WHY ARE THEY FORCING US TO ACCEPT IDENTITY

CARDS? Have a read.

25 August
WHY ARE THEY FORCING US TO ACCEPT IDENTITY CARDS?
The government is pushing through an identity card system by stealth even
though the issue was never debated in the Dail. They have no legal basis for their
actions and they are hovering between telling citizens that it is mandatory and
voluntary.
These shocking developments emerged when a pensioner was denied payment
after she refused to apply for the new Public Services Card. Further developments in
Bray have cast a new light on the murky tactics of the state.
Sharon Briggs is in receipt of Job Seekers Allowance and for the past two years,
letters have arrived at her home inviting here to apply for a Public Services Card.
The letters have contained a warning that failure to take up the invitation may
affect your payment.
The important word is may said Sharon, it has no legal basis and I, therefore,
replied to these letters with a series of questions such as: who will have access to the
data? and which private company is handling my data?.
I never got any reply to my questions and only received further invitations which
were not signed by anyone
Sharons concerns are perfectly legitimate. The Public Services Card has been
constructed so that it can contain detailed biological data. This includes fingerprints,
eye scans, and possibly even wider DNA information.
Contracts for producing the cards were issued by the Department of Social
Protection to the private company, Biometric Card Services, which was part of the
Smurfit Kappa group.
The original contract to Biometric Card Services was for 18 million but this has
increased as a result of subsequent revisions.
The State has entered a new deal to guarantee the issue of 3 million of the identity
cards by the end of 2017. If successful, it will re-coup a discount on the huge costs
involved.
The strategy has been to start on social welfare recipients and those who are
seeking free travel on buses and trains after they pas the age of 65.
The government is pretending that they must apply for a PSC card simply to access
their basic entitlements. Yet legally there is no basis for this. The relevant section of
the Social Welfare Act simply states that someone has to satisfy the Minister as to
his or her identity. There is no legal requirement to carry a card that can contain
detailed biometric data.
Sharon Briggs decided to stand her ground and refused to apply for the PSC. On
16th August of this year, she was informed that as a result, here payment would be
affected and when she arrived at her local sub-post office, no payment of Job
Seekers Allowance was available for her.
Sharon queried the manager of the post-office as to why she had been denied social
welfare and was met with repeated answers that she did not know
However, subsequently she was told that her social welfare payment had been
transferred to a different post office. This salient fact only emerged after Sharon
had stood her ground and pointed out that there was no legal basis for denying her
claim.
I have no problem adding a photograph to my welfare card. I have no problem
producing photo ID. I just do not think it is right that I should be forced to accept a
biometric card when there is no legal basis for such compulsion.
Identity cards are used in other countries such as France and Turkey and citizens can
be arrested for not producing them. If they lose them, they must pay a fee to get a
new card.
There is no democratic agreement to develop such a system in Ireland.
There are no plans to extend a requirement for
Northerners to hold a Public Services Card for a
passport
Northerners reassured over public services
card requirement for passports

Simon Coveney said from the end of next year anyone applying to
renew their passport in the south will need a public services card.
JOHN MANLEY
29 August, 2017
The Department of Foreign Affairs in Dublin has moved to reassure
people north of the border that they will not require a public services
card to secure an Irish passport.
Foreign Affairs Minister Simon Coveney yesterday confirmed that by
the end of next year, anyone applying to renew their passport in the
south will need to present a copy of their public services card.
Introduced in 2011, initially for the Republic's social welfare
claimants, a public services card is an ID card that enables holders to
access a range of public services easily.
The card is already required when applying for a passport in certain
circumstances. However, Mr Coveney said it will be needed in all
cases from late next year.
When asked yesterday on RTE Radio's Morning Ireland if the card
would be required when applying for passports, Mr Coveney said:
"That's not the case today but we hope to move to that in future.
"The whole point in having a public services card is that there is a
single point of information so that people can access public services
whether that's a driver's licence whether it's a passport."
The ministers said it would take "some time" for the Passport Office
introduce the requirement, adding that he expected it to be
introduced in around 12 months.
But the Department of Foreign Affairs said there were currently no
plans to extend the public services card requirement north of the
border.
"The purpose of the public services card is to help people access a
wide range of public services in Ireland," a spokesman said.
"There are no plans at present to extend requirements for services,
including passports to Irish citizens in Northern Ireland."

A public services card

http://www.irishnews.com/news/2017/08/29/news/northerners-
reassured-over-public-services-card-requirement-for-passports-
1122568/

Transforming Public Services Conference

on eGovernment
The Public Services Card
 Richard Shine
Client Identity services
Department of Social Protection
Individual authenticates his/herself each time he/she attempts to access a
public service.

Each Public Service Provider authenticates individual prior to assessing

eligibility

What Happens Now

PPSN Issues to Individual

Ad-Hoc Verification of PSI/PPSN

Multiple unlinked silos of data
Ad hoc data verification/matching
Inconsistent/inaccurate data
Duplication for individual supplying same data
to many Public Service Providers
Resource implications for Public Service:
o time and effort required to authenticate

identity
o time and effort required to verify personal

data
o duplication
And thats when you get it right!!

ISSUES

Do you recognise this Man

?
Eastern European
Obtained 10 PPS numbers in 2005
using stolen Lithuanian Passports
Aged between 25 and 31
when photo taken
Paul Francis Murray
Resident in Thailand since 1974
Received 249K in fraudulent social
welfare payments
using 8 assumed identities
Recent Example of
Impersonation
PSI Authority
Public Service Identity Data Register

Single Customer View

SAFE Manager

Client Registers Personal Data

Token (e.g. PSC) issues to Client

What Should happen

Why?
Maximise Privacy

Ease of use

Public Service
Share Data
Share services
Minimise Duplication
Integrate Services
Target Services
Prevent Fraud
Savings
 Simplify Access

Minimise Repetition (once and done)

Control Data Use

Control Accuracy

Individual
RESULTS

Standard Authentication Framework Envi

ronment
Rules based standards for establishing and
authenticating identity to facilitate access
to public service across multiple channels.
In July 2005 the Government
approved the SAFE Business
Requirements:

Registration unified registration process

Token photo & PIN, thin client
Infrastructure existing, where possible
Applications mainly Authentication
DSFA to issue PSC
Further work on policy - CMOD

Further work on registration & card

functional specification
Safe 0 = No assurance of identity

Safe 1 = Balance of probabilities

Safe 2 = Substantial assurance

Safe 3 = Beyond reasonable doubt

Levels

Level 2
Minimum authentication
level for PSC and most
public services
 Face to face registration
in a designated SAFE
Registration Office
Capture of photo and
signature
Proof of identity and
evidence of address
Functional Specification
Public Services Card
Principles
Privacy enhancing:
Personal data shall only be used when
necessary, and the PSC shall be
implemented in such a way as to enhance,
not weaken, the protection of that
personal data.
 Future Flexibility
o A family of tokens

o Thin Client (functionality in

backend systems)
o Multi-channel support

Authentication by observation: The PSC

shall have physical
characteristics that give a trained inspector a
level of assurance that they
are looking at a genuine card.
Cardholder photo on card face: The PSC
shall have a cardholder photo on the front of
the card
Expiry date: The PSC chip shall hold an
expiry date, configurable by the card issuer to a
value appropriate to card usage
Free travel: The PSC shall be usable for
gaining access to legitimate free travel. This
might simply mean using the card as a flash
pass or might be electronic authentication
 Functional Spec (non-
chip requirements)

Functional
Spec (chip requirements)
Secure online authentication
Secure offline authentication
Level of confidence in authenticated
identity
Support for cardholder PIN
SAFE cardholder data
Cardholder facial image stored on the
chip
Card data access control
Card chip block, unblock and
termination
Identifying card capabilities
Confidentiality
Integrity
Trial of biometric authentication (S)
Trial of contactless technology (S)
A Lot Done
o SAFE Programme (incl
Government Decision)
o Legislation
o Assessment of PSI Data
o Procurement of Technical Advice
and Support
o Registration Process Review (incl
Fraud & Error
Survey, Rationalisation of PPSN
Registration Centres)
o PSC Functional Specification
o Organisational Review (incl future
state vision and process mapping)
o Customer Object Development
(COD 1): Transfer of Customer
records from RdB to SQL - facilitate
capture of photo, signature, SAFE
registration and card lifecycle
requests
o Procurement for production,
personalisation and card
management service
 MSP Contract negotiations
completed. Contract signed on
22/12/2009 effective from 4 January
2010
Architecture Design
Completed. Development
Commenced
Production and Personalisation Facility
Design Completed. Construction
Commenced
Customer Support Facility Designed
and Processes Agreed. Infrastructure
development commenced.
Integrated Ticketing Scheme
Integration: substantial
work completed but integration
delayed.
Card Design Finalised
Some Internal Systems Development
Completed, procurement for rest
commenced
Single Customer View
Sanction received to proceed on 23
October 2009.
Complete development of new
functionality
Complete specification, build and test
of architecture
Complete Assessment of DSP
registration capacity
Devise strategy for enrolment of
residual population
Implement Robust Registration
Process (incl. provision of hardware
e.g. digital cameras, scanners,
signature pads, passport readers etc)
Phased Roll Out (incl. acceptance
infrastructure e.g. card readers)
Continue to work towards early
integration with ITS.
More To Do
Data Capture

Card Production
Card Management

Card Usage
Duplicates Check

(BOMi)
Get Signature

(LOPM, Bulk Load)

Get Photo

(LOPM, Bulk Load)

Establish Identity

( BOMi, LOPM)

Produce PSC

(MSP Architecture)

Customer Support

(MSP Architecture, CIS Ref terminals)

 Acceptance Infrastructure

(BOMi, MSP Architecture, Public Service Providers

Systems Development)

Processes, sub-processes and associated

projects
Get Voice
(Mobile Certification)

