Patrick O'Donovan (Limerick County, Fine Gael) | Oireachtas source

The Senator has raised some of the points I wished to raise about amendments Nos. 11, 17 and 38. The basic issue relates to the Social Welfare Consolidation Act 2005, to which the Senator has referred. It is pre-existing law, whether we like it or not. I cannot accept amendments that would be in direct conflict with provisions relating to the PSC set out in existing legislation.

In regard to amendment No. 39, which amends altering section 42, I note that the third last line of the amendment is the most important in figuring out what it is about - "the information so collected is collected for the purposes of enabling that public body to access information". The information is an enabler. It is the first piece of data, accessed before the dataset is even compiled. It was referred to earlier as the key rather than the lock itself. It is the initiating piece of data, which allows the public body to collect the initiator, as opposed to the subsequent pieces of data that will be collected thereby.

Senator Higgins is correct about amendments Nos. 40 and 41. If amendment No. 39 is accepted, amendments Nos. 40 and 41 will be nullified. I appreciate the issues the Senator has raised about the PSC in the amendments. In respect of section 6, the Senator is proposing to provide that the card, or the underlying public services identity data associated with the card, cannot be "the sole or exclusive basis by which a person may confirm their identity in order to conduct a transaction or access a service". Similarly, the Senator proposes to amend section 12 to provide that the data may be shared "as one non-mandatory means to verify the identity of a person".

Amendments Nos. 38 and 41 provide for the person receiving the service to decide for themselves what is an appropriate means of identification. Current legislation clearly sets that out. Service providers must put in place necessary and proportionate requirements for identity verification to ensure services are provided to the right person and to protect personal data.

The Senator will appreciate that in light of the GDPR and the importance that Government places on the protection of personal data, it is more important than ever that we ensure the providers of public services are certain they are dealing with the correct people. This is only fair, given that in many cases it is not only a question of dealing with the right person but also one of dealing with large sums of the State's money. That is an important part of the security with which the State wants to be surrounded. The State has invested significant money and resources in the PSC MyGovID and the underlying safe registration process and it continues to do so. It is a result of the safe registration process that the card and MyGovID are the most robust and assured means of establishing a person's identity when he or she accesses a public service. In this context, it is a matter for each service provider to decide the most appropriate means by which it verifies a person's identity. That is why I referred to the Social Welfare Consolidation Act 2005, because in that case it is identified. This should be necessary and proportionate to each service. I know we will discuss the words "necessary and proportionate" later. It is something the Senator referred to a lot. One never knows; there might be further good news. It is not appropriate to place a blanket restriction on how the PSC or public services identity data can be used to facilitate data protection. On that basis, I do not propose to accept the amendments and I ask for consideration to be given to their withdrawal.