Posted: August 19th, 2019
The Data Protection Commission (DPC) has made public the results of a study into the retention of information gathered of information during the application process for the Public Services Card (PSC) by the State which has deemed the practice was illegal.
The DPC revealed that PSC application scheme does not adhere with the transparency requirements of the data protection acts due to the amount of information that is provided by Department of Social Welfare applicants who have their private data processed. The data that the Department is holding on more than three million card holders must now be destroyed and the practice of data processing (by the Department) must be stopped within three weeks to avoid any potential sanctions being applied.
The DPC released a statement which read”Ultimately, we were struck by the extent to which the scheme, as implemented in practice, is far-removed from its original concept,” the DPC said in a statement published on its website.
“Whereas the scheme was conceived as one that would make it easier to access (and deliver) public services, with chip-and-pin type cards being used for actual card-based transactions, the true position is that no public sector body has invested in the technology capable of reading the chip that contains the encrypted elements of the Public Sector Identity dataset. Instead, the card has been reduced to a limited form of photo-ID, for which alternative uses have then had to be found.”
Data Protection Commissioner Helen Dixon also commented on the controversy saying: “The whole idea of the Public Services Card is that the Minister only issues one after a ‘Safe2’ process, which involves a face to face interview, bringing along identity documentation you already have and supporting documentation like utility bills, proof of address and so on.”
Following its introduction the PSC was used for the processing of social welfare payments. Subsequent to this it was a requirement in the for applying for a range of other services including first-time adult passport applicants, replacement of lost, stolen or damaged passports issued before January 2005, where the person is resident in the State, citizenship applications, driving test and driver licence appointments.
The scandal does not mean that the PSC will no longer be valid for all of these services. Dixon said: “The Department is retaining [this] indefinitely. So we have said if identity is authentication, such that the Minister is satisfied to issue the public services card, then there is no basis for retaining indefinitely all of that [utility bills, ID proofs etc]. It seems to defy the logic of the card.”
“Any cards that have been issued, their validity is not in question by anything we’ve found in this report,” she said. “They can continue to be used in the context of availing of free travel or availing of benefits that a person is claiming from the department.”
Civil society groups including Digital Rights Ireland, the Irish Council for Civil Liberties, the UN’s special rapporteur on extreme poverty, Age Action objected to its introduction are said to be thinking about submitting a class-action style case in relation to this data breach.
On its official Twitter account Digital Rights Ireland greeted the report stating: “We welcome @dpcireland’s observation that the PSC morphed from a cryptographic token designed to enhance security for citizens, into a photo id card with no particular purpose, but for which various alternative uses had to be found to justify its existence. We note that @welfare_ie tried its best to use spin, expensive PR campaigns, and hectoring of newsrooms to provide a basis for the PSC. They had to, because there was no legal basis, and limited political support.”
There is a good chance that there will be other compensation claims submitted in relation to this in the coming weeks and months.
Categories: Personal Injury Compensation