“I Do Not Think People Knew The Card And The Department Could Obtain Details On Every Trip Taken”

at



From top: The Public Service Card; Irish Rail train; Sean Fleming TD

Yesterday.

At a meeting of the Public Accounts Committee.

Chairman of the committee Laois Fianna Fáil TD Seán Fleming referred back to a matter he raised at the end of last week’s committee meeting.

The matter concerned a constituent, their Public Services Card and Iarnród Éireann.

Yesterday Mr Fleming said , after receiving further correspondence on the matter, it appears the Department of Employment Affairs and Social Protection:

has details with regard to 900,000 people, including every State pensioner in the country, on every time they use public transport and every trip they take“.

Mr Fleming said:

“Towards the end of the meeting, I raised the issue of a person who continued to use an expired free travel card. The person should not have done so because social welfare payments had ceased.

However, the travel card element of the public services card had not been cancelled and the person continued to use it.

After several months, the card was confiscated at Heuston Station when it did not work in the turnstile to leave the station. Afterwards, the person received a fine from Irish Rail for €1,000 for not having the correct ticket.

So far so good, but this raises data protection issues. The person, whom I dealt with over the summer, told me the issue of how Irish Rail got the individual’s name and address had already been raised with the Data Protection Commissioner.

There is no dispute with regard to the amount but there is a data protection issue.

Arising from our meeting last week, on Friday I received a very interesting email, as did the Comptroller and Auditor General, from a person with regard to a use of the public services card I had not really thought about until now.

If this is happening we really need it to be clarified. On the public services card is a photo, the person’s PPS number is on the back, and there is also the person’s signature.

The card also shows a date until which it is valid. On the front it may have the letters FT to signify free travel, or it may have the letters FT+S to signify the person’s spouse can accompany him or her for free.

The individual – [journalist and activist Martin McMahon]  who sent the card used it on the Luas in Dublin and on one of the major bus companies, not Dublin Bus.

When the public services card goes through the ticket machine information is recorded and the individual got curious about what is recorded when the public services card is given to private transport companies.

The person tracked it down and eventually received a letter back from the National Transport Authority, NTA, because the bus operator and Luas said it was nothing to do with them and that the person should contact the NTA.

In recent days, we received a copy of the letter sent to the individual by the NTA.

The NTA states that when a person uses the card none of the person’s information on the card is recorded but every card has a number – not the PPS number – that the transport companies have.

This allows the companies to claim payment. I know there are also lump sum grants but perhaps Iarnród Éireann is slightly different.

This number records all of the trips and journeys made by card holder.

The rail company does not have the person’s name and address or other details but it sends the number to the Department of Employment Affairs and Social Protection where it can be matched to the person’s PPS number.

The NTA states only the Department of Employment Affairs and Social Protection knows the PPS number and the individualised anonymous number held by the transport companies.

The Department does not provide this information to anyone.

As far as public transport is concerned, all the NTA knows is that the number has been used but not who used it or anything about the person using the card and it is entirely anonymous.

The email also states that when the public services card is presented at the ticketing machine, it records that a journey has been taken and assigns the value of the fare forgone to the record, which is stored in the ticket machine.

The information held by the transport company is the ID, which is the number on the card, the date and time of the journey, the route number and the fare forgone, which is the adult single fare.

The data is then uploaded to the back office system and subsequently made available to the Department of Employment Affairs and Social Protection.

The purpose of recording the information is so the transport operator can record overall passenger numbers and overall usage and also be able to make a claim for reimbursement from the Department in respect of services delivered to free travel pass holders.

It appears that when the information comes back from the travel company the Department of Employment Affair and Social Protection has details with regard to 900,000 people, including every State pensioner in the country, on every time they use public transport and every trip they take.

The allegation in the email is that the person did not know the State had such mass surveillance systems in place.

I do not think people knew the card and the Department could obtain details on every trip taken.

I can see why from a financial position but from a data protection point of view I can see that people were not aware that this is the case.

We will write to the Department of Employment Affairs and Social Protection to clarify this particular issue on whether it has a record of all of the travel taken.”

Transcript via Kildarestreet.com

Earlier: Anything Good In The Washington Post?

Previously: ‘Iarnród Éireann Used The Public Services Card To Collect The Information’

Update:

Data Commissioner Helen Dixon

This morning.

Via The Irish Examiner:

The Department of Children and Youth Affairs (DCYA) is facing a possible investigation and potential €1m fines over the mandatory requirement to hold a public services card in order to access the new National Childcare Scheme.

….That requirement is perceived as being at odds with the DPC’s recent finding that mandating citizens to hold a PSC in order to access State services other than welfare is illegal…

….Earlier this week, the Irish Examiner revealed that DCYA had initially envisaged a second online portal for people without a PSC to apply for the scheme, which would have removed any GDPR concerns.

However, the department was firmly overruled by the Department of Public Expenditure and Reform — the body with responsibility for the PSC’s expansion to services other than welfare — which informed it in January 2018 that “MyGovID alone” should be the only means for accessing the new childcare scheme…

Department Faces 1m Fines Over PSC Debacle (Cianan Brennan, Irish Examiner)

34 thoughts on ““I Do Not Think People Knew The Card And The Department Could Obtain Details On Every Trip Taken”

  1. eoin

    “The allegation in the email [which the chairman of the public accounts committee is accepting at face value] is that the person did not know the State had such [illegal] mass surveillance systems in place.”

    And that’s what the PSC card is all about, illegal [because the Data Commissioner whose job it is to determine lawfulness or otherwise of data collection] mass [applies to 900,000 whose travel was monitored and “nearly 4m” in total] surveillance [“The systematic observation of aerospace, surface, or subsurface areas, places, persons, or things, by visual, aural, electronic, photographic, or other means”].

