You will no doubt have read about the controversary surrounding the Public Services Card (PSC) and GDPR (General Data Protection Regulations). This is an ongoing matter with no immediate resolution to hand and does beg the question as to the research and work carried out prior to the introduction of the PSC originally.
A PSC is usually issued when you are allocated a PPS number and if you apply for or are currently getting a social welfare payment (including child benefit) you will be asked to register for your Public Services Card.
On the 16th August last, the Data Protection Commission (DPC) published a statement of its findings on certain aspects of the PSC.
The Commission found that the processing of personal data (when issuing a PSC) to validate the identity of a person claiming or getting a social welfare payment has a legal basis under applicable data protection law.
However, the processing of personal data for the purposes of transactions between individuals and other specified public bodies does not have a legal basis under applicable data protection law such as applying for a passport or drivers’ licence.
It also found that the Department of Employment and Social Protection retains documents and information provided by people applying for a PSC longer than necessary. As previously covered in articles on data protection, personal data should be held no longer than is necessary for the purposes for which the personal data is processed.
Use of Public Services Cards
The findings of the Data Protection Commission do not affect the validity or use of the PSC and these cards can continue to be used to access social welfare benefits and free travel.
There is a view amongst experts in the area of GDPR that the findings on the part of the Commission makes a legal case easier as there could be recourse to compensation for non-material loss. It is pointed out by such experts that every public body that insisted on the card could be liable.
However, the Commission said there was no possibility of fines arising from its investigation as it was conducted under pre GDPR legislation. However, the reality is that if another investigation was to be initiated based on the findings of the latest enquiry fines could be imposed.
There is no doubt that this controversary means that the State is facing a very large contingency risk never experienced in matters of this nature.