Catherine Connolly (Galway West, Independent)
Link to this: Individually | In context | Oireachtas source

501. To ask the Minister for Employment Affairs and Social Protection the status of the development and implementation of new systems, by her Department, to process and retain applicants' personal information pursuant to the December 2021 resolution of proceedings involving the Data Protection Commission on the processing of personal data when issuing public services cards; and if she will make a statement on the matter. [24628/22]

Heather Humphreys (Cavan-Monaghan, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The Department and the Data Protection Commission (DPC) reached an agreement in December 2021. This agreement has been published by the Department and the DPC on their respective websites.

The Agreement acknowledges that the Department of Social Protection can continue to process personal data as is necessary and proportionate in order to authenticate a person’s identity and issue them with a Public Services Card (PSC) which can be used for the purposes of accessing public services.

The DPC has already found that social welfare legislation provides a legal basis for the requirement that customers of the Department authenticate their identity by way of SAFE registration. The Agreement acknowledges that other public bodies listed in social welfare legislation (“specified bodies”) may use the PSC as a means of verifying the identity of the people they deal with, provided that they also accept other methods of authenticating identity.

The Agreement also acknowledges and accepts that the Department and other specified bodies can continue to use MyGovID as the sole means of authenticating identity for the purpose of accessing online services, provided that an alternative service channel is made available.

The Department undertook to work with the DPC to develop an agreed programme of work to ensure that any non-public service identity data ("non-PSI data") that may be collected during a SAFE registration is permanently deleted or irreversibly redacted. In addition, the Department undertook to make some changes to its privacy statement as requested by the DPC.

The DPC acknowledged as part of its agreement that the implementation and development of any proposal would require adjustments to the Department’s current systems.

The Department is developing and implementing revisions to its systems and these will be completed in the coming weeks. The Department liaised with the DPC on the development of these systems changes. .

In addition, as per the Agreement, the Department has amended its privacy statement.

I hope this clarifies the matter for the Deputy.