Assign SAFE Level

(BOMi)

Request PSC (including renewal) + Response

(BOMi, MSP Architecture)
Issue PSC

(MSP Architecture)

Card & Terminal Management

(MSP Architecture, BOMi, CIS Ref Terminals)

Application Providers Support

(MSP Architecture,

RPA ITS etc)

PSC Architecture

Data Capture
(COD, Bulk Load)

Identity/Access/Payment/Free Travel

A Family of Tokens

Design Requirements
Standard credit
card size with multiple
protection mechanisms
to prevent and detect
tampering with the
physical card and its
contents
Immediately recognisable
as being for use in the
public services of Ireland
The card must comply
with the best practice on
 accessibility and also the
Official Languages Act
Design Requirements
The design must ensure
that the combination of
the photograph and the
name are sufficiently
prominent
The design is to
incorporate over-
printable areas where
the Free Travel
entitlement or similar
 variable data can be
printed
Data Inscribed on the Card
(Section 263,SWCA 2005 as amended)

Name
PPS number
Photograph
Signature
Card issue number, and
Expiry date
Data Encoded on the Card
(Section 263, SWCA 2005 as amended)

Name
PPS number
 Photograph
Signature
Card issue number
Expiry date

Date of birth
Sex
All former surnames (if any) of mother
Place of birth
All former surnames (if any)
Nationality

Multiple Security Features

Polycarbonate Card
Laser Engraving
First Line Security
Features (3)
 o Easily and speedily recognisable
Second Line Security
Features (2)
o Require specialist equipment
Third Line Security
Features (?)
Polycarbonate Card
Polycarbonate card body
with laser engraving
personalisation
Five layers of material
inextricably bound by
heat lamination so they
cannot be split without
destroying the card
 Coloured background
print - intrinsic security
feature
Kinegram
Kinegram integrated with
the photo and signature
By tilting the card the design element
will change in colour from gold to
green

Optical Variable Ink

Tactile Relief
A positive relief structure
applied on the surface of
the card
Second Line Security
Features
Design includes second
line security features
Their detection will
require specialist
equipment
For obvious security
reasons features will not
be made publically
available
Third Line Security
Features
 Design includes a number
of third line security
features
For security reasons
exact details of third line
security features will only
be disclosed to 2
nominated individuals in
CIS
Examples of third line
security features would
include intentional ink
spots and slightly tilted
characters
Accessibility Features
 The tactile relief is a
raised structure which
allows visually impaired
people to detect the
orientation of the card
The contact chip of the
PSC is also tactile. This
element clearly defines
the orientation of the
card and aids visually
impaired people to use
the card correctly
Immediate Benefits
 Validation of Identity
provided SAFE principles
are not undermined
Potential for substantial
reduction in the rate of
fraud and error
More secure payment
token chip and pin
Data enrichment SAFE
2 registration
Replacement of current
insecure cards
Efficiencies across the
Public Service
PSC can be used by any Public Service Provider
that is entitled to use the PPSN (S 263, 2005
Consolidation Act)
Co-operation focus areas:
a. Advice
b. Use of Public Services Card
c. Use of other card as a Public Services Card
d. Use of infrastructure
e. Use of data
There is only one way to make secure biometric identity - NEVER collect non-revocable
biometric data

Disability Act 2005 - Law Reform This Revised Act is an administrative

consolidation of Disability Act 2005. ... Planning and Development Act 2000. 2000,
No. 30. Public Service ... service provider

http://www.lawreform.ie/_fileupload/RevisedActs/WithAnnotations/HTML
/en_act_2005_0014.htm

What We Can Do For You

http://webcache.googleusercontent.com/search?q=cache:sOJaqm9oTYYJ:pe
r.gov.ie/wp-content/uploads/18_Jan_-
_The_Public_Services_Card_Mr_Richard_Shine_Department_of_Social_Prot
ection_.ppt+&cd=2&hl=en&ct=clnk&gl=ie

Leo Varadkars
officials disputed his
fraud claim

Varadkar had said publicly that people

were using fake beards to make false
welfare claims

By Hugh O'Connell
Aug 27, 2017
Varadkar had said publicly that
people were using fake beards to
make false welfare claims
Like Jesus Wept
https://www.businesspost.ie/
politics/varadkars-officials-
disputed-fraud-claim-396295
Saturday, August 26, 2017

Letter regarding the Public Services Card

I'm very grateful to my colleagues who have signed a letter expressing concern at
the growing use of the (supposedly optional) public services card as a mandatory
requirement for essentials as passports and social welfare, creating a de facto
national ID card or Ireland without public debate.

The full text of the letter and the signatories are below.

Minister for Justice and Equality

Department of Justice
St Stephens Green
Dublin 2

25 August 2017

Public Services Card

Dear Minister

We are researchers in the areas of information technology, information security,

privacy, data protection and fundamental rights. We write on our own behalf
rather than on behalf of our respective institutions.

We refer to the public services card (PSC) and its increasing use in relation to
public services. We note in particular the intent to turn the PSC, which was
originally intended to be used for specified public service purposes only, into a
general purpose identity card to be used in a wide variety of contexts under the
Social Welfare and Pensions Bill 2017.

We note that in 2015 the Minister for Social Protection, Joan Burton, made the
following statement:

The question of the introduction or otherwise of a national identity card was not
part of SAFEs [the scheme of which the Public Services Card is part] remit. The
matter of establishing a national identity index and producing a national identity
card is a wider issue. It would require due consideration by the appropriate
agencies before any policy decisions could be formulated by Government and
would require the development and implementation of legislation to support any
such policy. Development of policy in this area would be led by the Minister for
Justice and I am not aware of any current plans for her to do so.

We also note that it is now being made effectively compulsory to have the PSC in
order to carry on ordinary business in our society (for example to get a driving
licence or a passport).

The Irish Times of 22nd August reports that a pensioner has had her state
pension withheld for querying the legal basis for requirement she obtain a PSC,
and the statement by the Department of Social Protection on the matter suggests
they consider the card to be mandatory to access basic entitlements:

It was not possible for a person to satisfy the minister as to his or her identity
without being registered in a process which results in them being issued with a
public services card.

We note that the Department of Social Protection is now writing to social welfare
recipients stating:

Registration for the Public Services Card is now a legal requirement for people in
receipt of social welfare payments (including Child Benefit) or free travel
entitlements.

We are not aware of any such legal requirement.

The Department of Social Protection website outlines an array of public services

for which similar mandatory uses of this voluntary card are proposed, many of
which appear to lack any legal basis.

It would appear that the time has now come where a national identity card is
essentially on the table, and it is time for policy decisions in relation to this
matter.

However, to date, there has been no public engagement in relation to the

development of policy for a national identity card.

Our concern is that as a result, we are sleepwalking into developing a national

identity index and national identity card in all else but name, and that we have
not considered the very important implications before doing so.

We call on you now to engage with the public for the development of policy on
this matter, and for there to be a real debate on the issue. We request that you
recommend that further expansion of the PSC be delayed and that Head 6 of the
Social Welfare and Pensions Bill not be enacted until this matter has been aired
and policy considered in depth.

Yours sincerely

Dr. Graham Butler

Aarhus University

Professor Robert Clark

Sutherland School of Law, University College Dublin (Emeritus)

Dr. Vicky Conway

School of Law and Government, Dublin City University
Dr. Stephen Farrell
School of Computer Science and Statistics, Trinity College Dublin

Dr. Alan Greene

Durham Law School

Professor Steve Hedley

School of Law, University College Cork

Brian Honan
CEO, BH Consulting

Dr. Jennifer Kavanagh

School of Humanities, Waterford Institute of Technology

Dr. Rnn Kennedy

School of Law, National University of Ireland, Galway

Professor Maeve McDonagh

School of Law, University College Cork

Dr. TJ McIntyre
Sutherland School of Law, University College Dublin

Dr. Maria Helen Murphy

Department of Law, Maynooth University

Dr. Patrick OCallaghan

School of Law, University College Cork

Professor Barry O'Sullivan

Insight Centre for Data Analytics, University College Cork

Dr. Johnny Ryan

Head of Ecosystem, Pagefair

Dr. Liam Thornton

Sutherland School of Law, University College Dublin

Dr. Darius Whelan

School of Law, University College Cork

Cc: Minister for Employment Affairs and Social Protection

[Since the original letter was sent additional individuals have signed on, and the
first paragraph has been modified slightly to reflect that not all are primarily
academics.]
http://www.tjmcintyre.com/2017/08/letter-regarding-public-services-
card.html#more
The Identity Card That Most
Assuredly Isnt An Identity Card
MAY 2017
Loughlin ONolan & Elaine Edwards
TL;DR: The Irish state is building a national identity register with no
discussion or debate. Whether this register is being created by accident or
design, the lack of debate is alarming. The justifications for doing so are
opaque and vague, where justifications can be found at all. This project is
proceeding right now, and there is a financial incentive for elements of it to
be done as quickly as possible, reducing further the possibility of any
discussion. The Department of Public Expenditure has fought to protect
records that might reveal what the Data Protection Commissioner has been
saying behind the scenes about the project, arguing successfully to the
Information Commissioner that it would be contrary to the public interest to
disclose them. A department that is processing the personal data of every
citizen in the state from birth to death is arguing that it is contrary to the
public interest to disclose records about a giant biometric database it has
established with no public debate or scrutiny.
Some key interacting issues here are information, consent and trust.

