Tag Archives: Public Service Card

Then Minister for Public Expenditure and Reform, Paschal Donohoe, at the Public Services Card Centre, D’Olier House in Dublin after he registered for a Public Services Card (PSC) with the Department of Social Protection on September 8, 2006

This morning.

A special investigation by the Data Protection Commission into the Public Services Card has found that while there is a legal basis for people having to present a PSC in respect of receiving a social welfare payment of benefit from the Department of Employment Affairs and Social Protection, there is no legal basis for for people having to present one in respect of any transaction between a person and a public body outside the department.

It also found that the department’s “blanket and indefinite retention” of information provided to it by people who have Public Service Cards – 3.2million people – is unlawful.

And it found that the information provided by the department to the public about the processing of their personal data – in respect of issuing a Public Services Card – is “not adequate”.

The supporting information that the 3.2 million card holders had to hand over to get their card – such as utility bills, etc – must now be deleted, the DPC has said.

It has given the department six weeks to come up with a plan to make the necessary changes – a plan which has to include a time period within which those changes will be made.

The DPC has also said the Department of Employment and Social Protection must “stop all processing of personal data carried out in connection with the issuing of PSCs” where a card is being issued solely for the purpose of a transaction between a member of the public and a body other than the department.

Bodies separate to the Department of Employment and Social Protection can also no longer insist that a person who doesn’t have a Public Services Card must get one to access a service they provide.

And the Department of Employment and Social Protection has to contact all the public bodies that have been requiring people to produce a Public Services Card to tell them they will no longer be issuing cards for these transactions.

The DPC has made the following comment about its investigation:

“Ultimately, we were struck by the extent to which the scheme, as implemented in practice, is far-removed from its original concept.

Whereas the scheme was conceived as one that would make it easier to access (and deliver) public services, with chip-and-pin type cards being used for actual card-based transactions, the true position is that no public sector body has invested in the technology capable of reading the chip that contains the encrypted elements of the Public Sector Identity dataset.

Instead, the card has been reduced to a limited form of photo-ID, for which alternative uses have then had to be found.

Even in terms of stated justifications for the card around identity validation standards and fraud-prevention, it was established that cards are in fact issued in some cases without the applicant being required to submit to the full range of identity checks.

Surprisingly, the criteria applicable to such exceptions remain unclear.

As new uses of the card have been identified and rolled-up from time to time, it is striking that little or no attempt has been made to revisit the card’s rationale or the legal framework on which it sits, or to consider whether adjustments may be required to safeguards built into the scheme to accommodate new data uses.

Instead, the development of the card has proceeded by way of one-off, piece-meal changes to existing social welfare legislation, resulting in a situation where, in our view, the approach to the project from a data protection perspective is lacking in coherence and where, more importantly, there is little or no evidence of any attempt to balance the interests of the State, acting through those public bodies who participate in the scheme, and the interests of those members of the public who are required to obtain and produce the card (and provide their personal information when registering for it).

Certainly, there is no evidence of any such balance being re-examined on each occasion when a new form of use is identified for the card.

That cannot be considered acceptable in a data protection context where careful calibration is required when considering adjustments to any scheme that, by its very nature, interfaces with established and important legal rights.

Elizabeth Farries, Information Rights programme manager at the irish Council for Civil Liberties (ICCL), said:

“The DPC findings are a disaster of the government’s own making.

“For years, ICCL has urged government to cease the roll out of the PSC due to human rights concerns, and pending the conclusions of this very investigation. Nonetheless, they continue to demand biometric information – in the form of the PSC – in exchange for essential services. And they continue to store that information unsafely in a database.

“….Not addressed in the DPC press release is this particularly controversial biometric element. The PSC contains a jpeg facial image, from which the Department extracts an analytical model which it then stores on a database vulnerable to attack. Biometric data is a special category of personal data that requires particular safeguards to avoid harm to its owner. Farries notes:

People should not have to trade their biometric data to access essential services to which they are already entitled. Such a requirement is incompatible with domestic and EU law and human rights standards.

“ICCL has been saying that this is an urgent problem that requires an immediate resolution. We urge the DPC to provide a clear statement on this point.”

Meanwhile

Lawyer Simon McGarr has tweeted his thoughts…

In fairness.

Irish State told to delete ‘unlawful’ data on 3.2m citizens (Irish Times)

Previously: Identity, State Control And You

‘Grossly Misinformed’

It’s Too Big

Rollingnews

UPDATE:

UPDATE:

Paschal Donohue, then Minister for Public Expenditure and Reform launches the Public Services Card (PSC)  in 2016

This morning.

Via RTÉ News:

Borrowers looking to access personal credit reports stored in the new national credit register cannot access them with the Government’s Public Services Card.

RTÉ News has learned the Central Bank does not accept the card as a valid proof of identification or PPS number when people are applying to the Central Credit Register for their credit record.

The card, which was originally created for people to access named public services with one fully State authenticated identity document, was designed to help citizens access a range of public services easily so the same information does not have to be given to multiple organisations…

Good times.

Central Bank does not recognise Public Services Card as valid proof of identity (Cian McCormack, RTÉ)

Rollingnews