Data Protection Commissioner acknowledges need for clarity over Public Services Card

31 Aug 20176 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Public Services Card. Image: Welfare.ie

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Data Protection Commissioner Helen Dixon addresses the Public Services Card controversy.

In recent weeks, there has been much public debate and concern from privacy experts surrounding the new Public Services Card (PSC).

Data Protection Commissioner Helen Dixon said in a statement issued on 30 August that although it is a legitimate choice by the government to create an identity authentication framework for those availing of welfare services, there needs to be more clarity for the general public.

She said that herself and her staff have approached the Department of Social Protection on a number of occasions, stressing “that there is a pressing need for updated, clearer and more detailed information to be communicated to the public and services users regarding the mandatory use of the Public Services Card for accessing public services”.

Low public confidence

“The provision of up-to-date, comprehensive and relevant information to the public is not just part of the openness and transparency requirements for the fair processing of personal data under data protection law, but also in the interests of maintaining public confidence in the system.”

Dixon highlighted the need for transparency regarding the PSC in the 2016 Data Protection Commission report, saying that the Government’s efforts to implement a large-scale project such as this “without specific legislative underpinning, but rather relying on generic provisions in various pieces of legislation, poses challenges in terms of the transparency to the public … and the uses to which personal data is now being applied”.

Although there is a lawful basis for the use of the personal data on an individual’s PSC, according to Dixon, “the need for notice and transparency is especially high in these types of cases and it is not always clear that public clarity has been provided”.

Security concerns

Dixon has requested that the Department of Social Protection publish a “comprehensive FAQ to fully clarify all of the arrangements, procedures and legislative provisions relating to the PSC”, addressing the legal basis for the PSC scheme, the security of the data collected and who has access to said data, among other concerns.

Minister for Social Protection Regina Doherty, TD, spoke on Morning Ireland about the issue yesterday (30 August), saying that the cards contain “the standard identity set that we’ve always used in the department, and that’s being rolled out between all departments, which is your date of birth, place of birth, gender, nationality and if you have a former surname”.

She added that “all of that information is encrypted and no one can read that information from the card”. According to Doherty, the Government does not hold the information that could identify those who have had benefits stopped or cut after refusing to register for a card.

Minister for Finance, Public Expenditure and Reform Paschal Donohoe, TD, told The Irish Times: “The PSC is absolutely not an attempt to bring in a national identity card, by stealth or otherwise.”

An Taoiseach Leo Varadkar, TD, added: “It is important to say there is a legislative basis for the card. It is there in the 2005 (Social Welfare Consolidation) Act. We are confident there is a legislative basis for it. It is not a national identity card.

“I would never dismiss concerns from the Data Protection Commissioner. It is important that data is being held about people is held securely and those who have access to it can only use it in a certain way.”

Appropriate safeguards

So what measures should be taken?

Digital Rights Ireland said: “If we are to have a national identity card, we should have the proper legislation and the proper safeguards. This is critical if we are to have trust in and respect for our institutions. There should be no doubt what the proposed identity card is for, or how it is to be operated, or to what extent it is mandatory. This will require a proper investigation of the matter and a proper debate on the issues.”

Solicitor and privacy expert Simon McGarr wrote in a blog post on 23 August: “Personal data is legitimately gathered and used by the State on the basis that it is a safe guardian of citizens’ fundamental data and privacy rights. Without trust that the state will do the right thing, the legitimacy of that collection breaks down.”

Privacy experts would argue that although there is a legal basis for a national ID card, there is no need for such a scheme to be mandatory.

Updated, 11.21am, 31 August 2017: This article was updated to include comments from the Taoiseach made earlier this morning.

Ellen Tannam is a writer covering all manner of business and tech subjects

editorial@siliconrepublic.com