The state should, with some legal exceptions, only acquire, store and
process citizens personal information with the full informed consent
of each citizen.
The state must inform citizens about any plans to use their personal
data in any way other than the purpose for which it was acquired. Clear
information about these other purposes must be provided at the time
and place at which the data is acquired.
Whether legally or illegally obtained, personal data has a long and
persistent life and those who control access to it will change.
For data protection purposes the state is not a monolithic entity. If one
department intends to share personal data with another, it must
inform citizens fully about this when it collects this data.
Informed consent such as this leads to trust and empowered decision
making by individuals. Citizens can choose whether they wish to trust
the state with their personal data, in which context and for how long.
In addition to this the government and a range of public bodies have
fairly extensive powers to demand personal data from other bodies
without consent, where the individual involved might never be aware
of it and doesnt have to give consent.
 The various state bodies involved have to earn trust from citizens. In
order to earn trust, full information about uses and safeguards around
personal data must be provided.
If the state seeks to short-circuit this relationship built upon trust by
forcing people unwittingly or unwillingly onto the register, citizens will
suspect the state cannot give enough assurances that the state is a
trustworthy guardian of their personal data.

Privacy campaigners have expressed concern that a plan by the Government to make
all citizens applying for a passport and a driving licence first obtain a State-issued
public services card represents the introduction of a national ID card by stealth.
Minister for Public Expenditure and Reform Paschal Donohoe confirmed that all
passport applicants will be required to have a Public Services Card (PSC) from the
autumn, although he insisted it is not and will not be compulsory for citizens to get the
card.
Not calling the Public Services Card an identity card is the thinnest of
rhetorical cover and it is surprising that this has gone on mostly unquestioned
for several years until it hit the front page of the Irish Times last Monday. If
the state wants to introduce a national identity card it should let citizens
know and make its arguments as to why it feels this is necessary.
Responding to the Irish Times story, former justice minister and current
Senator Michael McDowell said he has always been opposed to national
identity cards and remains so.
The executive director of the Irish Council for Civil Liberties Liam Herrick said
that the government should propose such a measure through primary
legislation and facilitate a national debate on such a measure.
In such a debate ICCL would argue that ID cards are an ineffective, expensive
and intrusive mechanism to advance the stated public policy objectives. We
note that plans to introduce a national ID card system in the UK were
abandoned in 2010 for these reasons.
Dr. Dennis Jennings, the only Irish inductee into the Internet Hall of Fame and
the closest thing Ireland has to a Tim Berners-Lee, was before the joint
Oireachtas Committee on Finance on Tuesday and was scathing in his
criticism of the way the state is going about introducing the Public Services
Card.
The current situation where the Department of Public Expenditure
and Reform is trying to introduce 3 million Public Services Card,
using data sharing from multiple sources under the provisions of a
very old and out-of-date (from a privacy perspective) Social
Welfare legislation is, I think, truly shocking, and a gross breach of
this principle and of the trust that is required.

Just A Spoonful Of Coercion

I n January 2008 a UK Home Office document titled Options for Analysis
was leaked to the Sunday People. It discussed options for increasing
registrations for the national ID card, including some forms of what were
called coercion. The Home Office was careful to stress that universal
compulsion should not be used unless absolutely necessary. Suggested
forms of coercion included leveraging existing arms of government which
many citizens could not avoid interacting with, such as those responsible for
issuing existing identity documents like passports and driving licences.
Various forms of coercion, such as designation of the application process for identity
documents issued by UK ministers (eg passports), are an option to stimulate
applications in a manageable way. There are advantages to designation of documents
associated with particular target groups, eg young people applying for their first
driving licence.
Responding to the leaked document, Shami Chakrabarti, director of the
human rights group Liberty, said: So much for a voluntary scheme
compulsion is the ultimate ambition of this scheme and it can be achieved by
stealth without the need for further parliamentary debate.
On the 5th May 2017 the Road Safety Authority of Ireland announced that
from June 2017 onward all those presenting themselves for the mandatory
theory test would have to be in possession of a Public Services Card.
all theory test candidates will need to have a Public services card to book their theory
test or CPC case study test. The Public Services Card is also an ID requirement at the
centres from the 17 June onwards.
Source: Public Services Card (PSC) ID Policy, theorytest.ie
Does young people applying for their first driving licence ring any bells?
A lesson clearly learned by the Irish state from the failed attempt to introduce
identity cards in the UK between 2004 up until the scheme was scrapped was
to maintain at all times and at all costs that the card was voluntary, while
simultaneously introducing it into situations and interactions which required
identification and subsequently insisting that it was the only form of
identification that was acceptable.
From later this year it will not be possible to apply for a passport without
having a Public Services Card. Up until now a passport was accepted as the
primary form of identity authentication issued by the Irish state. This change
downgrades the passport for reasons that have not been made clear.
Another lesson learned from the UK debacle seems to have been to avoid at
all costs calling the tangible manifestation of the identity register an identity
card, despite it being used as such.
T H E C A RD IT SELF
In December 2009 the Department of Social Protection signed a contract
with a manufacturer to produce three million cards. Why the department
settled on a figure of three million in a country with a population of far more
than that is a mystery. After some stops and starts over the years, this
contract is due to finish either when three million cards are produced or at the
end of the calendar year 2017. If three million cards are not produced by the
end of 2017 the department will still have to stump up for the balance of the
cards not issued.
The 2016 contract provides for an advance payment by DSP in January 2017 of 50% of
the cost of the outstanding balance of 3 million cards. The cost of cards produced in
2017 is to be deducted in full from the advance. Also, should the target of 3 million cards
not be reached by the end of 2017, the cost of the cards not produced will become
payable in full.
Source: Comptroller & Auditor Generals report, 10.28

LOW RI SK CUST OMERS

The 2012 Department of Social Protection Annual Report describes how
issuing the Public Service Cards nationwide in bulk began in earnest this year.
The majority of cards issued were to the Departments customers on the
Jobseeker and One Parent Family Payment schemes. These customers went
through what the civil service calls its SAFE registration functionality, which
involves a face-to-face interview with a department official to confirm the
customer is who they say they are.
The department also notes in the 2012 report that it has opened
communications with what it terms low risk customers with a view to
issuing the Free Travel Variant of the Public Services Card to them in 2013
through a reduced registration process using data held by the Passport
Office.
The 2013 Annual Report describes this as a postal registration process, since
consent to use the data held by the Passport Office had to be acquired in
writing. Over 100,000 of these low risk customers had been issued with Public
Services Cards by the end of 2013 without any face-to-face interview.
So, to phrase that in a slightly different way, by the end of 2012 department
officials had divided their customers into at least two groups when it came to
overtures and approaches to be made about Public Services Cards. In 2013
department officials issued cards in entirely different ways and with entirely
different levels of verification to these groups.
That officials in this department have started profiling and categorising their
customers into tiers of risk like this based on no published criteria is
alarming. This is precisely why the creation of and continued access to a
biometric database of all citizens by this department should not be carried
out in the shadows, as is presently the case.
C OUN T DOWN T O TH E EN D OF T H E YEA R
Based on Minister Varadkars assertion in April that by then the Department
of Social Protection had issued more than 2.5 million Public Service Cards,
that still leaves them in a bit of a tight spot if they want to hit their target.
Were looking at between 1,500 and 2,000 registrations per day, every day
until the end of the year. That doesnt take account of weekends, bank
holidays or days when the roving mobile bands of card enforcers might get
lost.
As an aside, one cant help wondering what proportion of the 6,000 staff in
the department are currently devoted to ensuring that the numbers in the
contract are met, and whether this might be contributing to recent high-
profile failures to deliver basic services such as the payment of maternity
benefits on time.
In a nation of allegedly garrulous types who love to have a national discussion
about anything and everything, this covert introduction of a national identity
register is progressing remarkably silently. Could this be because, whether by
design or not, the state has slowly extended the requirement of the Public
Services card through groups who traditionally dont have a particularly loud
voice in the public sphere?
Unless the bookmakers are wrong Leo Varadkar will shortly become the next
Taoiseach. He has recently spoken of positioning Fine Gael as the party of
people who get up early in the morning, and of removing the right to strike
from certain workers. What might this entail in a state which has granted
itself extraordinary access into the private lives of its citizens through such a
wide-ranging yet seemingly haphazard data capture, storage and processing
regime? Theres a rewarding video at the end of the slideshow below which
puts forward a few suggestions.

Minister for Social Protection Leo Varadkar has apologised for delays over Maternity Benefit
payments, which could see some new mothers waiting for up to four weeks for payment.

He said around 1,300 women who are already on maternity leave have not received any
payments.

His department has said that the implementation of a new system, and the training of new
staff, has resulted in the delays.

There are 2,850 claims for Maternity Benefit waiting to be processed.

Taoiseach Enda Kenny has said that he will speak with Mr Varadkar over the delay.

Responding to Sinn Fin TDs during questions on legislation in the Dil, Mr Kenny said that
people should not be expected to wait if a scheme is in place and that he was "quite sure" Mr
Varadkar was "acutely aware" of the matter.

He said it was by and large a time of great excitement in a family home and the expectation
was that the scheme in place would work.

Mr Kenny said he would discuss the matter with Mr Varadkar and make sure that the facilities
are there to pay mothers quickly in respect of their newborn children.

Earlier, the minister said the backlog had built up over a number of weeks, and would
continue for another "couple of weeks".
Speaking on RT's Morning Ireland, he said that an exceptional need payment can be paid,
in certain cases, by local social welfare offices.

"Everyone will get their money. They will be paid in arrears," he said.

The department said it was "extremely sorry for any worry or concern being caused to
customers", and that extra staff have been assigned, and staff are working overtime to clear
the backlog.

The department said the delays were temporary but warned some women will not receive any
payments until four weeks after their maternity leave begins.

Maternity Benefit of 235 a week is paid once a woman has accrued enough PRSI credits.

For many new mothers it is their only income, because there is no obligation on employers to
continue paying their salary.

In some cases employers will top up the State payment to ensure their employees receive full
wages while on maternity leave.

Fianna Fil Spokesperson for Social Protection Willie O'Dea said the delays were not
acceptable.

