The Irish government has been criticised by the Irish Data Protection Commissioner (IDPC) for the way in which a public ID card has been implemented.
The IDPC claims there is no legal basis for public entities to oblige individuals to use the card when receiving services, reports reveal.
First brought in in 2011, the public service card was conceived as a way for social welfare recipients to confirm their identity in order to reduce instances of fraud. The Irish Data Protection Commissioner has now said that the card is ineffective, and little more than a photo-ID. The criticism led certain government departments to seek different ways to use the card.
In an official report which is yet to be released in full, the Irish Data Protection Commissioner said:
“We were struck by the extent to which the scheme, as implemented in practice, is far-removed from its original concept.”
“Whereas the scheme was conceived as one that would make it easier to access (and deliver) public services, with chip-and-pin type cards being used for actual card-based transactions, the true position is that no public sector body has invested in the technology capable of reading the chip that contains the encrypted elements of the Public Sector Identity dataset.”
The Irish Public Service Card has been used by Irish citizens to receive public services in the Emerald Isle, such as getting hold of a driving license. The IDPC underlined how the card was not originally designed to fulfil this function, and that the card has no legal right to ask citizens for their private data. As such, it holds no relation to non-welfare services.
The IDPC has given the Irish government three weeks to shut down processing of all the personal information that has been collected in relation to individuals not using the card to obtain social welfare bonuses.
The regulator’s long-term aim is to strike a balance between the smooth running of similar projects and the State, and to ensure services are rolled out to individuals in a lawful manner.
Following an official investigation, the commissioner said:
“There is no evidence of any such balance being re-examined on each occasion when a new form of use is identified for the card. That cannot be considered acceptable in a data protection context where careful calibration is required when considering adjustments to any scheme that, by its very nature, interfaces with established and important legal rights.”
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.