I declined a biometrics request from my employer
Working in finance, I am subject to re-vetting every three years. 2026 is here, my turn is now, and lo and behold, my firm has switched to a new vetting agent. They have a shiny, bright website with lots of “LinkedIn speak”; you know: “we empower both employers and employees” and lots of “leveraging” and whatnot.
Anyway, they gave me a choice: verify your identity via biometrics or not. I chose not. Their website looped and I was eventually presented with a page: “We’re sorry but we cannot complete your verification. Please contact your HR partner”. So, I did.
I had to do a face-to-face verification, which I’m comfortable with. I know my HR partner and I know they will not ship my biometric data off to a server in Texas somewhere. If they do, there is good old GDPR and other UK data laws. I can sue, get rich quick and retire, so they won’t.
My HR partner did enquire why I was opposed to biometric verification. She’s new, the vetting agent is new too, so I assume she was genuinely interested in my reasons.
I told her: no one who is able to do background checks requires any further data from me. They already have access to my credit history and can check on any criminal records. By me downloading an app, taking a selfie so that they can compare it to my passport and driving licence adds… what, exactly to their already complete data picture of me? Nothing! It achieves a tick in the box that they have performed a visual check that I’m still me. Now, to achieve that, they need to obtain (i) a recent photo (via the selfie), and (ii) a scanned copy of my passport and driving licence to compare the selfie against. What do they do with it all, I asked? How long do they keep my photo and scans for? Where do they keep them? And, importantly, I have no way of verifying the answers to all those questions. So, no, I don’t do biometrics because I don’t trust them to protect my data, so request denied.
She smiled and nodded. I bet she thought that I’m full of bull and a bit “special”, but that’s cool. I’m not doing it.
Bare in mind that this is my employer I’m talking to like that!
So, if I can refuse to provide biometrics to my company when they need to perform my triennial background checks, why not do the same to all the service providers trying to conform to Ofcom’s rules on AV (age verification)?
Bluesky requires AV to access direct messaging on their app, but don’t filter out any adult material in the timeline. X allows access to direct messages but filters out adult material without AV. Apple has just gone live with AV to access “certain service” – what those are at this time are unknown. I don’t use anything Meta besides WhatsApp, so that one is still a wait-and-see.
Here is the point: do I absolutely need any of the above services? Does my life and well-being depend on them? That is a firm “no”. My life and well-being, however, do depend on staying employed but I have managed to decline sharing my data with my employer’s third party agent.
For how long I can continue to refuse passing along my biometric data to my employer’s appointed agent is another wait-and-see. All it will take is a quick update to the employee handbook (which I will have to sign) and there we have it. But, I am fairly certain for the time being that common sense and the law shall prevail for a little while yet with regards to what employers can get away with. We have pretty solid employment law in the UK which has built in protections for employees against this sort of nonsense.
Alas, the world around me is changing and it is moving fast. All my other rights are being stripped away.
Wait-and-see.
To be continued.