"At a time when a child is born, people have a lot to worry about and expenses. It should be
paid straight away. A lot of people who come to you think it is a problem with their own case,
but it is a general problem."

He added: "Maternity Benefit is based on contributions, it is not a means tested, so there is no

long, detailed examination. There has to be an administrative glitch somewhere in the
department.

"In the past we have had huge delays in processing social welfare benefits at a time when our
unemployment was exceptionally high. It is very surprising that at this point in time, when the
pressure on staff was never less, that this impasse seems to have occurred."

In a statement, the Department of Social Protection said: "We want to assure customers that
the department is making every effort to ensure that they will be paid in a timely manner and
in order to alleviate delays; extra staff has been assigned and staff are working overtime.

"The number of claims being processed in advance of the maternity leave date is improving
those experiencing a delay can expect to have their claim processed within a maximum of
three to four weeks of commencing their leave."

The department is strongly encouraging online applications for Maternity Benefit for any
mothers to be who are planning to submit an application now or in future.

The department says an automated decision can issue instantly when a customer applies
online where they submit all the necessary information and where the details provided are
validated.
This is a disturbing insight into how the Government machinery thinks power works. Govs pass
laws to change policy, not rule by fiat.
The Health Identifier database is intended to be linked to the public services card database.

This is what censorship looks like.

so, I wrote to my oireachtas reps about the Public Sector Card and so forth
http://myprivacykit.com/projects/the-identity-card-that-most-assuredly-isnt-an-
identity-card/

Public Services Card (PSC) ID

Policy
Important Update to the ID Policy for all
Theory Test (including CPC Step 1 & 2)
exams

Candidates aged 16 years and

older can apply
for a Public Services Card
directly on website below.
Candidates aged under 16 years of age
must have a parent or guardian present
during the application process.

For an easy to follow step by step to applying for a Public

Services Card click here

For more information on how to obtain a Public Services

Card, we would encourage you to visit the Department of
Social Protection website.
From June 16th, any person sitting the Driver Theory Test
will be required to present a Public Services Card (PSC)
at the Test Centre as proof of ID.
At the time of booking the test, applicants will be asked to
confirm that they possess a Public Services Card.
In the test centre, the only acceptable form of ID will be
the Public Services Card. The card will be used to verify
name, PPS number and identity of the person attending
for the test.
Applicants will need to ensure that the spelling of the
name in which they book their test matches exactly the
spelling of their name on the card.
Theory Tests can be taken at 41 test centre locations
around the country as part of the RSAs driver testing and
licensing process.

From the 1st June 2017, in order to book a theory test (or
CPC Exam) you will need the 12 digit number from the
rear of the card.

Sample Public Services Card

http://www.theorytest.ie/driver-theory-test/public-services-card-psc-id-policy/
Government announces
changes to passport
application process
The changes will only affect first-time applicants

NEWS 10 Mar 2016

The Department of Foreign Affairs is announcing changes

to how first-time passport applicants can apply for
passport.
The Passport Service says all first-time applicants aged 18
and above who are resident in Ireland will need to present a
photocopy of their individual Public Services Card (PSC) for
identification.

This new requirement also applies to the small number of

adult passport applicants, whose last passport was issued
before January 1st 2005 and has since been reported as lost,
stolen or damaged.

"The measure is an important step considered necessary to

enhance protections against fraud and identity theft and to
uphold the integrity of the Irish passport", the service says.
"It will also ensure that the identity of first-time applicants for
Irish passports continues to be verified to a high standard", it
adds.

First-time applicants who do not currently have a PSC can get

one through their local Department of Social Protection office.
The PSC is used as a secure way to access government
services - including social welfare services and for free travel
on public transport.
The government says more than 1.8 million cards are already
in circulation.

The Passport Service says the new measure does not apply
to applications for renewal of passports issued since January
1st 2005, or to passport applications for children.
The new requirement means first-time applicants for adult
passports will no longer need to supply a certified copy of
documents - such as their driving licence or student card for
identification.
It also dispenses with the current requirement for additional
proof of name, but a proof of address is still required.

The new measures will take effect from March 29th.

http://www.newstalk.com/Passport-application-changes-

Department-of-Foreign-Affairs-passport-service-first-time-

applicants-Public-Services-Card-PSC
Hello friends! A rare request for likes, shares and all.
Here is our new Data Protection Consultancy service. We're offering to take on the role of
Data Protection Officer for companies getting ready for the EU's new General Data
Protection Regulation (GDPR) in May 2018.
We're also offering a Gap Analysis service, where we'll draw up a report showing where
you are now with your data handling and what you need to do in order to put your house in
order before the GDPR deadline.
Any and all shares greatly welcomed!
http://www.datacomplianceeurope.eu

Government introducing
mandatory National ID Card
by the back door, wheres
the accountability?
McDonald
24 August, 2017 -

Sinn Fin Deputy Leader Mary Lou McDonald TD has today described Fine Gaels
attempts to introduce a mandatory National ID Card by the back door as a textbook
example of a government that does not believe it is accountable to the people

The Dublin Central TD said:

By refusing to sign up for the Public Services Card and losing out on her pension as a
result, the elderly woman in question has done us all a great service by shining a
spotlight on the governments attempts to introduce a mandatory National ID Card by the
backdoor.

There are a number of government agencies now refusing to provide important personal
documentation and services such as passports and driver theory tests unless applicants
have a Public Services Card.

Where is the necessary public scrutiny and debate regarding the very significant privacy
and data protection rights concerns associated with the introduction of a mandatory
National ID Card? On what legal basis are departmental agencies enabled to make the
Public Services Card a mandatory requirement?

Introduction of a mandatory ID system by the bad door flies in the face of good
governance and public administration. Ministers refusal to come clean on the purpose of
the Public Service Card is a textbook example of a government that believes it is not
accountable to the people.

http://www.sinnfein.ie/conte
nts/45897

Introduction of integrated services

card must be debated in
Oireachtas
25th August 2017

Fianna Fil Seanad Group Leader and Seanad Spokesperson for Social
Protection, Senator Catherine Ardagh has said that it is essential that both
Houses of the Oireachtas are provided with an opportunity to debate and
consider the legitimate concerns regarding a mandatory public services card.

Responding to recent reports that the card is now mandatory to access

services provided by the Department of Social Protection, Senator Ardagh
said, It is important to note that this card has been in operation for those who
require Social Protection services since 2011.

This is not the first time a national ID card system has been mooted. Back in
2009, a report on social welfare fraud published by the Oireachtas Joint
Committee on Social & Family Affairs, recommended the introduction of a
national identity card to coincide with the development of a public services
card.

The use of biometric data being incorporated into the public services card in
order to seemingly eliminate the possibility of fraud and to improve the
efficiency of public services will bring personal rights into sharper focus.

It is therefore essential that both houses of the Oireachtas are provided with
an opportunity to debate and consider the possible human rights and/or data
protection implications of introducing such a system of national ID cards.

There are a number of plausible arguments for and against and many will
wish to vigorously challenge the possible infringements on ones privacy. We
must determine if the concept of mandatory identity cards challenges the
inalienable right to individual privacy which is protected by the constitution.

Any measure or initiative designed to effectively establish a State database

of citizens information requires a comprehensive debate, and the fact that a
public services card will soon be required for all passport applications, driving
licences and driver theory tests means that this debate needs to happen once
the Oireachtas returns, concluded Senator Ardagh.

https://www.fiannafail.ie/intr
oduction-of-integrated-
services-card-must-be-
debated-in-oireachtas/

Introduction of integrated services card must be debated in Oireachtas -

Introducing mandatory ID card by

the back door threatens citizens
rights

AUGUST 25, 2017

Social Democrats co-leader Risn Shortall TD is
calling for an open public debate on the National ID
card issue, while voicing concerns that a mandatory
identity system is being introduced by the back
door.
Deputy Shortall said:
The Minister for Social Protection Regina Doherty
said today that using a Public Services Card is now
mandatory for people to access services from her
department, and that other Government
departments will also make it mandatory. We have
already seen government agencies refuse to
provide services such as pension payments and
driver theory tests unless applicants can produce a
Public Services Card.
What we are seeing is the creeping introduction of
a mandatory ID card scheme by the back door. This
type of public administration by stealth lacks
transparency, threatens peoples rights, and is just
not acceptable. There has been absolutely no
public debate or scrutiny on this issue which
fundamentally affects the privacy of every citizen in
the State.
Where is the legislative basis for requiring people
to have a Public Services Card before they can
access all public services including pensions? We
need to have a national debate on whether to
introduce a national ID card scheme, and if it was to
be introduced there would have to be robust
safeguards in law in terms of what information can
be collected, how is it stored and accessed, as well
as penalties for breaches of data protection rules.
ENDS
25 August 2017
https://socialdemocrats.ie/2017/08/25/introducing-mandatory-id-card-
back-door-threatens-citizens-rights/
https://pbs.twimg.com/media/DIHxkFxW0AEYRkb.jpg

We have to scoll down again-without any UX to indicate scrolling is possible- to find the rest of
the policy we have to 'explicitly consent'
But don't worry. When you actually go ahead to book the test, you're taken to a website hosted
by @RSAIreland 's US contractor.

