Has COVID-19 changed how people approach sharing sensitive data? How much personal information are they willing to provide to access services? We surveyed 757 UK consumers to find out.

Image of mobile phone sharing biometric data from fingerprint and iris recognition

During the COVID-19 pandemic, data usage doubled as people were confined to their homes, and remote work became the norm. Data tracking was used to observe the development of the disease, with contract tracing provided by the NHS COVID-19 app, while digital credentials that made use of identity management technologies helped people prove their health status via digital tests and vaccination records or the NHS COVID Pass.

Health fears also highlighted the need for more contactless interactions, accelerating the design, development, and deployment of digital identity and personal identification tools. However, while these tools can help avoid fraud, they can also raise concerns regarding levels of data privacy and compliance with the General Data Protection Regulation (GDPR).

Has the pandemic influenced the adoption of personal identification technologies like biometrics? Do they address GDPR requirements? How willing are UK consumers to share their personal data? We surveyed 757 consumers who have carried out at least one digital activity in the last year to find out. A detailed methodology of this survey can be found at the end of this article.

What is biometric technology?

Biometric technologies use a person’s unique physical and behavioural characteristics, such as their fingerprint or voice, to authenticate an individual’s identity.

Whenever you travel with a biometric passport or use your fingerprint or face recognition to unlock your smartphone, you are using biometric technology. 

Biometric authentication can include:

  • Retina or iris recognition
  • Face recognition
  • DNA matching
  • Fingerprint recognition
  • Signature recognition
  • Voice recognition
  • Authentication checks
  • Finger movements

How often do UK consumers use biometric methods?

In our survey, 44% of participants said that they regularly use fingerprint scanning, with the second-highest biometric method being face scans (24%). These methods are frequently used to unlock modern smartphones. However, 20% of respondents state that they do not use any of the biometric technologies detailed in our study.

Pie chart showing the number of consumers who use biometric methods

We asked those who had used biometric methods about their use of biometric technologies. Over half (51%) of these respondents used biometrics to unlock apps on their devices. However, this is not the only reason these consumers used this technology. 21% of respondents used biometrics at passport control, while 18% applied these measures in their retail purchases, and 17% have used some sort of biometric authentication in financial operations.

The use of biometric data before and after the pandemic

T he pandemic saw an increase in the use of digital services, some of which require the use of multi-factor authentication methods like biometrics to access them on different services. We wanted to know if more consumers had started using biometric technology as a result. 

We asked respondents who had used biometric methods when they had started using them. Of the 61% who had used face scans, 39% of respondents used this technology before the pandemic. Additionally, from the 91% of respondents who had used fingerprint scans at some time, 72% did so before COVID-19. Although this indicates a slight increase in adoption during the health crisis, it shows that most users of this technology had started using personal biometrics before the pandemic. 

Bar chart showing if consumers who use personal biometrics started using them before or after the pandemic

What concerns do consumers have about sharing biometric data?

The use of digital services at home due to the pandemic, albeit for personal or office use, has also posed new security risks. 50% of respondents are more concerned about data privacy, cyberattacks, and their personal data being hacked since the pandemic started.

Biometric technologies are not exempt from scrutiny. The use of our bodies to unlock access to services has raised concerns about the loss of privacy in exchange for convenience. The UK’s former biometrics commissioner even requested that Parliament explicitly legislate the use of biometric technologies to clarify what is acceptable when using this data.

20% of respondents are concerned about the misuse of biometric data, with 18% worried about potential identity theft. Data breaches resulting in lost or stolen biometric data (18%) and reduced privacy (17%) are also issues of concern for consumers when it comes to sharing their biometric details.

On the other end of the scale, 10% are not concerned about the consequences of using biometric technologies, and only 8% are worried about the risk of marketing exploitation or excessive advertising targeting with the sensitive data they can provide.

Many consumers are unaware that their biometric data can be shared

The UK GDPR classifies biometric data as special category data, meaning that the data must be processed abiding by Article 9(2), which details that the data subject must give explicit consent to the processing of personal data for one or more specified purposes. When an individual’s consent has been provided, such as when they accept the terms of service on a website, they are approving the use and sharing of this sensitive information.

It is eye-catching that 60% of respondents who used biometric methods did not know that their personal data could be shared with other companies.

Furthermore, 69% of all respondents were either not very comfortable or not at all comfortable with the fact that their biometric data could be shared in this way.

What data are UK consumers more comfortable sharing?

According to our survey results, the level of comfort consumers feel when sharing their data with an organisation is not conditioned on whether it is in the public or private sector when the data being provided is personal information such as name, date of birth, and address. The same applied when sharing sensitive data like ethnicity or health-related information. 

Around half of respondents are “somewhat” or “very comfortable” sharing this type of information.

Graphs showing level of comfort when using sensitive data and personal information with public and private companies 

A difference can be noted when it comes to biometric data and document images such as personal IDs and passports. 

57% of consumers are uncomfortable sharing biometric data with private companies 

More than half of our respondents (51%) said they felt “a little” or “totally uncomfortable” sharing their biometric data with public institutions, but levels of discomfort are even higher referring to the private sector, with 57% of respondents feeling uncomfortable sharing this data with companies. 

