Wednesday, 25 September 2019

Questions (16, 19)

Thomas Byrne


16. Deputy Thomas Byrne asked the Minister for Employment Affairs and Social Protection the status of the recent report by the Data Protection Commission into the use of the public services card. [38845/19]

View answer

Joan Collins


19. Deputy Joan Collins asked the Minister for Employment Affairs and Social Protection if she will comply with the legal directions issued to her by the Data Protection Commission regarding the public services card. [38795/19]

View answer

Written answers (Question to Employment)

I propose to take Questions Nos. 16 and 19 together.

The Public Services Card (PSC) was provided for in legislation in 1998 when it was introduced alongside the PPSN to replace the previous Revenue and Social Insurance number (RSI) and the Social Service Card (SSC).

The clear and stated objective as articulated in Oireachtas at that time was that the Public Services Card was not to be confined to welfare services but to act as an identifier for access to a broad range of public services. Successive Governments have reaffirmed this policy both in Government decisions and through legislation.

The Attorney General’s office advises that the legislation is clear and provides a strong basis for the existing and continued use of the PSC across the public service.

The PSC provides citizens with the convenience of only have to submit information to verify their identity once. As an example about 70,000 people use the PSC to apply for passports each year; we pay over 600,000 people approximately €150m through our post offices each week using the PSC as the identifier in each case; 600,000 free travel journeys are made using the PSC each week, about 400,000 PSC users use the MyGovID service to access online services with Revenue, SUSI, the National Driving Licence Service, Welfare and, shortly, the NCS.

The PSC has strong public support – approaching 90% of the adult population hold a PSC and research indicates they overwhelmingly value the card, are fully aware of and agree to the sharing of data required to enable its use across the public service, believe that they have more than enough information about the purposes of the card and understand why, and do not object to, their data being retained.

In October 2017 the DPC commenced an investigation into the SAFE / PSC process and delivered its final report to the Department on 15 August 2019. On 17th September, the Department published the report of the DPC together with a summary of its own response to the findings of the report, and related correspondence between it and the DPC.

As stated earlier this month, the Minister for Public Expenditure and Reform, Paschal Donohoe T.D. and I informed Government that we are satisfied that the processing of personal data related to the PSC does in fact have a strong legal basis, the retention of data is lawful and that the information provided to users does satisfy the requirements of transparency. This opinion was arrived at following very careful consideration both of the report and of the strong legal advice of the Attorney General’s Office.

The DPC had requested that the Department implement a number of actions on foot of the publication of their statement on Friday 16th August, within a very short time frame. However, based on the strong legal advice received, we believe that it would be inappropriate, and potentially unlawful, to withdraw or modify the use of the PSC or the data processes that underpin it, as has been requested by the DPC.

The Department sought to meet with the DPC on two occasions since receipt of the report with a view to outlining the basis for its conclusions and seeking to clarify a number of matters of concern relating to inconsistencies between both within the DPC's Report and between the report and the accompanying letter from the DPC. The request for a meeting was declined on both occasions.

The Department wrote to the DPC to advise it of the decisions now taken and understands that the DPC is now in the process of preparing an enforcement notice. To date, the DPC has not issued an Enforcement Notice. On receipt, the Department will consider the scope and terms of the enforcement notice and respond appropriately at that time. It should be noted that the findings in the DPC report do not have the force of law until such time as they are formalised in an enforcement notice.

In the meantime the Department will continue to conduct SAFE registration and issue the PSCs. It will also retain the supporting documentation collected as part of the SAFE process. The reason for this is that it is not sufficient, in the case of a dispute over any decision, to simply record that decision was taken it is also necessary to produce the documentation on which the decision was grounded. Other bodies, for example credit unions, public utilities and banks, similarly retain documentation submitted in support of applications for their services for as long as the person concerned is a customer of their organisation.

My Department is committed to ensuring that data relating to individuals is securely held and used only for relevant business purposes. The Department’s commitment to safeguarding data is reflected in its use of advanced data processing and storage technology hosted in secure, State owned and operated, data centres and is reinforced by a range of legislative and administrative provisions that are designed to protect the rights and interests of individuals.

Neither the PSC, nor the underlying Public Service Identity dataset, contains any information relating to the holder’s use of public services.

The Social Welfare Consolidation Act 2005 (as amended) restricts the sharing and use of the Public Service Identity (PSI) data to a number of specified bodies set out in Schedule 5 of that Act and only in relation to a transaction a person has with that specified body. It is important to note, contrary to statements by some commentators, that the sharing of the PSI dataset does not involve sharing information regarding use of public services.