Now this is "odd". Go to a DSP office to "pair"

your phone with your identity. #mygovid
#snafu
DPC Statement on Public Services Card August 25 2017
Statement from Data Protection Commissioner at request of media following coverage of roll-out of Irish
Government public services card.
https://assets.documentcloud.org/documents/3964500/DPC-Statement-
on-Public-Services-Card-August-25.pdf
ere's a summary of the proposed system from a memo to govt dated Feb 2000 after they
already decided to go with full board Direct Provision

Data protection bill to be in place by December: Law Minister Ravi Shankar

Prasad - Economic
http://economictimes.indiatimes.com/news/economy/policy/data-
protection-bill-to-be-in-place-by-december-law-minister-ravi-shankar-
prasad/articleshow/60227629.cms

From the Data Protection Commissioner on her experience on the way the State treats Data
rights.
Department of Social Protection 2015 report.
See what it says about #psc.
Heres an extract from explanatory powerpoint given by the Depts officials. Note SAFE 3
fingerprint use.
This sounds like malicious paraphrasing. "They can't really say that, Simon" you'd say. "Be fair."
So, here's this
Privacy Impact Assessment On The use of RSA Driving Licence Data to
invite PPSN holders to use this data to register for a Public Services
Card
http://www.welfare.ie/en/downloads/Privacy_Impact_Assessment_RSA_
data-Jan2017.pdf
Getting a card like this, they say, of such overwhelming benefit to the individual that it justifies
breaching the Data Protection Acts

Commission decisions on the adequacy of the protection of personal data in

third countries
http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=EN
Presidency and the Commission from the Department of Homeland
Security (DHS) of the United States of America, concerning the
interpretation of certain provisions of the undertakings issued by DHS
on 11 MAY 2004 in connection with the transfer by air carriers of
passenger name record (PNR) data
http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:52006XG1027(01)&from=EN
PNR agreement_en 2004-05-28
http://ec.europa.eu/justice/policies/privacy/docs/adequacy/pnr
/2004-05-28-agreement_en.pdf
Letter Commissioner Bolkestein to US Secretary Tom Ridge,
Department of Homeland Security, 2003-12-18-
http://ec.europa.eu/justice/policies/privacy/docs/adequacy/pnr/2003-12-
18-letter-bolkestein_en.pdf
Communication from the Commission to the
Council and the Parliament - Transfer of Air
Passenger Name Record (PNR) Data- A Global
EU Approach
http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:52003DC0826
&from=EN

French delegation on the occasion of the Council Decision

authorising the Presidency to sign the draft reply to the letter
from the US Secretary of the Treasury regarding access to
SWIFT data
http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:22007X0720(04)&from=EN
EU-US TFTP Agreement data

https://ec.europa.eu/home-
affairs/sites/homeaffairs/files/what-is-
new/news/news/docs/20131127_tftp_annex_en.pdf
The Domino Effect: how many EU treaties violate
the rights to privacy and data protection?
TUESDAY, 25 NOVEMBER 2014

Steve Peers

Earlier this year, the Court of Justice of the European Union (CJEU)
ruled in the Digital Rights judgment against the validity of the EUs
data retention directive, on the grounds that it provided for mass
surveillance without any effective safeguards. Subsequently it ruled
against Google, in what has become known as the right to be
forgotten judgment.

What are the longer-term consequences of the Courts Privacy

Spring? An Irish court has already referred the Europe v Facebook
case (discussed here) to the CJEU, asking in effect whether the EUs
Safe Harbour arrangement on data protection with the USA is
compatible with the rights to privacy and data protection, in light of
the Snowden revelations. Now the European Parliament (EP) has
decided to refer the proposed EU/Canada agreement on passenger
name record (PNR) data to the CJEU, asking if it is compatible with the
rights to privacy and data protection in light of the Courts recent case
law. That judgment would implicitly determine whether the separate
EU/USA and EU/Australia treaties on PNR data, and the proposed PNR
Directive, violate those rights also. And if the PNR treaties breach the
rights to privacy and data protection, it would then be more likely that
the EU/USA treaty on banking data transfers also breaches those
rights in turn.

So, are we at the start of a domino effect of a series of EU laws and

treaties being ruled in breach of the rights to privacy and data
protection by the Court of Justice, all falling in sequence now that the
data retention Directive has been overturned? Or are the features of
the different measures different enough to avoid this?

Background

Theres a little bit of dj vu in todays decision by the EP to ask the

CJEU about the EU/Canada treaty on PNR. Back in 2004, it asked the
Court to rule on the original EU/USA treaty on the same subject. The
Advocate-Generals opinion in that case ruled against all of the EUs
arguments, including the right to privacy point. However, the Courts
2006 judgment only ruled on one of the EPs legal arguments that
the EU/USA treaty had the wrong legal base, and should have been
approved by using a different procedure (relating to police
cooperation, instead of the internal market). And that procedure
meant that the EP had no role in the approval of the treaty, or any
power to ask the Court of Justice about its compatibility with EU law.

Eight years later, the legal environment is quite different. Since the
Treaty of Lisbon entered into force in 2009, the EP (or the
Commission, Council or a Member State) can ask the CJEU for rulings
on the compatibility with EU law of EU treaties with third States on
police or criminal law cooperation. Indeed, this will be the first such
ruling. And while waiting for the Courts ruling, the EP can prevent the
EU/Canada treaty from being concluded, since it now has the power
of consent over such treaties (back in 2004, the Council circumvented
a separate request by the EP for the CJEU to rule on the EU/USA PNR
treaty by concluding that treaty without waiting for the Courts
opinion). Furthermore, the substantive legal environment has
obviously been transformed by the Courts ruling against mass
surveillance earlier this year.

The CJEU had another chance to rule on the right to privacy in the
international context when the Commission asked it to rule back in
2012 whether the international Anti-Counterfeiting Agreement
(ACTA) violated EU law. However, the Commission left it too late to
send its request to the Court, and the EP simply vetoed that proposed
agreement before the Court could rule (the Commission then
withdrew its case). So we should now get a long-awaited ruling from
the Court on the compatibility of international data transfers with the
EU rights to privacy and data protection unless the EP can be talked
into withdrawing its request to the Court.

The procedure which the EP has invoked today is a special process

which allows the Court to rule on the compatibility with EU law of a
draft treaty to be concluded by the EU (or by its Member States on
behalf of the EU), before that treaty comes into force. (For Canadian
readers: this process is broadly similar to sending a request to the
Supreme Court to rule on the constitutionality of a draft law. The EU
process only applies to treaties, though.) If the CJEU rules (probably in
about 18 months time, unless the ruling is expedited) that the draft
treaty is incompatible with EU law, either the draft treaty has to be
amended to comply with the Courts ruling, or (improbably) the EU
Treaties themselves have to be amended to permit its ratification.

The EU/Canada PNR treaty is distinct from the EU/Canada treaty

liberalising air transport (already in force), and the proposed
EU/Canada free trade agreement (CETA) although the latter treaty,
along with the EU/USA free trade agreement now being negotiated,
will be indirectly impacted by a pending case in which the EU
Commission has asked the CJEU to rule on whether the EU/Singapore
free trade agreement is compatible with EU law.
Comments

So does the EU/Canada PNR treaty violate the right to privacy?

Theres a detailed analysis of the broader impact of the data retention
judgment on other EU measures in a study by Boehm and Cole,
published earlier this year. So this is only a short summary of the
issues discussed further in that study. The starting point is how to
interpret that judgment: does it rule out all mass surveillance, or just
in cases where there are insufficient safeguards? In my view, it does
indeed rule out all mass surveillance where its linked to EU law, and
any draft treaty to which the EU is party would obviously be linked to
EU law.

But theres a prior question: when does a treaty with another State
entail mass surveillance? The data retention case concerned
collection of data on all phone and Internet use in the EU. This could
be compared to the use of social media (in the pending Facebook
case), or to international banking transfers, but its harder to argue
that collection of data on all flights to a particular third country
constitutes, by itself, mass surveillance. Having said that, the
proposed PNR Directive, which would apply to all flights within the
EU, would probably meet the criteria.

If (contrary to my interpretation) the Digital Rights judgment does

permit mass surveillance, as long as there are sufficient safeguards,
then what must these safeguards be? According to the judgment,
there have to be: definitions of the serious crimes or other purposes
of the data exchange; rules on the subsequent access to the data;
limits on the number of people who can access that data;
independent control by a court or supervisory authority; strong rules
on the data protection period; provisions on protecting data from
unlawful access and use; and a requirement to retain the data within
the EU only. Obviously, in the context of treaties with non-EU States,
the latter requirement must be understood as an obligation to retain
the data in the EU or that particular third country.

Do the EUs treaties with third States meet these criteria? This has to
be assessed on a case-by-case basis. At first sight, for example, the
EU/Canada PNR treaty contains provisions addressing all of these
safeguards issues except one: the transfer of PNR data to other
countries, which is permitted (although subject to conditions). But it
might be argued that in practice, the right to privacy and data
protection is not protected as strongly under such treaties as it might
first appear, due to inadequacies in national legislation or practice,
such as NSA access to Facebook data or limitations on non-USA
citizens claiming privacy rights in the courts.

Finally, theres an important practical question here. Lets imagine

that the CJEU rules that the proposed EU/Canada treaty violates
privacy and data protection rights; or that it approves that treaty, but
its reasoning in that judgment casts doubt on the compatibility of
other EU treaties with those rights. How can those other treaties be
challenged, now that they are already in force?

