Posted: August 19th, 2019
The Data Protection Commission (DPC) has published a report, which may lead to the initiation of a number of legal actions, which said that the retention of information collated during the application process for the Public Services Card was not legal, along with the obligation on the general public to have the card in order to avail of the provision of certain State services.
There are already several civil society groups who have revealed that they are considering submitting a class-action style case. When the card was introduced advocacy groups in including Digital Rights Ireland, the Irish Council for Civil Liberties, the UN’s special rapporteur on extreme poverty, Age Action opposed it.
On its official Twitter account Digital Rights Ireland greeted the report stating: “We welcome @dpcireland’s observation that the PSC morphed from a cryptographic token designed to enhance security for citizens, into a photo id card with no particular purpose, but for which various alternative uses had to be found to justify its existence. We note that @welfare_ie tried its best to use spin, expensive PR campaigns, and hectoring of newsrooms to provide a basis for the PSC. They had to, because there was no legal basis, and limited political support.” The Irish Council for Civil Liberties said that it “welcomes Data Protection Commissioner’s finding that Public Services Card is illegal across public services” and went on to add in a subsequent tweet that “This day has been a long time coming for us & our friends & colleagues in the information rights circle. We’re so grateful for our members and donors whose support allows us to continue to stand unafraid for rights in Ireland. #PSC”
The DPC inquest found that the application process for the PSC is not in line with the transparency obligations of the data protection legislation due to the lack of information provided by Department of Social Welfare to the card applicants. Due to this legal misstep the data of over three million card holders must now be erased and data processing conducting by the Department must be ended as soon as possible or some level of enforcement measures may be sanctioned against those charged with completing this task.
The DPC said, in relation to the investigation: “Ultimately, we were struck by the extent to which the scheme, as implemented in practice, is far-removed from its original concept,” the DPC said in a statement published on its website. Whereas the scheme was conceived as one that would make it easier to access (and deliver) public services, with chip-and-pin type cards being used for actual card-based transactions, the true position is that no public sector body has invested in the technology capable of reading the chip that contains the encrypted elements of the Public Sector Identity dataset. Instead, the card has been reduced to a limited form of photo-ID, for which alternative uses have then had to be found.”
Data Protection Commissioner Helen Dixon said: “Any cards that have been issued, their validity is not in question by anything we’ve found in this report,” she said. “They can continue to be used in the context of availing of free travel or availing of benefits that a person is claiming from the department.”
She added that this does not eliminated the possible use of a single card, such as a national identity card, for all interactions with the state. She commented: “No, we’re not saying that at all. We’re saying that if that’s what’s intended or required, there isn’t a lawful basis [as currently set up]. It can’t be the case that a national identity card automatically offends EU charter fundamental rights or EU data protection law because they exist all around Europe. It is a possibility, by carefully laying down the lawful basis for such a card.”
Categories: Personal Injury Accidents