First Published: 05 September, 2025
At the start of the month, the Privacy Commissioner announced the Biometric Processing Privacy Code 2025, which creates more specific privacy rules for agencies using biometric technologies to collect and process biometric information.
The Code, which is now law, will help make sure agencies implementing biometric technologies are doing it safely and in a way that is proportionate.
It comes into force on 3 November 2025, but agencies already using biometrics have until 3 August 2026 to align themselves with the new rules (12 months from Code’s publication).
In addition to the existing rules in the Privacy Act, the Code will require agencies to:The Code also restricts some particularly intrusive uses of biometric technologies like using them to predict people’s emotions or infer information, like ethnicity or sex, which is protected under the Human Rights Act.
Detailed guidance has been released to support the Code, which explains how we see the Code working in practice. It also sets out examples so agencies planning to use biometrics can understand their obligations.
Our guidance is a starting point; agencies still need to do their own thinking to understand their own situation and how they are using or plan to use biometrics.
Source: Privacy Commissioner website
Contact us if you have any suggestions on resources you would like to see more of, or if you have something you think would benefit our members.
Get in TouchSign up to receive updates on events, training and more from the MA.