The Data Protection Commissioner will outline her findings on the Public Services Card to the Oireachtas next month.
A major investigation by the state watchdog found that the card is in breach of data-protection laws.
It warned that the Department of Social Protection is the only state agency that has the right to demand the card before providing services.
It also found that the department is holding on to too much personal data for too long – and warned it to delete it.
It said the Department is entitled to keep basic information like name, age and gender - but must delete the documentation submitted to prove those details once it is satisfied a person is who they say they are.
The report is also critical of the information provided by the department to the public about the use of the card and the processing of their personal data.
Minister Paschal Donohoe at the Public Services Card Centre on D'Olier House in Dublin in 2017 | Image: RollingNews.iePublic Accounts Committee (PAC) member Peter Burke said Data Protection Commissioner Helen will appear before the body next month.
The Fine Gael TD said the card is a very useful form of identification to access state services.
“Obviously the State had got legal advice,” he said.
“The Secretary General of the Department of Social Protection had legal advice in terms of the card of being in compliance with data protection law.
“I think we need to balance that in the next 20 days in terms of the response the State gives to the Data Protection Commissioner.”
On Newstalk Breakfast this morning, Eoin O’Dell, Associate Professor of Law at Trinity College said the State could find itself facing class action court cases over the issue.
He said that while Irish law does not allow for class action suits – court cases where one person takes an action on behalf of a wider group of people – the State could face one under European GDPR data protection laws.
The DPC investigation only focused on Irish law – but Mr O’Dell said the length of time the State has been holding on to personal data could breach the European rules.
He said GDPR offers the chance to “claim for damages for data breaches or infringement of data protection legislation.”
“It also added the possibility of class actions which are, as yet, not a feature of Irish law but they have been introduced for European law reasons in this specific context.”
Legal Fees
He said any suit could end up costing the State millions in legal fees and said there is more than one way for the issue to end up in court.
“On the one hand you have the possibility of class actions,” he said.
“On the other hand, given the prospects that are now facing the State, I wouldn’t be surprised if the ministers are consulting with the Attorney General about the possibility of challenging the Data Protection Commissioner’s report in court.”
Public Services Card
As it stands, most state bodies will no longer be able to insist a person has the card to access public services.
The Commissioner has warned that the State must delete any data it is illegally holding within 21 days.
Meanwhile, the Government has six weeks to come up with a plan to make changes to the wider Public Services Card scheme.
