Irish Minister faces questions about government use of facial imaging software in card issuance program

Ireland’s Minister for Employment Affairs and Social Protection Regina Doherty has responded to questions in parliament about the use of facial imaging software by her Ministry to detect potential identity fraud, saying it complies with EU law, The Irish Times reports.

The questions were submitted by TD Catherine Murphy of the Social Democrats following the removal of a reference to biometric data processing from the privacy statement of the Ministry website. The Ministry is collecting personal data form people in Ireland in order to issue Public Service Cards, of which 3 million have been issued so far. Facial images are included on the cards, and also added to an image-matching database.

The reference to biometrics was removed from the website on the instruction of the Ministry’s secretary general, and Doherty was questioned about whether the Ministry process meets the definition of biometric processing provided by the EU’s General Data Protection Regulation (GDPR). She answered that the card issuing process does not involve any “special category data,” which is the category GDPR places biometrics in. A separate process does, however, create an arithmetic template to compare for potential identity fraud detection, she said.

“This arithmetic template is not stored on the public services card, does not form part of the public service identity set, and is not shared with any other third party. They are stored only in the facial image matching software’s database held in the department’s own secure data centres,” Doherty said. “The department is satisfied that its use of facial imaging software is compliant with the law and is covered by the current legislative framework including the GDPR, the Social Welfare Consolidation Act, and the Data Protection Act 2018.”

If the Ministry was processing biometric data, it would be required to show compliance with specific legal conditions. The change to the website privacy policy was made in order to alleviate confusion, Doherty said.

Many organizations are not clear on their responsibilities under GDPR, and the role of third parties capturing or managing personal information is one of the regulation’s poorly understood aspects, according to a recent blog post by Jumio.

Related Posts

Article Topics

 |   |   |   | 

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Biometrics Research Group

Biometrics White Papers

Biometrics Events

Explaining Biometrics