Time has run out to bring annulment actions against those treaties,
or to ask the CJEU for an advance ruling on their compatibility with
EU law. But it is still possible for individuals to challenge the
application of those treaties via the national courts (as in the Digital
Rights and Facebook cases). Or the EP could argue that in order to
secure effective protection of rights under the EU Charter of
Fundamental Rights, the other EU institutions must take steps to
denounce the treaties concerned. If they dont do so, the EP can sue
them for failure to act as set out in the EU Treaties.

https://eulawanalysis.blogspot.ie/2014/11/the-
domino-effect-how-many-eu-treaties.html
EU/Canada agreement on passenger name record (PNR) data to the CJEU

http://register.consilium.europa.eu/doc/srv?l=EN&f
=ST%2012657%202013%20REV%201

THE PROBLEM OF VOICE AGING

IN BIOMETRIC SECURITY
Voices change over time. For enterprises that rely solely on
voice biometrics for security, this can lead to significant
problems in customer experience, fraud, and operations. This
year at the RSA Conference in San Francisco, Dr. Elie Khoury,
Principal Research Scientist with Pindrop, shared his new study
on the degradation in performance of modern speaker
recognition systems that occur over just four months.
The General Data Protection Regulation (GDPR) changes the
way organizations and their customers engage. Set in place to
improve the standards around privacy and data protection, the
GDPR will become part of the daily workload to increase
security. The role played by the contact centre in meeting GDPR
requirements will have to be part of a coordinated organisation
response.
New egovernment strategy is a national identity
card by the back door
02 AUG 2017

The government has promised that the Public Services Card would not be mandatory. But now
the government has put forward an eGovernment strategy that will force every citizen, young or

old, rich or poor to have this card. You will not be able to travel abroad, claim a benefit or
open a savings account without it. It is a compulsory ID card by the back door and there has
been no consultation about this.
The Public Services Card is actually much bigger than the card itself. It is a plan that will
result in the linking up of private, intimate details of Irish citizens lives across all sections of
government, including the education system, Gardai and the Health Service. There is no legal
framework to provide for this to be done in a fair, safe and legal manner. The Department of
Public Enterprises draft Data Sharing and Governance Bill would provide some basis for
this, but it is only in the earliest stages of development.

There are also real concerns about safety and security. How will this unified data be
protected? Tens of thousands of public servants and contractors could have access to parts
of this national data sets and there is no plan for how this access would be controlled. Only
last week, a member of an Garda Siochana was convicted of illegally accessing private data
about individuals from the Garda PULSE system. And this is certainly not the only case.
There have been hundreds of breaches of privacy at the Department of Social Protection,
which lies at the heart of the whole PSC initiative. As sensitive data about vulnerable children
is collected, what assurance will parents have that only suitably screened persons have
access to that data?

And there are also external threats. Sweden is reeling from a scandal where data stored in
the Cloud as part of a unified national system has resulted in a major nationwide data breach and
a government-level scandal.

All the signs are that the government are taking these issues very lightly. The rights of
ordinary people to privacy and protection from their government need to be at the heart, not in
the footnotes.

http://egovstrategy.gov.ie

Conclusion
This eGovernment Strategy has been developed with the aim of succinctly setting out the next
phase of eGovernment in Ireland. It sets out the contextual changes that have occurred since the
publication of the first eGovernment Strategy, particularly with regard to a more joined-up Civil
Service, a more digitally focused European Union and significant changes in technology, use of
technology and resulting public expectation. It recognises the progress that has continued to be
made and the momentum that has been created by the Public Service ICT Strategy and its 18-
step delivery plan.

The Strategy therefore focuses on 10 key actions. These are designed to continue the momentum
in Irelands drive for excellence in eGovernment, ensure alignment with the wider EU
eGovernment agenda and ensure that the next strategic review is carried out against a
background of success and achievement.

Minister of State ODonovan

announces eGovernment Strategy
2017-2020
Patrick ODonovan T.D., Minister of State for Public Procurement, Open Government and
eGovernment, today (Thursday 27th July) announced the publication of the eGovernment Strategy
2017-2020 at http://egovstrategy.gov.ie/.

Minister ODonovan commented The new eGovernment Strategy sets out our plans to be a leader
in the provision of digital government services. We have made substantial progress over the last
few years and want to build upon that. The expectations of our people are very clear in terms of
more convenient, intuitive and joined-up digital services; delivering on these expectations will be
one of my key priorities going forward.
The new strategy has been developed to build upon the first eGovernment Strategy (eGovernment
2012-2015) with the aim of succinctly setting out the next phase of eGovernment in Ireland. The
Strategy focuses on 10 key actions which cover a range of themes including presentation of
services, secure online identification, underlying infrastructure and appropriate skilling.
The Strategy takes note of the contextual changes of the last few years such as technology
innovation, a more joined-up Civil Service and developments across the EC, particularly GDPR,
the eGovernment Action Plan and the Digital Single Market. It also recognises the national
progress that has continued to be made and the momentum that has been created by the Public
Service ICT Strategy and its 18-step delivery plan.

The Strategy is closely aligned with the Public Service Reform Plan and the Civil Service Renewal
Plan. It also provides an ICT response to important themes addressed in the National Action Plan
2016-2018 such as:

1. Increased Citizen Engagement, to improve policies and services;

2. Increased Transparency, to better understand government activities and decisions;
3. Open Data, for transparency and innovation; and
4. Anti-Corruption and Strengthened Governance and Accountability, to ensure integrity in public
life.

Gist: don't like plan for forced ID card and like implications of the population database
underpinning it even less.

eGovernment Strategy 2017-2020

HTTP://EGOVSTRATEGY.GOV.IE/WP-
CONTENT/UPLOADS/2017/07/EGOVERNMENT-
STRATEGY-2017-2020.PDF

SUPPORTING PUBLIC SERVICE

REFORM EGOVERNMENT 2012
2015
http://egovstrategy.gov.ie/wp-content/uploads/2012/04/eGovernment-2012-2015.pdf

The Court of Justice has recently proposed that the EU should double the number of judges
on the General Court, and abolish the EUs Civil Service Tribunal.

http://data.consilium.europa.eu/doc/document/ST-14448-2014-REV-
1/en/pdf
The EU/Canada PNR treaty is distinct from the
EU/Canada treaty liberalising air transport (already in force), and the
proposed EU/Canada free trade agreement (CETA)

http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=OJ:L:2010:207:FULL&from=
EN
Apple patents method for differentially private emoji frequency detection. Privacy in action

Ireland ill-prepared for

ethical issues raised by gene
editing, says expert
Landmark development announced this week in US
described as game-changer
Fri, Aug 4, 2017, 01:00
Paul Cullen

Shoukhrat Mitalipov was a senior author on a study detailing how scientists

have for the first time successfully edited genes in human embryos to repair a
serious disease-causing mutation. Photograph: Leah Nash/The New York
Times
Ireland is ill-prepared to deal with the ethical and legal
concerns raised by the increasing ability of scientists to
edit human genes, according to an Irish expert on
genetic law.
The announcement this week by US scientists that they
have successfully modified human embryos to remove
genetic mutations causing heart disease is a game-
changer in scientific and ethical terms, says Dr Aisling
de Paor, a law lecturer in Dublin City University.
The development, greeted as a landmark in gene editing,
moves us one step closer to an era of designer babies
she says.
It opens the door to tailoring the genetic make-up of
our children. It also facilitates the selection of hair or eye
colour, sporting ability, or behavioural traits.
It is simply wrong to call a fertilised ovum a human
Impact of gene editing breakthrough will be muted
Bishop says embryos used in landmark study gave no
consent
Dr de Paor is concerned that the achievement could
signal a re-invigoration of eugenic-type ideas, long
discredited since the Nazi era. It is no longer in the
realm of science fiction to imagine a Gattica-type society
focused on genetic cleansing. We need to be worried
about the possibility of this new age of eugenics.
In the study published this week, the US scientists used a
powerful gene editing tool to fix mutations in embryos
made with the sperm of a man with an inherited heart
condition. This dramatically reduced the number of
embryos that carried the dangerous mutation.
Screen out disability
Dr de Paor, the author of a forthcoming book on genetic
law and policy, says these kind of genetic advances
provide the lens to view, identify and eradicate
disability. So with these new developments there is the
ethical concern that technology will be used to screen out
disability in society. This is extremely worrying from a
human rights perspective, and in relation to the current
and future rights of people with disabilities.
She foresees issues with discrimination and
stigmatisation in a world where disability is being
eradicated, as well as the exacerbation of societal
inequities caused by differing levels of access to the
technology.

Expanding...

Ireland has no concrete legal framework to deal with

these issues, she says, and we are effectively operating in
a regulatory vacuum. Dr de Paor says clear and informed
regulation is needed but this should be preceded by an
active dialogue involving scientists, doctors, regulators
and the general public.
Family line
Dr Simon Fishel, director of Beacon Care Fertility and a
member of the UK team that pioneered IVF treatment,
says the new technology will make it possible to prevent
hereditary diseases passing from one generation to the
next.
This is exciting research that in time may herald a new
approach for correcting embryos carrying devastating
genetic disorders. Such technology would ensure that
those families afflicted with such diseases no longer need
worry about passing it down the family line. This could
eradicate over time diseases such as cystic fibrosis,
which are severely life limiting.

I think all potential parents would like to have

happy healthy children free from pain and
suffering where possible. I see no ethical
problem with this one as long as appropriate
medical and regulatory safeguards are put in
place

https://www.irishtimes.com/news/health/ireland-ill-
prepared-for-ethical-issues-raised-by-gene-editing-says-
expert-1.3176117
This is "odd" in @toyotaireland #faceitdown app. It buries consent for messaging way down in
T&Cs, incl. comms not relevant to app.
Some 931 pages in (not referred to in the Executive Summary that most commentators appear
to have had difficulty reading past)
Average fraud saving of
1.16 for each public
services card issued
Fresh concern about State sharing of citizens data after
publication of new strategy
Tue, Aug 1, 2017, 12:30
Elaine Edwards

Public services cards, the issuing of which will have cost 60 million by the
end of the year, were first provided to social welfare customers and people
claiming certain State benefits.
An identity card currently held by more than two million
people has so far prevented just 2.5million worth of
welfare fraud, figures from the Department of Social
Protection show.
Public services cards, the issuing of which will have cost
60 million by the end of the year, were first provided to
social welfare customers and people claiming certain
State benefits. They are now being rolled out to all
citizens and the Government has said they will be
required for certain services, such as obtaining passports
and driving licences.
Official (anti-fraud) savings up to October as a result of
registering customers through face-to-face process for
the card were 2.58 million, according to departmental
records released under the Freedom of Information Act.
Some 2.23 million cards had been issued at that time.
This means the amount saved due to capturing alleged
fraud when registering for the card at that time was just
under 1.16 per card issued.
The department has an annual budget of almost 20
billion. It has said separately it has saved more than
500 million due to other control measures to detect
fraud and overpayments.
Some 2.71 million of the cards had been issued up to the
end of July and the department said it planned to meet
the target of 3 million by the end of the year. It has
issued about 50,000 cards a month on average this year.
Privacy campaigners concerned over national ID card by
stealth
Passport applicants will have to have States public services
card
State faces 60m bill for public services cards by end of
year
Expansion
At a meeting with Government officials as late as last
September, the Data Protection Commissioner
expressed concern at the increasing expansion across
the public sector of the use of the PPSN (PPS number),
and by legislative means other than the primary Social
Welfare Acts.
The commissioners officials also expressed concern
about transparency and public awareness of the card
project.
They also reveal the Road Safety Authority refused to
implement a plan to allow driving licences and public
services cards be issued as part of the same process, until
a public campaign was put in place.
Expanding...

