Data protection lessons from Ireland’s Public Services Card

The Irish Data Protection Commissioner finally made a ruling on the controversial Public Services Card probe (PSC) that described the current actions so far. The PSC has proven controversial: introduced in 2012 for welfare claimants, it’s use expanded to more and more uses, including its use to get a driving licence or passport. Now, following campaigns from civil liberties organisations, this expansion of use has now been found to be unlawful by Ireland’s Data Protection Commissioner.

It looks like the findings of the ICO are relevant for all sort of the ID schemes around the world and that the rest of the Governments/companies may took as a given.

  • Effective data protection regime

An Effective data protection regime needs to be in place prior the introduction of an identity system. It is clear that if such are missing, this leaves the system open to abusing the rights of individuals and communities.

  • ‘Function creep’

The ‘function creep’ of ID schemes is a feature used to put to more and more purposes. However, it looks like the implications of these functions are not often considered.

  • The new ID Requirements

The Irish scheme is also the proof that ID schemes can lead to the creation of new ID requirements where, previously, ID was not required. The Data Protection Commissioner highlighted the case of its use in the school transport system, for a use which previously did not have any ID requirement at all.

There are important lessons to be learnt from the experience of Ireland: for those places looking to adopt ID cards, but also those organisations promoting their use. The lessons from the experience of Ireland must be heeded for there to be a future where ID respects everyone’s rights.