Tag Archives: Public Service Card

From top: Data Protection Commission HQ; Then Fine Gael Minister for Public Expenditure and Reform, Paschal Donohoe launching the Public Service Card in 2016

This morning.

A Department of Social Protection appeal against an Enforcement Notice issued by the Data Protection Commission (DPC) in relation to the Department’s processing of personal data when issuing Public Services Cards (PSC) has been resolved.

Via the Data Protection Commission:

The Data Protection Commission welcomes the resolution of the proceedings.

In particular, it welcomes the fact that significantly enhanced levels of information are now being provided to citizens to explain (amongst other things) what personal data is processed when an individual applies for a PSC, how it is processed, and to what end, with further enhancements to follow on the basis of additional engagement between the parties.

The DPC also welcomes the Department’s acknowledgment that, in the absence of legislation making specific provision for this, other public sector bodies cannot compel any individual to acquire a PSC as a precondition to the provision of access to public services.

To that end, at least one other option must now be provided in any case where an individual is required to verify their identity before accessing public services.

Significant adjustments are also to be made to the Department’s approach to the retention of applicants’ personal information, it being recognised that a system founded on the blanket and indefinite retention of all of the information contained in documents submitted in support of a PSC application does not strike an appropriate balance between an applicant’s rights under data protection law, and such other interests as the Department seeks to protect. The DPC looks forward to engaging with the Department in relation to the development and implementation of its new systems.

The DPC also looks forward to the Department’s continued cooperation with its ongoing (and separate) inquiry into the Department’s use of biometric facial templates in the application of its facial matching software which is used for the purposes of the SAFE 2 registration process when a person applies for a PSC.

DPC welcomes resolution of proceedings relating to the Public Services Card (DPC)

RollingNews

Thanks Bebe

Meanwhile…

Yesterday.,

Bus shelter ad, Dublin unspecified location.

And from the website

The National Childcare Scheme insisting on a Public Servce Card card despite a ruling from the Data Protection Commissioner (DPC) that the card is unlawful when applied to State services other than welfare.

Good times.

Previously: Public Service Card on Broadsheet

MyGovid



From top: The Public Service Card; Irish Rail train; Sean Fleming TD

Yesterday.

At a meeting of the Public Accounts Committee.

Chairman of the committee Laois Fianna Fáil TD Seán Fleming referred back to a matter he raised at the end of last week’s committee meeting.

The matter concerned a constituent, their Public Services Card and Iarnród Éireann.

Yesterday Mr Fleming said , after receiving further correspondence on the matter, it appears the Department of Employment Affairs and Social Protection:

has details with regard to 900,000 people, including every State pensioner in the country, on every time they use public transport and every trip they take“.

Mr Fleming said:

“Towards the end of the meeting, I raised the issue of a person who continued to use an expired free travel card. The person should not have done so because social welfare payments had ceased.

However, the travel card element of the public services card had not been cancelled and the person continued to use it.

After several months, the card was confiscated at Heuston Station when it did not work in the turnstile to leave the station. Afterwards, the person received a fine from Irish Rail for €1,000 for not having the correct ticket.

So far so good, but this raises data protection issues. The person, whom I dealt with over the summer, told me the issue of how Irish Rail got the individual’s name and address had already been raised with the Data Protection Commissioner.

There is no dispute with regard to the amount but there is a data protection issue.

Arising from our meeting last week, on Friday I received a very interesting email, as did the Comptroller and Auditor General, from a person with regard to a use of the public services card I had not really thought about until now.

If this is happening we really need it to be clarified. On the public services card is a photo, the person’s PPS number is on the back, and there is also the person’s signature.

The card also shows a date until which it is valid. On the front it may have the letters FT to signify free travel, or it may have the letters FT+S to signify the person’s spouse can accompany him or her for free.

The individual – [journalist and activist Martin McMahon]  who sent the card used it on the Luas in Dublin and on one of the major bus companies, not Dublin Bus.

When the public services card goes through the ticket machine information is recorded and the individual got curious about what is recorded when the public services card is given to private transport companies.

The person tracked it down and eventually received a letter back from the National Transport Authority, NTA, because the bus operator and Luas said it was nothing to do with them and that the person should contact the NTA.

In recent days, we received a copy of the letter sent to the individual by the NTA.

The NTA states that when a person uses the card none of the person’s information on the card is recorded but every card has a number – not the PPS number – that the transport companies have.

This allows the companies to claim payment. I know there are also lump sum grants but perhaps Iarnród Éireann is slightly different.

This number records all of the trips and journeys made by card holder.

The rail company does not have the person’s name and address or other details but it sends the number to the Department of Employment Affairs and Social Protection where it can be matched to the person’s PPS number.

The NTA states only the Department of Employment Affairs and Social Protection knows the PPS number and the individualised anonymous number held by the transport companies.