Privacy advocates and the Irish Council for Civil

Liberties have expressed concerns that the means by
which the card has been introduced make it a national
ID card by default.
Digital Rights Ireland (DRI) expressed renewed concern
on Monday about the Governments plans to more
widely share citizens data following the publication of
the e-Government Strategy 2017-2020 last week.
It said the public services card project would result in
the linking up of private, intimate details of Irish
citizens lives across all sections of government,
including the education system, garda and the health
service.
There is no legal framework to provide for this to be
done in a fair, safe and legal manner, the organisation
said.
Data sharing
The proposed Data Sharing and Governance Bill would
provide some basis for the sharing of data, but that this
was only in the earliest stages of development.
DRI said the Government had promised the public
services card would not be mandatory but it had now put
forward a plan that will force every citizen, young or
old, rich or poor to have this card.
Tens of thousands of public servants and contractors
could have access to some of the national databases and
there was no plan for how this access would be
controlled.
It noted that just last week, a member of An Garda
Sochna was convicted of illegally accessing private data
about individuals from the Garda Pulse system and that
there had been hundreds of privacy breaches at the
Department of Social Protection.
DRI said there were also external threats and
that Sweden was currently reeling from a
scandal where data stored in the cloud as part of
a unified national system had resulted in a
major nationwide data breach and a
government-level scandal.
Fresh concern about State sharing of citizens data after publication of new strategy

https://www.irishtimes.com/news/ireland/irish-
news/average-fraud-saving-of-1-16-for-each-public-
services-card-issued-1.3173443?utm_content=sf-man

EU GENERAL DATA PROTECTION REGULATION pdf doc

General Data Protection Regulation (GDPR)

http://data.consilium.europa.eu/doc/document/ST-5419-
2016-INIT/en/pdf
The EU General Data Protection Regulation

https://www.sophos.com/en-
us/medialibrary/Gated%20Assets/white%20papers/soph
os-eu-data-protection-laws.pdf?la=en

Privacy and Security Law Report The Proposed EU Data

Protection Regulation Three Years Later- The Council
Position

https://www.wsgr.com/eudataregulation/pdf/BNA-
0615.pdf

Radical changes to European data protection legislation

http://www.allenovery.com/SiteCollectionDocuments/R
adical%20changes%20to%20European%20data%20prote
ction%20legislation.pdf

EU General Data
Protection Regulation in
13 Game Changers
http://globalitc.bakermckenzie.com/files/Uploads/Docu
ments/Global%20ITC/13%20Game%20Changers/BM-
GDPR%20Game%20Changers%20Booklet.pdf

EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed
General Data Protection Regulation"

https://edps.europa.eu/sites/edp/files/publication/14-
09-15_article_eui_en.pdf
High Level Conference: "Ethical Dimensions of Data Protection and Privacy"
Centre for Ethics, University of Tartu / Data Protection Inspectorate
Tallinn, Estonia, 9 January 2013

https://edps.europa.eu/sites/edp/files/publication/13-01-
09_speech_tallinn_en.pdf

Big data, artificial intelligence, machine learning and

data protection

https://ico.org.uk/media/for-
organisations/documents/2013559/big-data-ai-ml-and-
data-protection.pdf

Big data market to be worth 128bn

within three years
DataIQ News
24th May 2016
More galling news for the sceptics - worldwide revenues for big data and
business analytics will grow from nearly $122bn (83.5bn) in 2015 to more than
$187bn (128bn) in 2019, according to a new study, which claims large
companies will be the biggest adopters of the technology.

IDC's Worldwide Semiannual Big Data & Analytics Spending Guide predicts that the
services-related opportunity will account for more than half of all big data and
business analytics revenue, with IT services generating more than three times the
annual revenues of business services.

Software will generate more than $55bn (36bn) in revenues, almost half of which
will come from purchases of tools for end-user queries, reporting, analysis and data
warehouse management. Hardware spending will reach $28bn (19bn).

Manufacturing will lead the way on $22.8bn (16bn) but banking will not be far
behind on $22.1bn (15bn). Meanwhile, local and central government, professional
services, telecoms and retail will generate revenues of more than $10bn (6.8bn) by
2019. The industries experiencing the fastest revenue growth will be utilities, resource
industries, healthcare and banking.

IDC programme director of customer insights and analysis Jessica Goepfert said:
"There is little question that big data and analytics can have a considerable impact on
just about every industry.
"Its promise speaks to the pressure to improve margins and performance while
simultaneously enhancing responsiveness and delighting customers and prospects.
Forward-thinking organisations turn to this technology for better and faster data-
driven decisions."

Revenue growth will primarily be driven by large and very large companies (those
with more than 500 employees), which will generate revenues of more than $140bn
(96bn). However, SMEs will account for nearly a quarter of the worldwide revenues.

IDC group vice president of analytics and information management Dan Vesset
added: "Organisations able to take advantage of the new generation of business
analytics solutions can leverage digital transformation to adapt to disruptive changes
and to create competitive differentiation in their markets.

"These organisations don't just automate existing processes, they treat data and
information as they would any valued asset by using a focused approach to extracting
and developing the value and utility of information."

https://www.dataiq.co.uk/news/big-data-market-be-
worth-ps128bn-within-three-years

In just over a year the General Data Protection Regulation will become enforced on
all UK organisations. In that time firms, like yours - which rely on personal
information to generate value - need to ensure your culture, processes, policies and
technologies are compliant.

Building on last years first-to-market insights and fully-subscribed series of events,

this is an opportunity to benchmark your level of preparation and to gain an
understanding of consumer concerns, as well as to sense-check your own GDPR plans
against what the broader marketplace is considering.

It is also your first chance to learn what our exclusive new research reveals about the
impact of the GDPR on you and your customers.

Each event is delivered by DataIQ in partnership with business partners who offer
specific domain expertise and solutions to help you become GDPR compliant. Each
session will also offer expert legal insight into how the GDPR will be converted into
UK law and what enforcement will look like from May 2018.
 To register for an individual event follow the links below. Should you wish to purchase a single
ticket to all 4 events or place a group booking then please conta Protection
8:30-11:15am 16th March 2017, Mishcon de Reya, London WC2B 6AH

Who do consumers believe are responsible for keeping their data safe?
Are companies adopting the right culture to ensure this responsibility is taken
seriously?
What impact does a data breach have on the business model - and is this changing?

Learn what role data protection processes play in building customer trust and ensuring
the organisation has compliant and sustainable data to drive its business processes.
Plus, hear what new demands, like 72 hour notification of data breaches, mean for
business.

ct us at info@dataiq.co.uk where we will be happy to help.

Preparation
8:30-11:15am 23rd March 2017, Soho Hotel, London W1D 3DH

How much do consumers notice errors in data when they receive communications?
What steps are companies taking to ensure any changes and updates are populated
across the business?
Is data quality improving year-on-year?

Explore one of the most intractable challenges - data quality - through insights into
the impact it has on customer perceptions of the business, as well as how
organisations are adapting to new requirements to ensure data is accurate and up-to-
date.

TRANSFORM SECURITY DATA PROTECTION

SOLUTION OVERVIEW IT MANAGEMENT AND THE
GDPR- THE VMWARE PERSPECTIVE

https://www.vmware.com/content/dam/digitalmarketin
g/vmware/en/pdf/solutionoverview/vmware-general-
data-protection-regulation-and-it-management-vmware-
perspective.pdf

Gearing up for GDPR Compliance - Practical steps to

ensure compliance with the revised data protection
regulation. Chris Bernau

http://www.isaca.org/chapters10/Winchester/Events/Do
cuments/201610%20PwC-GDPR.pdf
Possible delegated acts for the implementation of EU legislation on both markets in financial
instruments (MIFID II) and on market abuse regulation (MAR).

http://ec.europa.eu/justice/data-protection/article-
29/documentation/other-
document/files/2015/20150707_letter_from_art29_wp_
to_dgfisma_on_coming_delegated_acts_implementing_
mifid2vf.pdf

Opinion 1/2006 on the application of EU data protection

rules to internal whistleblowing schemes in the fields of
accounting, internal accounting controls, auditing
matters, fight against bribery, banking and financial
crime

http://ec.europa.eu/justice/policies/privacy/docs/wpdoc
s/2006/wp117_en.pdf

The Court of Justice of the EU and the Right to be

Forgotten

http://ec.europa.eu/justice/data-
protection/files/factsheets/factsheet_rtbf_mythbusting_
en.pdf

Protection of personal data in the European Union

http://ec.europa.eu/justice/data-
protection/files/eujls08b-1002_-
_protection_of_personnal_data_a4_en.pdf

