Public services card: watchdog’s full report to be published today
Department has written to Data Protection Commissioner outlining ‘inconsistencies’
Data Protection Commissioner Helen Dixon. Photograph: Dave Meehan
The Department of Social Protection will on Tuesday afternoon publish the full investigation by the State’s data protection watchdog into the controversial public services card project.
Until now, the department has held off on publishing the full report, but the Government has already signalled that it will be challenging the findings of the investigation, which was concluded and the findings sent to the department last month.
The Data Protection Commissioner Helen Dixon found that several aspects of the card were unlawful.
These included the retention of documents with personal data on 3.2 million citizens, which the commissioner said must be destroyed, as well as the basis for which the State demanded the card be used for a variety of services. A total of seven adverse findings were recorded by the report.
Relations between the department and the data watchdog have soured arising from the report, with secretary general John McKeon last week writing to Ms Dixon to outline a series of alleged inconsistencies, as well as criticising the manner in which the investigation and its report were completed and publicised.
The letter, which has been seen by The Irish Times, was delivered by hand to Ms Dixon last week.
It argues that there are inconsistencies between the report and a letter sent to the department alongside the report, as well as “internal inconsistencies”.
One such alleged inconsistency relates to the ongoing processing of applications from outside the department. Another relates to the circumstances in which data gathered for the project should be deleted.
Regarding this second point, the letter states: “These inconsistencies between the report and the letter make it unclear as to what actions are required of the department and calls into question whether or not the DPC itself has a clear understanding of the import of its own findings.”
It also takes issue with the deletion of some findings from the draft report, which was sent to the department last year, as well as what Mr McKeon says is “at least one completely new finding”.
“Altering the report in such a manner without giving the department an opportunity to comment is a breach of fair procedures,” Mr McKeon wrote.
The letter also criticises the requirement issued by the commission that the department take certain actions within 21 days of being furnished with the report, which it says has “no particular legal force”.
The secretary general also questions the “precise legal basis” for any forthcoming enforcement actions, given the fact that the Acts under which the report was conducted are no longer in place, having been superseded by the introduction of the GDPR regime in 2018.
Mr McKeon is also critical of the commission’s rejection of a request made by Minister for Social Protection Regina Doherty to meet to discuss the report. “Your characterisation of the Minister’s request for a meeting as seeking to negotiate in some manner with the DPC is a misunderstanding of the nature of the request.”
The manner in which the commission handled the submission of the report also comes in for criticism. The watchdog has no powers to publish the report, but the department alleges that it “nevertheless published the core elements of the report” via a press release, media briefings and interviews.
“The department considers that these actions by the DPC are prejudicial to its interests and requests that the DPC now identify its vires [powers] for having so published its findings.”
The Government insists the processing of personal data has a strong legal basis, the retention of data is lawful and the information provided to users does satisfy the requirements of transparency.