  

  1. Deloitte LLP

  2. Ingenium Biometric Laboratories 

  3. DSTL

We are only allowed to use, gather and share personal data where we have an appropriate legal basis to do so under the UK General Data Protection Regulation (UK GDPR) or the Data Protection Act 2018. 

We will process your data based on consent under Article 6(1)(a) of the UK GDPR, or Article 9(2)(a) of the UK GDPR where the data is special category personal data. You can withdraw your consent at any time. Further details on how to withdraw your consent and details of other rights you will be entitled to exercise are included in the consent form. 

Transfers of personal data to other countries   

The UK GDPR applies to all personal data within the European Union, but rights may be enforced, where applicable, in other parts of the world. 

We, or our partnering biometric technology suppliers may process your personal data in countries outside the European Economic Area.  However, we are restricting to processing locations to countries with a UK Data Protection Act Finding of Adequacy. 

When we do this, we will take appropriate steps to safeguard your information. For these feasibility trials we have agreements in place with each of the participating suppliers, which are legally enforceable and restrict the use of your data to the purposes set out in this PIN.  

Contacting you using your information 

We will only contact you using your personal data if it is absolutely necessary to do so. For example, in the event of a data breach. 

More Information on privacy 

Read more about how the Home Office uses and shares personal data, including data protection rights: Borders, immigration and citizenship: privacy information notice - GOV.UK (www.gov.uk)

Contact us 

If you took part in the benchmarking exercise and would like to contact the Home Office regarding your personal data, please contact: 

JSaRC@homeoffice.gov.uk   

How to make a complaint 

In the first instance please direct queries or complaints to the JSaRC mailbox (JSaRC@homeoffice.gov.uk). 

If you have contacted the JSaRC mailbox, but are unhappy with the response, you can contact the Home Office’s Data Protection Officer at:  

Email: dpo@homeoffice.gov.uk  

Or write to: 

Office of the DPO
Home Office
Peel Building
2 Marsham Street
London
SW1P 4DF

You also have the right to complain to the Information Commissioner’s Office about the way we handle your information or the exercise of your other rights under the UK GDPR or the Data Protection Act 2018. 

You can contact the Information Commissioner’s Office by telephone on 0303 123 1113.

The rights available to individuals in respect of the processing can be found on the ICO website.

Back to top