Government responds to Public Services Card queries from DPC

23 Oct 20175 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

You currently need a PSC to access many public services in Ireland. Image: Aleksy Sagitov/Shutterstock

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Government publishes report on the controversial Public Services Card following a request from the Data Protection Commission.

The Department of Employment Affairs and Social Protection published a report last Friday (20 October) in response to Data Protection Commissioner Helen Dixon’s request for clarity around the Public Services Card (PSC).

Many privacy and digital rights advocates had been voicing their concerns around the implications for the personal data of individuals contained on the cards.

The questions and answers about both the PSC and the MyGovID digital identity system were published on its website. In August, Dixon said: “There is a pressing need for updated, clearer and more detailed information to be communicated to the public and services users regarding the mandatory use of the Public Services Card for accessing public services.”

Dixon welcomed clarity around certain aspects of the PSC and MyGovID schemes, including more details on the SAFE registration system that all applicants must use to receive a PSC.

She added that the engagement between the Data Protection Commission (DPC) and Government officials is still ongoing, and the former intends to formally investigate the matter further under the Irish Data Protection Acts of 1988 and 2003, to determine the level of compliance.

Data controllers and renewal of details

The report answered more than 40 questions posed by the DPC, including how frequently someone would have to update their data (like a photograph) in order to satisfy minimum authentication requirements. The Government responded that the registration process is once-only, but the PSC is valid for up to seven years on the completion of registration.

In terms of who will be the data controller for the PSC data pool, that will fall to the Secretary General of the Department of Employment Affairs and Social Protection.

It continued: “Separately, each specified body that collects or holds PSI data elements is the data controller in respect of their holding of the data on their own systems or databases.”

These other bodies can include local authorities, the Probate Office and the HSE, among others.

A government-led awareness campaign

According to a report published in The Irish Times yesterday (22 October), the Government is planning a €200,000 campaign in order to increase uptake of the PSC, expected to begin in November 2017.

The campaign aims to address privacy concerns and emphasise the apparent benefits of a PSC, particularly to demographics that have yet to apply for a card, especially young men.

The investigation by the DPC of the PSC scheme and the data security concerns that go along with it look set to continue for the foreseeable future, while many digital rights campaigners still argue that it is a ‘national ID card by stealth’ and that it creates difficulties in terms of vulnerable people being able to access public services.

Ellen Tannam is a writer covering all manner of business and tech subjects

editorial@siliconrepublic.com