The Department does not provide this information to anyone.

As far as public transport is concerned, all the NTA knows is that the number has been used but not who used it or anything about the person using the card and it is entirely anonymous.

The email also states that when the public services card is presented at the ticketing machine, it records that a journey has been taken and assigns the value of the fare forgone to the record, which is stored in the ticket machine.

The information held by the transport company is the ID, which is the number on the card, the date and time of the journey, the route number and the fare forgone, which is the adult single fare.

The data is then uploaded to the back office system and subsequently made available to the Department of Employment Affairs and Social Protection.

The purpose of recording the information is so the transport operator can record overall passenger numbers and overall usage and also be able to make a claim for reimbursement from the Department in respect of services delivered to free travel pass holders.

It appears that when the information comes back from the travel company the Department of Employment Affair and Social Protection has details with regard to 900,000 people, including every State pensioner in the country, on every time they use public transport and every trip they take.

The allegation in the email is that the person did not know the State had such mass surveillance systems in place.

I do not think people knew the card and the Department could obtain details on every trip taken.

I can see why from a financial position but from a data protection point of view I can see that people were not aware that this is the case.

We will write to the Department of Employment Affairs and Social Protection to clarify this particular issue on whether it has a record of all of the travel taken.”

Transcript via Kildarestreet.com

Earlier: Anything Good In The Washington Post?

Previously: ‘Iarnród Éireann Used The Public Services Card To Collect The Information’

Update:

Data Commissioner Helen Dixon

This morning.

Via The Irish Examiner:

The Department of Children and Youth Affairs (DCYA) is facing a possible investigation and potential €1m fines over the mandatory requirement to hold a public services card in order to access the new National Childcare Scheme.

….That requirement is perceived as being at odds with the DPC’s recent finding that mandating citizens to hold a PSC in order to access State services other than welfare is illegal…

….Earlier this week, the Irish Examiner revealed that DCYA had initially envisaged a second online portal for people without a PSC to apply for the scheme, which would have removed any GDPR concerns.

However, the department was firmly overruled by the Department of Public Expenditure and Reform — the body with responsibility for the PSC’s expansion to services other than welfare — which informed it in January 2018 that “MyGovID alone” should be the only means for accessing the new childcare scheme…

Department Faces 1m Fines Over PSC Debacle (Cianan Brennan, Irish Examiner)

Minister for Employment Affairs and Social Protection Regina Doherty (left) and Data Protection Commissioner Helen Dixon

This evening.

UPDATE: Welfare has removed the pdf from its website. We managed to save it here.

More as we read it.

Meanwhile

Project Brazen.

Meanwhile…

Good times.


From top: Public Service Card; Minister for Employment Affairs and Social Protection Regina Doherty TD

This morning.

Via Irish Examiner:

In refusing the request, the department cited five reasons, each of which has been disputed by [lawyer] Mr [TJ] McIntyre:

The report is exempt from Freedom of Information;

releasing it would have a significant adverse effect on the department’s management of operational matters;

the report’s findings are exempted under legal professional privilege;

releasing it would “impair” compliance with the Social Welfare Consolidation Act 2005;

and doing so would have a serious adverse effect on the ability of the Government to manage the financial interests of the State.

The Irish Examiner asked the department why it appeared to be contradicting Ms Doherty in refusing to release the report. The department “has outlined its reasoning for the decision”, said a spokesperson, adding the decision is open to appeal.

In her findings in the contentious report, Ms Dixon mandated that the department of Social Protection must delete 3.2m historical records held on cardholders, and stated that the processing of data using the PSC for state services other than welfare is unlawful.

Department: Not in public interest to release PSC report (Irish Examiner)

Rollingnews

From top Then Fine Gael Minister for Public Expenditure and Reform, Paschal Donohoe launching the Public Service Card in 2016; Minister for Social Protection Regina Doherty,

This morning.

The Data Protection Commissioner’s report [ which stated there is no legal basis for people having to present a PSC in respect of any transaction between a person and a public body outside the Department of Employment Affairs and Social Protection] led to calls for the resignation of Minister for Social Protection Regina Doherty, whose department has overseen the project.

But now in a Government memo, jointly presented with the Department of Public Expenditure, Ms Doherty will tell Ministers that the Government is to fight the decision.

The Government will challenge the decision in court and defend the continued use of the card. They will also decline to publish the full report of the commissioner’s office.

Government to challenge order that public services card had no basis in law (Irish Times)

Previously: Regina Responds

Rollingnews

Then Minister for Public Expenditure and Reform, Paschal Donohoe, at the Public Services Card Centre, D’Olier House in Dublin after he registered for a Public Services Card (PSC) with the Department of Social Protection on September 8, 2006

This morning.

