Māori data specialists are warning a new government facial recognition deal is too weak to protect the public or Māori data sovereignty.
The Department of Internal Affairs has signed a master deal for facial recognition systems with the local subsidiary of US giant tech company DXC.
Within that, the department and DXC have done their own deal to launch a passports system with much greater biometrics processing power using Neoface software from Japanese firm NEC.
Data sovereignty group Te Mana Raraunga is urging the department to do a full privacy impact assessment even though it earlier decided against doing one.
"The proposed contractual controls and ability to audit DXC Technology's subsidiary are insufficient to adequately mitigate the risks that this platform poses to the people of Aotearoa and to Māori data sovereignty," the group said in a statement.
The department lists eight ways in which the master contract imposes controls over the DXC subsidiary Enterprise Services New Zealand.
The department did a 'threshold assessment' but not a full privacy assessment, having concluded that though high and medium risks existed, these could be handled.
It should have done a full assessment, Te Mana Raraunga said.
"This is due to the sheer scale of the proposed processing, and the potential privacy and security implications of the large-scale storage and processing of passports and their related biometric data.
"All stakeholders should have the opportunity to be consulted ... and to consider whether the adoption of this technology is both acceptable and ethical."