Blog Post

DRI welcomes today’s decision of the DPC finding that the gathering and processing of biometric data as a requirement for a PSC card was illegal. 

This inquiry arose out of concerns that DRI raised about the PSC and its associated systems, ‘SAFE2’ and ‘mygovid’. 

Having filed a formal complaint in 2019, and filed further detailed complaints on behalf of hundreds of Irish PSC cardholders in 2021,we are concerned about the long time it has taken the DPC to issue a decision in this matter.

We are also concerned that the DPC is giving the government a green light to continue this illegal processing for up to 9 months. 

Faced with the largest unlawful collection of sensitive biometric data Ireland has ever seen, the regulator has bottled it. It has allowed the biometric processing to continue while acknowledging there is no lawful basis to do so and therefore illegal.

Today’s decision leaves the government in a very serious situation. It has spent hundreds of millions of euro on an illegal PSC project. It has been fined hundreds of thousands of euro by the regulator. But that isn’t the end of the potential financial consequences from its heedless, lawless actions. 

In 2018, DRI went before the Oireachtas Committee on Social Protection and warned “the collection and sharing of this database without a proper legal basis to be one of the major financial risks the State has voluntarily taken on in recent years…. [we are here] to sound the alarm in respect of this issue”

Despite the 9 month stay of execution in the DPC decision, the government is leaving itself open to legal action and claims for damages for maintaining, operating, processing and even adding to a database that has been ruled illegal. The action for damages could result in a collective payout of billions of euros to PSC cardholders who were wrongly required to enrol in the biometric database as part of the ‘mandatory but not compulsory’ policy.

As part of our NO2PSC campaign running since 2021, DRI made a mass complaint on behalf of hundreds of PSC cardholders, which has been on hold while the DPC completed its own inquiry. That complaint must now be concluded, with the DPC finding of illegality applied.

We urge everyone with a PSC card to join the mass action complaint against the illegal use of their data at https://no2psc.digitalrights.ie/ in defence of their rights.

Wider view

The governance of the  PSC and the ‘SAFE2’, ‘single customer view’  and mygovid databases  have lost all credibility as a result of this decision. For years the government’s officials have asserted that the biometric aspect of the PSC,  was completely legal. 

This was false. As part of our NO2PSC campaign, DRI made a mass complaint on behalf of hundreds of PSC cardholders, which has been on hold while the DPC contemplated its navel. That complaint must now be concluded, with the DPC finding of illegality put into force. 

This is in spite of the spending of 100s of millions on fees for consultants. Political accountability is one aspect of this, but we also have to consider the role of the ‘permanent government’ who have misled the elected officials so badly. 

It is hard to trust what the government says about its citizen databases as a result of this debacle. 

The PSC is supposed to be the basis for the so-called ‘EU Digital Wallet’. It is also supposed to be the basis for the app-based drivers licence and other facilities.

These are all now in question. This functionality may now not be available because of the government’s failure to plan and to put appropriate governance and ‘guard rails’ around its databases of private citizens’ information.

The PSC was designed for a different era, a different Ireland. It is not at all fit for purpose in a digital world. The problems with biometrics are only one aspect of this. It doesn’t have the security and safety features that are needed to keep citizens safe online. 

We are also concerned about the use of the PSC biometric database for surveillance purposes. It is now far too technically easy to track a citizen using facial recognition technology, a biometric database and AI. We have to guard against becoming a ‘surveillance society’ where our every move is tracked by phones, transactions and cameras. 

The Oireachtas now needs to rethink its whole digital identity strategy in line with this. It needs to restore public trust in government. 

There needs to be clear legislation and  accountability for all the identity schemes. The legislation is a tangled web of complex intertwined social welfare legislation which is unreadable for the ordinary citizen. There is no clear responsibility within government. At least five government departments are involved in this shambles.