The Department of Social Protection has confirmed that it carries out biometric processing and uses facial recognition technologies as part of its controversial public services card (PSC) programme.
The confirmation prompted concerns among data-protection experts, who said there are questions over the proportionality of creating a database of facial recognition images due to the risks attached.
In a revised version of its privacy statement published on Monday night, the department stated that the biometric processing of photographs would be used to identify cases of welfare fraud. It said the photographs were processed to produce a template that allows comparison with other images to detect cases of identity theft or double claiming of benefits.
The previous version of the privacy statement contained no reference to biometric processing.
Carrying out biometric processing is controversial among civil liberties and data-protection advocates.
Fred Logue, a solicitor and data-protection expert, said it was debatable whether the benefit of a minimal reduction in welfare fraud was strong enough to outweigh the risks and intrusion on fundamental rights associated with the creation of a national biometric facial recognition database.
“The creation of a national database of facial recognition images, for which there’s no specific legislation and no safeguards in law, is very risky and could well be illegal,” he said. “You have to balance that against the financial benefit, and you have to question whether it’s proportional.”
Facial matching technology has been used to detect 220 cases of suspected fraud since 2013, leading to savings of €4.74 million, according to information provided to the Oireachtas last year.
The extent to which biometric data is captured and processed as part of the PSC programme has proved to be a contentious part of the long-running debate on the card. Previously, outgoing Minister for Social Protection Regina Doherty said the department did not hold biometric data.
“We’re not holding biometric data. And I can categorically say that that’s true, because the only thing we hold is your photograph,” she said in a Newstalk interview in 2017. In a tweet the same year, Ms Doherty said: “We do not collect biometric data.”
The department insisted last night that its position on the biometric processing of data had not changed.
“The department has always been clear that, as part of the Safe Registration process, a standard photograph is taken and is used for two purposes. First, for use as a visual identity on the public service card – this photograph is not biometric. Second, as part of a separate process, a biometric template is produced from the photograph for the department’s own internal use.”
The department also confirmed that it was changing its privacy statement in several ways due to “deficiencies” identified by the Data Protection Commissioner during its investigation into the PSC, which was completed last year. However, the department is taking a legal challenge against the findings of that investigation. It would not comment on whether this challenge was affected by its decision to implement the changes.