    Also, Leo might protest it’s not a national ID card being introduced by stealth, but if it walks like a duck etc.

    1. Cian

      if you have such faith in the DPC – she said that the PSC was legal for Welfare including free travel usage.

        1. Cian

          The retention of proof of identity and proof of address was deemed invalid. The department are fighting this as they say they need to keep the originals if there are appeals or court cases relating to particular payments.

          1. Cian

            Not really.
            If someone applies for a payment that is dependant on their address (e.g. that you are not living with your parents, or not with a partner) and this payment is appealed (either it was refused and the person appeals, or the payment was made but the department are now reviewing it) . If it transpires that the only record of the address was transcribed into a computer (and there was no copy of the proof-of-address) then the State automatically loses – the person can claim that the address on the computer is wrong.

          2. Joe Small

            Citizens Information is under the remit of the Department of Employment Affairs and Social Protection.

    2. Truth in the News

      IR have abandoned collecting data off the card, its unclear if Bus Eireann collect
      the data as the drivers no longer punch in the destination

  2. some old queen

    This is exactly what I said on the 26th.

    Iarnród Éireann must record all journeys taken and must forward an itemised bill to DEASP in order to get paid.

    These journeys are not free- DEASP pays for them- would people prefer Iarnród Éireann plucked a figure out of the air and DEASP just paid it?

    1. Batty Brennan

      Strawman.

      The PSC implementation harvests and retains data it does not reasonably require.

      That IR should be re-imbursed isn’t at issue, although the mechanism warrants close scrutiny and possible review. There is no justification for retaining Mrs. Ryan’s travel records on the 49 bus ad infinitum. She has a statutory entitlement to the travel, the state agency in question has no business monitoring her beyond the bare minimum necessary for the reimbursement of the service provider and no justification whatsoever for retaining and further processing her personal data.

      1. some old queen

        Nobody’s personal details are retained by Iarnród Éireann- all they have is a card number. There is no way they can identify an individual from a card number. It is the DEASP who then match that number to the person and the fact that chip is stored on the same card as others is irrelevant.

        Iarnród Éireann have every right to store those travel details along with all others for their own analysis because there is no privacy issue. DEASP on the other hand- may have questions to answer if they store that data- even if not linked to personal information- post payment or for other purposes.

        1. Batty Brennan

          I think you’ll find that is the issue raised by Sean Fleming.

          It’s also the issue i raised above when I employed the term “the state agency in question”

          1. some old queen

            Oh ffs.

            A guard’s civil servant mammy spying on a nurse via Pulse?

            Shock would be gender of course- serves her right.

      2. Joe Small

        Sounds like the PSC when used as a travel pass involves the retention of similar data retained from your leap card.

    2. GiggidyGoo

      Not the issue though. It’s the harvesting and retention of personal data.
      Pre PSC i wonder how it worked mind you.

      1. some old queen

        This all reminds me of all the conspiracy theories flying around- what if the conspiracy theories are just a conspiracy to make you feel helpless and unable to control your own life? Disempowerment.

        As above- Iarnród Éireann are in this case not storing personal data. If DEASP are monitoring the journeys taken for reason other than payment then they are breaking the law- it really is that simple.

        1. GiggidyGoo

          I don’t agree it being that simple though, IE not holding the data should be a given anyway. (But we are taking their word for it.)
          Social Protection though are the ones retaining the data. That’s the issue. It’s surveillance by stealth and lies.

    3. Termagant

      All they need to retain is the length of the journey. What does it matter who used it and where they were going?

      1. Cian

        um. how about a scenario where someone took trips they weren’t entitled to. And the state needed to reclaim the amounts due. They would need to know the full journey details. No?

        1. GiggidyGoo

          Yes, but they don’t need to hold onto that data beyond the time required. And funnily enough, the State owns Coras Iompair Eireann, So the state is shuffling money between itself and itself.
          And, again, funnily enough, this department which makes mistakes in payments directly to SW recipients once again presides over the mistake of not catching this on the the first trip.

          But let’s not divert from the actual problem here – that the PSC isn’t being used in accordance with the Data Protection laws.

          1. Cian

            How do you know that don’t hold onto the journey information beyond the “time required”? You’re making stuff up. And then getting the hump.

      1. Cian

        I don’t know. There were fewer transport companies – just CIE, Bus Eireann, and Dublin Bus. It is possibly that they each got a lump sum.

        But now there are a lot more providers so an actual breakdown of journeys needs to be known to share the money fairly amongst them.

  3. Truth in the News

    There is worse it now appears that mass surveillance is being used in the US
    according to Thursdays NY Times to track illegals and those who apply for visa
    waivers, the data is being harvested from social media sites, also being used
    is facial recognition software, an outfit called Thomson Reuters is mentioned
    have they any contracts with the Irish Government…….?

    1. Deimos

      The mainland Chinese government has now managed to combine a comprehensive facial recognition system with social media, phone tracking, financial and travel monitoring to finally create a citizen monitoring system.
      This has been the holy grail of control freaks and totalitarian regimes since 1984 was published. The system maintains a constant “social credit “ rating for all citizens which looks at EVERYTHING to decide if certain privileges (like air travel) can be purchased.

      But what the really interests me is that all the modules to link this together are supplied by Western companies including the massively complex formula (algorithms) that establish the social credit rating. The Irish system is amateur compared to the great database of China but the technology exists. Most scary of all is that a lot resides in Dublin.

      Ever read “This perfect day”?

  4. Joe

    my leap card gives me the record of my travel history and the operator has access to that info but they can’t share it, except if a child leap card where the parent/guardian (aka the bill payer) can see the history.

Comments are closed.