IRELAND
Ireland’s Department of Social Protection has defended its controversial Public Services Card against fresh allegations over its legality.
The action comes after the Irish Council for Civil Liberties and other experts questioned whether the card complied with the law as its stands.
The card was introduced to provide a way for people to access official services across Ireland without needing to give the same information to different organisations.
Initially created for the Department of Social Protection for use by people claiming social welfare payments in an effort to tackle fraud, the card was later announced as the preferred proof of identity for other public services such as a driver licence and all first time passport applicants.
Executive Director of the Irish Council for Civil Liberties, Liam Herrick said the Council was concerned that a scheme originally established for social welfare payments had over time expanded dramatically to take on many of the characteristics of a national ID card system.
“We think that’s a very significant issue about citizens’ rights and privacy rights and we think that the Government hasn’t been honest with the people about putting before them in a clear proposal on what it has done,” Mr Herrick said.
Solicitor and Director of Data Compliance Europe, Simon McGarr said there was a risk the card was unlawful under the General Data Protection Regulation (GDPR).
“It also contains biometric data, images of people’s faces that are taken in a particularly controlled environment so that those photographs are capable of being put into software,” Mr McGarr said.
“Article Four of the GDPR specially says facial images are biometric data, Article Nine of the GDPR specifically says it is illegal to process biometric data.”
In a statement, the Department said the Social Welfare Consolidation Act provided a legal basis to require a person to produce a Public Services Card at the request of a specified body for the purposes of a transaction.
The statement said the Department was satisfied it had a clear legislative basis for its processing activities, and was GDPR compliant.
Dublin, 8 February, 2019
