Group says doc shows Irish benefits card data collection and transparency issues known
A privacy agency in the Irish government has collected face scans from 3.2 million residents over 10 years without telling them the reason for doing so or even providing a legal rationale for doing so.
Further, individuals’ biometric records are being stored in a centralized database for 10 years past the end of their life.
Some of those residents allegedly have been children. All allegations reportedly violate European Union law.
According to a 2021 data protection impact assessment filed by the Department of Social Protection and co-authored by business services firm KPMG, face-matching reduces fraud that involves the nation’s public-services card program, which has been plagued by biometrics concerns and miscommunication.
The Irish Council for Civil Liberties recently got a copy of the document after filing a Freedom of Information request. Leaders of the group say that document makes it clear that, at least since 2021, Social Protection officials have known they are violating Article 9 of the EU’s General Data Protection Regulation. Article 9 stipulates a narrow range of circumstances in which biometrics and other special category data can be processed without the explicit consent of the data subject.
Antoin O Lachtnain, director Digital Right Ireland, another public advocacy group, told the Irish Legal News that another government agency, the Data Protection Commission, has been investigating face-matching associated with the card “for a number of years.”