This week, Adrian sits down for a long, in-depth discussion with Data Protection Commissioner Helen Dixon on why she stopped the government from making its Public Services Card into a national identity card through the backdoor.
After years of controversy, this week her office ruled that the PSC card cannot be used as a necessary form of identification for services outside the Department of Employment Affairs and Social Protection.
The move effectively puts a halt to any plans the government had of making the Public Services Card a ‘national identity card’ through stealth.
“The Department does not have a legal basis for processing personal data when it's in the case of a person who's seeking to avail of a service with the public sector body other than the Department itself,” she tells Adrian.
However, she stopped short of saying that the Public Services Card must be scrapped.
“Any cards that have been issued, their validity is not in question by anything we've found in this report,” she said.
“They can continue to be used in the context of availing of free travel or availing of benefits that a person is claiming from the Department.”
Dixon qualifies this by saying that the PSC can be used voluntarily by a citizen as a valid proof.
“If someone optionally brings their public services card to renew their driver's license, there is no issue with that. But what we're saying is that it must be an option. A public sector body cannot now require someone who doesn't already have one, to go and procure one in order to avail of their service.”
The PSC has been criticised by civil liberties groups who claim it is an attempt by the government to create a national identity card by stealth.
Earlier this year, UN special rapporteur on poverty, Professor Philip Alston, said that the PSC “runs the risk of becoming a centralised database containing intimate, personal information” that was unsafe.
Government ministers have repeatedly claimed that the PSC is a protection against fraud, identity theft and helps to cut costs. They say that the card simplifies identity registration for public services and reduces the need for duplicate forms and the repetition of processes.
However, Dixon tells Adrian that the PSC as currently constructed is overarching and is sometimes being used without good reason or legal justification.
“An example is the Department of Education’s appeal system around school transport,” she said.
“It now says that you have to procure a PSC card to make an appeal. It’s very difficult to see why that’s a requirement.”
Dixon also tells Adrian that she has opened a new investigation into the owner of The Huffington Post, Techcrunch and Yahoo. The Irish DPC office is now probing Verizon Media, formerly known as Oath, around complaints that its online media properties do not give users choice around online ‘cookies’ that track user activity online.
Meanwhile, Dixon tells Adrian that her office’s first major GDPR decision relating to a multinational tech firm looks set to be about Whatsapp.
“I expect that file to land on my desk in the next fortnight,” she said.
However, it is then likely to take “months” to arrive at a formal decision due to a statutory process of “examination and analysis”.
Dixon’s office currently has 61 statutory enquiries underway under GDPR law, 21 of which are focused on tech multinational firms. These include Facebook (8), Twitter (3), Apple (3), Whatsapp (2), Instagram (1), Google (1), Linkedin (1), Quantcast (1) and Verizon Media (1).
Under GDPR law, the Irish DPC can fine a company up to 4pc of its annual turnover.
See omnystudio.com/listener for privacy information.