Public Services Card

Every day the State delivers important and valuable services and benefits to the people living in the State. It is critically important that we can do so in the knowledge that the person in receipt of such services is who he or she claims to be. It is also important that we minimise the requirement for people to authenticate their identity each time they need to enter into a transaction with a public body.

A key aim of the public services card and the standard authentication framework environment, SAFE, process that underpins it is to deliver on those objectives. The SAFE process is also key to the delivery of secure online services via www.mywelfare.ie, enabling people to claim and to safely and securely track their claim for benefits, such as maternity benefit, paternity benefit, jobseeker's benefit and the pandemic unemployment payment, PUP. More than 4 million public services cards have been issued. More than 600,000 people use the card to make free travel journeys each week, more than 600,000 use it to collect welfare payments each week and more than 800,000 use it to transact online services with the Department. Detailed research published by the Department in 2019 indicates a high level of satisfaction with the card, with the vast majority of users expressing the view that its use should be extended.

In October 2017, the Data Protection Commission, DPC, commenced an investigation into the SAFE public services card process. The commission sent its final report on that investigation to the Department in August 2019. The report found that while the processing of personal data to authenticate a person's identity and issue a public services card for the purpose of providing services delivered by my Department is lawful, the same is not the case when a person is acquiring a card for use with the services of other specified public bodies.

Having carefully considered the report of the DPC and having consulted the Attorney General's Office, the Department is satisfied that the processing of personal data for the authenticating of identity and the issuing of a public services card is, in fact, lawful in situations where the person is acquiring the card for use with another specified public body. The Department set out its position at the time it published the report of the DPC.

Subsequently, in December 2019, the Department received enforcement proceedings from the DPC in respect of the August 2019 report. Given the strong public support for the public services card, the benefits it offers and the advice received from the Attorney General's office, the Department filed an appeal against the enforcement notice. As the matter is now before the courts, it would be inappropriate to make any further comment at this time.

I recognise that the matter is before the courts. My understanding is that the Government has appealed the decision regarding the enforcement notice to the Circuit Court. I merely wish to ascertain - I do not think this is a sub judice issue - where that process stands at present. Has there been a hearing or is there to be a hearing? If the latter is the case, when does the Government anticipate that such a hearing will take place?

As I have outlined, the matter is subject to a court case. The Deputy will appreciate that I do not want to pre-empt or in any way prejudice that court case. My understanding is that the matter may be coming for hearing shortly. That is as much information as I can give the Deputy in this regard.

It is important to note that, as the Deputy knows, many people ask their public representatives why they have to keep giving the same information to different Departments time and again. Removing that requirement was the purpose of introducing a public services card. All the information would be contained on one card and it could be used in one's dealings with a number of Departments. As things stand, the public services card can be used for dealings with the Department of Employment Affairs and Social Protection and it has proved useful in a number of areas. In the case of the PUP, for example, it was very useful in enabling verification of applications.

I welcome the Minister's answer. The word "shortly" can cover a multitude but I understand where she is coming from and I am not trying to be facetious. However, it would be good to have a more definitive position on this matter from the Government. There are issues regarding minors, in particular, and the very personal information held regarding people under the age of 18. It would be helpful to have the Minister's perspective in terms of accessing services in those instances. My understanding of the issue - I could be wrong and, if so, I will defer to the Minister - is that the question arises as to whether the requisite data protection impact assessment was carried out in respect of the card.

Finally, if the public services card is to succeed and to transcend its use only within the Minister's Department, consideration should be given, for instance, to its potential use as a form of identification for service users of credit unions.

The public services card was first provided for in law in 1998. The clear intention at the time was to replace the old social services card with one that could be used across all State services. That was the concept behind it. The overwhelming majority of users surveyed by a third-party research company support the card. In October 2017, the Data Protection Commissioner initiated an investigation into the service, which included a consideration of the legal basis for the processing of personal data and its compliance with the Data Protection Acts. This was prior to the general data protection regulation, GDPR, which gave effect to EU law relating to data protection principles. The Department co-operated fully with the investigation, including the provision of a detailed response to a draft report provided to the Department at the midpoint of the investigation process in 2018.

The DPC's report relating to legal basis and transparency issues containing eight findings was received on 15 August together with a letter from the DPC requiring the Department to take certain measures. At the time, the DPC stated it did not have legal powers to publish the report but issued a press release setting out the findings and the measures it also requested that the Department take. It also requested that the Department publish the report of its volition. In its report the DPC found the Department has the legal powers to require users of a service to authenticate their identity to SAFE standards, to issue a PSC to these users and to require them to produce it as a means of authenticating their identity when accessing the Department's services.