A special investigation by the Data Protection Commission into the Public Services Card has found that while there is a legal basis for people having to present a PSC in respect of receiving a social welfare payment of benefit from the Department of Employment Affairs and Social Protection, there is no legal basis for for people having to present one in respect of any transaction between a person and a public body outside the department.

It also found that the department’s “blanket and indefinite retention” of information provided to it by people who have Public Service Cards – 3.2million people – is unlawful.

And it found that the information provided by the department to the public about the processing of their personal data – in respect of issuing a Public Services Card – is “not adequate”.

The supporting information that the 3.2 million card holders had to hand over to get their card – such as utility bills, etc – must now be deleted, the DPC has said.

It has given the department six weeks to come up with a plan to make the necessary changes – a plan which has to include a time period within which those changes will be made.

The DPC has also said the Department of Employment and Social Protection must “stop all processing of personal data carried out in connection with the issuing of PSCs” where a card is being issued solely for the purpose of a transaction between a member of the public and a body other than the department.

Bodies separate to the Department of Employment and Social Protection can also no longer insist that a person who doesn’t have a Public Services Card must get one to access a service they provide.

And the Department of Employment and Social Protection has to contact all the public bodies that have been requiring people to produce a Public Services Card to tell them they will no longer be issuing cards for these transactions.

The DPC has made the following comment about its investigation:

“Ultimately, we were struck by the extent to which the scheme, as implemented in practice, is far-removed from its original concept.

Whereas the scheme was conceived as one that would make it easier to access (and deliver) public services, with chip-and-pin type cards being used for actual card-based transactions, the true position is that no public sector body has invested in the technology capable of reading the chip that contains the encrypted elements of the Public Sector Identity dataset.

Instead, the card has been reduced to a limited form of photo-ID, for which alternative uses have then had to be found.

Even in terms of stated justifications for the card around identity validation standards and fraud-prevention, it was established that cards are in fact issued in some cases without the applicant being required to submit to the full range of identity checks.

Surprisingly, the criteria applicable to such exceptions remain unclear.

As new uses of the card have been identified and rolled-up from time to time, it is striking that little or no attempt has been made to revisit the card’s rationale or the legal framework on which it sits, or to consider whether adjustments may be required to safeguards built into the scheme to accommodate new data uses.

Instead, the development of the card has proceeded by way of one-off, piece-meal changes to existing social welfare legislation, resulting in a situation where, in our view, the approach to the project from a data protection perspective is lacking in coherence and where, more importantly, there is little or no evidence of any attempt to balance the interests of the State, acting through those public bodies who participate in the scheme, and the interests of those members of the public who are required to obtain and produce the card (and provide their personal information when registering for it).

Certainly, there is no evidence of any such balance being re-examined on each occasion when a new form of use is identified for the card.

That cannot be considered acceptable in a data protection context where careful calibration is required when considering adjustments to any scheme that, by its very nature, interfaces with established and important legal rights.

Elizabeth Farries, Information Rights programme manager at the irish Council for Civil Liberties (ICCL), said:

“The DPC findings are a disaster of the government’s own making.

“For years, ICCL has urged government to cease the roll out of the PSC due to human rights concerns, and pending the conclusions of this very investigation. Nonetheless, they continue to demand biometric information – in the form of the PSC – in exchange for essential services. And they continue to store that information unsafely in a database.

“….Not addressed in the DPC press release is this particularly controversial biometric element. The PSC contains a jpeg facial image, from which the Department extracts an analytical model which it then stores on a database vulnerable to attack. Biometric data is a special category of personal data that requires particular safeguards to avoid harm to its owner. Farries notes:

People should not have to trade their biometric data to access essential services to which they are already entitled. Such a requirement is incompatible with domestic and EU law and human rights standards.

“ICCL has been saying that this is an urgent problem that requires an immediate resolution. We urge the DPC to provide a clear statement on this point.”

Meanwhile

Lawyer Simon McGarr has tweeted his thoughts…

In fairness.

Irish State told to delete ‘unlawful’ data on 3.2m citizens (Irish Times)

Previously: Identity, State Control And You

‘Grossly Misinformed’

It’s Too Big

Rollingnews

UPDATE:

UPDATE:

Paschal Donohue, then Minister for Public Expenditure and Reform launches the Public Services Card (PSC)  in 2016

This morning.

Via RTÉ News:

Borrowers looking to access personal credit reports stored in the new national credit register cannot access them with the Government’s Public Services Card.

RTÉ News has learned the Central Bank does not accept the card as a valid proof of identification or PPS number when people are applying to the Central Credit Register for their credit record.

The card, which was originally created for people to access named public services with one fully State authenticated identity document, was designed to help citizens access a range of public services easily so the same information does not have to be given to multiple organisations…

Good times.

Central Bank does not recognise Public Services Card as valid proof of identity (Cian McCormack, RTÉ)

Rollingnews