Similarly, nearly half (49%) of respondents feel a little or totally uneasy sharing document images with public institutions, but this rises to 58% when it comes to providing them to private companies. 

Graphs showing level of comfort using biometric data and document images with private and public companies

Businesses should work on building digital trust and earning consumer confidence in the privacy, reliability, and security of the services they use and the data these services collect. 

How can companies be transparent about what they do with client data?
  • Share policies and processes instead of hiding them in fine print.
  • Disclose how data is collected and shared. If third parties are involved, they need to be named.
  • Inform users how they can benefit from sharing their data. 
  • Ensure personalised services and communications are relevant to users.
  • Use aggregated data instead of only individual data. 
  • Monitor and prepare for new data regulations and privacy laws. 

68% of consumers will only share personal data under specific conditions

Consumers are not reluctant to share their personal data, but the situation needs to be the right one. When we asked participants if they would be willing to share personal data with private or public organisations in circumstances such as consulting web pages, accessing information online, or using an online service, the majority were only willing to do so under specific conditions. 

Pie chart showing if consumers would agree to share personal data with private and public institutions when using online services

The top three conditions these respondents signalled were:

  •   If a statement is provided regarding how the information is going to be used (26%)
  •   If a statement is provided regarding what information is being collected (26%)
  • If data would only be used in aggregate form, i.e., not on an individual basis (18%)

We also asked the 10% of consumers willing to share their details where they would draw the line. 28% said they wouldn’t go ahead if they were required to provide too much personal information, and 25% wouldn’t give their consent if they did not trust the entity collecting the data. These responses show how important it is for companies to be transparent on websites and apps about what users are giving their consent to, how their data will be used, and if their data is going to be shared.

Bar chart showing conditions under which consumers would not agree to share personal data

Has the pandemic changed attitudes towards data privacy?

The COVID-19 pandemic also increased the digitalisation of the healthcare sector in the UK. Patients confined at home could access healthcare through telemedicine services. A Capterra study from 2021 showed that 79% of patients who used telemedicine for the first time during the pandemic would continue to do so. In the same report though, 16% stated their concern for their data privacy when using telemedicine.

After the NHS COVID Pass, are consumers willing to share sensitive data?

We wanted to know if the NHS COVID Pass, launched in December 2021 so that UK citizens could show their COVID-19 status, had changed how respondents felt about their data privacy. However, from our survey, 42% of respondents had never used the app and 26% had stopped using it.

Of these respondents, only 26% didn’t use the app because of issues concerning the use or security of their personal data. Nearly half (49%) of respondents did not use the NHS COVID Pass quite simply because they did not think it was useful.

Nonetheless, the NHS COVID Pass may have set a precedent for the collection of sensitive health data. Most consumers that used the app did so because they found it convenient (30%), because it helped tackle the pandemic (20%), and because this app had become mandatory to carry out a large number of activities in the UK (22%).

When it comes to using these types of apps in the future, our respondents were on the fence. 39% of all participants said they would be comfortable using this type of app for a future pandemic scenario, with another 24% being in favour of using these types of apps to gather and access their medical history. However, 14% feel that they have only been comfortable using this app during the COVID-19 pandemic, and 24% do want to use these apps for any health purposes in the future .

Technology needs regulation and transparency

During the COVID-19 pandemic, consumers have shared medical information over apps and with QR codes to be able to carry on their daily routines. The NHS COVID Pass used in a domestic and international context may have posed questions about the protection of data privacy given that it: 

  • Used sensitive personal health information
  • Created a distinction between individuals based on their health status
  • Used health information to determine the degree of certain freedoms and rights of citizens

At the same time, the development of new technology has seen the implementation of biometrics to ensure better authentication processes to strengthen security. However, this comes at the cost of users handing over unique, personal data in order to access these services.

Technology does not belong in a legal vacuum, and there are existing laws and regulations that seek to guarantee consumer privacy. When implementing new technologies and biometrics, the regulatory frameworks must be clear before their deployment.

Organisations should ensure that sensitive data is handled securely and used appropriately in compliance with GDPR. Nonetheless, for businesses and institutions, collecting and tracking personal information goes beyond complying with laws like GDPR; data transparency is equally important.

The results of our survey indicate that many consumers have privacy concerns when sharing biometric data. Therefore, if companies wish to make use of these methods they need to ensure they comply with data privacy rules and earn their customers’ trust. 

If businesses want to increase customer trust, they should explain what information is being collected, provide information on how it will be used, and assure consumers that the data will not be used on an individual basis but rather in an aggregate, impersonal form.

Looking for GDPR software? Check out our catalogue!


To gather the data for this report, we conducted an online survey of 757 consumers in February 2022. The selection criteria for the participants are as follows:

  • Resident in the UK
  • over 18 years old
  • Participants have engaged in online activity in the past 12 months
  • Know what biometric methods are

NOTE: This article is intended to inform our readers about business-related concerns in the United Kingdom. It is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.