Mick Wallace (Wexford, Independent) | Oireachtas source

We really hope that Fianna Fáil Deputies will not do a U-turn on this and that they do not hide behind this wonderful contraption called confidence and supply. The public services card project is a ticking time bomb for the Government as far as we are concerned. If by chance Fianna Fáil Deputies were to do a U-turn on it, it might not look great on their record when the trouble hits the fan at a later stage.

The State is storing up problems for itself by pursuing a data sharing programme that fundamentally contravenes EU law. In the Seanad debate on 6 February, the Minister of State said our amendments would mean that the entire public service would grind to a halt. I think he was being a little bit over-dramatic. He said that the advice of the Attorney General in respect of our amendments is that any of these data that are collected are public service identity data. If the Attorney General actually said that, we will have to disagree with him.

The public service identity is a very particular dataset. It has a specific definition under section 262 of the Social Welfare Consolidation Act, which states: ""public service identity", in relation to a person, means the information specified in subsection (3) and the person’s personal public service number". It is not the case that one's name, date of birth, address, nationality or other data parts that make up the public service identity dataset exist only as part of that public service identity dataset, which is the logical extension of the Attorney General's argument. He is saying, at least according to the Minister of State, that data elements that make up the public service identity dataset do not, indeed cannot, exist independently of that dataset. That is a bit scary. The State does not have a monopoly on these pieces of data. The Attorney General's definition of the public service identity here is bordering on authoritarian.

Our amendment provides that a specified body, such as the Department of Employment Affairs and Social Protection or the Passport Office, must provide an alternative to the public services card as a way for a person to verify their identity. These amendments also go further, precisely because the public services card itself is not the problem. It is merely the manifestation in plastic card form of the large-scale data sharing to which, at present, one simply has no choice but to agree in order to access basic public services. We added the clause in respect of providing an alternative to accessing one's public service identity dataset to strengthen the protection for those who do not want to agree to ad hocsharing of their data and do not want to be coerced into doing so. Our amendments provide that a person has an alternative means to verify his or her identity with a particular specified body, other than that body accessing his or her public service identity dataset via the single customer view.

If the only ways to verify a person's identity to access services are via the presentation of a public services card, or by accessing that person's public service identity via the single customer view, then public services and welfare payments will be denied to those who do not agree to the sharing of their data. Our fundamental point is that withholding such services in order to coerce consent to such data sharing is not permitted under the GDPR or under pre-existing EU law. I appreciate that this is administratively difficult for the Government and relevant specified bodies. I appreciate the obvious need to verify people's identities. I appreciate the need for cost-saving measures and the need to increase efficiency. Of course all that is a good thing, but that does not solve the legal conundrum I have outlined repeatedly during debates on the Bill. The public services card may well turn out to be the most expensive administrative error in the history of the State when GDPR fines and compensation are factored in on top of the €60 million we have already spent on the card. It is a ticking time bomb.

Even if only one person in the entire country wants to avail of an alternative to this sharing of his or her data, legally we have to provide that one person with an alternative. I fail to see how something like a combination of a birth certificate, utility bills or a passport could not be used to verify identity for those who do not want to consent to the kind of data sharing we are talking about. One can get a driver's licence without a public services card. After wasting more than €2 million on the project to make the card mandatory, the Department of Transport, Tourism and Sport realised it had no legal basis to coerce consent to data sharing and abandoned the project. The Government and the Minister of State's Department in particular are engineering a situation where access to a person's public service identity dataset is the exclusive way to verify one's identity but there are clearly other options that do not require consent to ad hocdata sharing. Various public bodies are already using those alternatives and have been using them for decades.

See this speech in context