European Union, of an Agreement between the United

States of America and the European Union on the
protection of personal information relating to the
prevention, investigation, detection, and prosecution of
criminal offenses

http://ec.europa.eu/justice/data-
protection/files/umbrella_proposal_en.pdf
Data Protection Conference on
the Implementation of Directive
95/46/EC
http://ec.europa.eu/justice/policies/privacy/docs/lawrep
ort/2002-conf-progr_en.pdf

INTERNATIONAL COVENANT ON CIVIL AND POLITICAL RIGHTS

http://ec.europa.eu/justice/policies/privacy/docs/16-12-
1996_en.pdf
RSA introduced requirement for a public services card to get driving licence and then found you
got a card after you could get your licence

Key aspects of the proposed General Data Protection Regulation

explained:

https://edri.org/files/GDPR-
key-issues-explained.pdf
Countdown to GDPR with the Future of Privacy Forums Gabriela Zanfir-Fortuna The
new EU General Data Protection Regulation Goes into effect on May 25, 2018 Changes
What is Personal Data Changes Scope (not limited to EU) Changes Consent New
Consumer Rights e.g. the right to be forgotten, and a right of data. Before moving to
the US, Gabriela worked for the European Data Protection Supervisor in Brussels,
dealing both with enforcement (compliance) and policy matters. At the EDPS she worked
in Cooperation and International Relations, dealing among other issues with international
data transfers, participating to the work of the Article 29 Working Party. Gabriela received
the Junior Scholar Award in 2014 at the Computers, Privacy and Data Protection (CPDP)
Conference in Brussels for her work on the right to be forgotten. She is the first
Romanian author to publish a comprehensive volume on the rights of the data subjects
(Protectia datelor personale. Drepturile persoanei vizate, C.H. Beck, Bucharest, 2015).
She published extensively on privacy and data protection in international journals and
collective volumes
https://soundcloud.com/cranberryradio/clbr-269-
countdown-to-gdpr
Politicians concerned about GDPR
& Marked Registers

Daragh O Brien

@daraghobrien August 22, 2017

A thing I know quite a bit about...
TDs and Senators are worried they will no longer be allowed keep personal
information on their constituents when data protection changes come into
effect next year.

With the European Union General Data Protection Regulation (GDPR)

coming into force on May 25th, 2018, some Oireachtas members have said
they fear retention of routine queries of a sensitive nature may be affected.

The Office of the Data Protection Commissioner has written to TDs and
Senators asking them to submit any queries through a dedicated email
address about how the GDPR will impact on their role.

Oireachtas members have until mid-September to submit their queries, after

which written guidance material on the GDPR will be finalised and
distributed.

There is also concern among some Oireachtas members that the use of the so-
called marked register could be restricted when the new laws are in place.

Available to purchase for six months after every election, the marked register
records the names and address of those who have voted and those who have
not.

Hard copies are destroyed once six months have passed, but some political
parties and individual politicians have computerised the information to
maintain records stretching back over many elections.

Those who access the records must sign a declaration undertaking not to
process the information provided for any commercial, direct marketing, or
any other non-statutory purpose and to comply with the provisions of the
Data Protection Acts.

However, a spokeswoman for the Office of the Data Protection Commissioner

said existing provisions allowing for the public inspection of electoral records
would not appear to be in contravention of the new data protection laws,
when they come into effect.

The spokeswoman confirmed the Data Protection Commission was in a

consultation process with TDs and Senators and was seeking their input on
aspects of GDPR implementation where they required guidance.

This is in line with our ongoing mission to provide guidance to all data
controllers which will assist them in their preparations for GDPR readiness.

Pre-legislative scrutiny of the general scheme of the Data Protection Bill 2017
concluded last month.

The proposed legislation must be in place by May next year to give effect to
the new EU regulation and an associated directive on sharing data for law-
enforcement purposes.
An Oireachtas spokesman said a group of officials had been established to
prepare for the GDPR and would report to the Houses of the Oireachtas
Commission on an implementation programme.

Part of this programme would be to provide guidance to Oireachtas members

on their obligations under the GDPR.

Help us build the next generation of forensic DNA tools by donating your DNA
Participant Information
Your participation will allow us to progress our research in finding
DNA variations related to physical
appearance. We are currently looking for people of all ages and
backgrounds.
Our data collection is carried out with the strictest confidentiality
and the approved ethics standards.
How to participate in this research
Step 1. Schedule an appointment

Email donatedna@gmail.com an I wish to participate message

We will contact you within 24-72 hours to organise an appointment

time.
Step 2. The day of your appointment
Sample collection takes 20 to 30 minutes and involves

Signing a consent form to allow us to use your samples for the

research described.

Collecting a saliva sample and a tiny hair sample (3-5 hairs).

-A saliva sample is donated by splitting saliva into tube. For the
hair sample, 3 to 5 hairs
are plucked from the back of your head using a forceps.

Taking a picture of your your face, eyes and ears, and taking a
colour scan of you skin and hair.
-This is done using a standard camera with two side flashes and a
specialised 3D camera.
-The colour of your skin and hair is recorded using a small hand
held colour scanner. This
would be somewhat similar to using a phone to video a patch of
your skin.

Completion of a questionaire. The questionaire has a bank of

questions about your physical
appearance and includes questions on your facial features, your
hair pattern and other physical
appearances. The questionaire can be completed in your own time
or during the sample
donation.
Confidentiality
Your donation will be managed with the strictest confidentiality in
accordance with best international
practice; your identity will remain confidential, a study number will
be assigned to your DNA sample
(your name will never appear with your DNA sample), your name
will only be disclosed to the Chief
Investigators of the project and their staff who work directly on the
project and will not be published
or disclosed to anyone else.
Ethics Approval
This research and research process has full ethical approval from
main ethical body governing
resaerch on human subjects - The Clinical Research Ethics
Committee Of The Cork Teaching
Hospitals

http://givedna.com/#xl_xr_page_detailed%20information

See who funds the study?

nij.gov/about/Pages/we
h t t p s : / / ww w . lc o m e .a s p x

givedna.com/#xl_xr_page_de
http:// t a i l e d % 2 0 i n f or m a t i o n
The proposed Social Welfare Bill for 2017 acknowledges PSC intent as ID card, removes some
PPSN use protections.
Advising on #GDPR & regulatory risks? Article 58 should be centre - regards a DPAs investigate
& corrective powers. twitter.com/PrivacyMatters
https:// /status/896 6366 246 66329 088

Data protection monster looms

Awareness around a new European law on the protection of personal
data is increasing, but its implications for Irish firms requires a massive
push, according to technology experts.
Saturday, August 12, 2017
Pdraig Hoare

Pat Larkin, CEO, and Paul Hogan, CTO, Ward Solutions. Picture: Philip
Leonard

The new general data protection regulation, or GDPR, which comes into
place in May next year, means private and public companies will have to
take more care than ever over the ways they store and protect the data
of citizens in the EU.
It is designed to harmonise data privacy laws across Europe and to
protect citizens data privacy.
Unlike an EU directive, which can be implemented over a certain time,
the regulation becomes law from May 2018, meaning penalties can be
imposed from the very first day.
It applies to organisations in the EU but also to any foreign firms doing
business inside the bloc.
If companies fail to comply with the regulation, they can be fined up to
4% of annual global turnover, or 20m.
Chief executive of Cork-based Smarttech, Ronan Murphy, said the law
was a monster in the scope of the regulations, saying that a massive
push was needed to make as many organisations as possible aware
before the May deadline.
First off, GDPR is a good thing as it is to protect all of our data and aims
at preventing breaches. There is a lot of scaremongering about the new
regulation, which neednt be the case.
However, that doesnt mean it shouldnt be taken very, very seriously
indeed. We are way, way behind still unfortunately but thankfully there
does seem to be growing awareness, he said.
According to cyber security experts, under the new regulation, Irish
firms will have to comply with up to 90 principles relating to data
protection.
Mr Murphy added: What it boils down to is that data protection officers
will be able to ask how data is stored, protected, kept and used on
customers, consumers, employees, etc. It will affect companies,
government agencies, private public partnerships, universities, he said.
He said he would advise firms to carry out a readiness assessment to see
how prepared they were for the new law.
While the law is implemented on day one and fines can be imposed on
non-compliant firms, I would imagine firms taking steps to comply
would be looked more favourably upon even if not fully-compliant, he
said.
Dublin-based IT security firm Ward Solutions said demand for GDPR
services had grown so much in recent months that it was creating a new
300,000 unit.
Chief technology officer Paul Hogan said: With GDPR looming on the
horizon, there are huge fines in play for any organisation that fails to
demonstrate compliance. Demand for this service is so high that 15 of
our experienced data privacy consultants are now working solely on
GDPR.

http://www.irishexaminer.com/business/data-protection-monster-
looms-456904.html
The #GDPR right to erasure is actually more qualified than the less specific rights under EC/95/4
Serious DCMS error about consent
and data protection
AUGUST 11, 2017
I blogged on Monday about the government Statement of Intent regarding the
forthcoming Data Protection Bill. What I missed at the time was an accompanying
release on the Department for Digital, Culture, Media and Sport (DCMS)
website. Having now seen it, I realise why so many media outlets have been making a
profoundly misleading statement about consent under the new data protection law: they
have lifted it directly from DCMS. The statement is
The Data Protection Bill will require explicit consent to be necessary for processing
sensitive personal data
It should only take a second to realise how wrong this is: sensitive personal data will
include information about, among other things, health, and criminal convictions. Is the
government proposing, say, that, before passing on information about a critically injured
patient to an A&E department, a paramedic will have to get the unconscious patients
explicit consent? Is it proposing that before passing on information about a convicted sex
offender to a local authority social care department the Disclosure and Barring Service
will have to get the offenders explicit consent?

Of course not its absolute nonsense to think so, and the parliamentary drafters of the
forthcoming Bill would not dream of writing the law in such a way, not least because it
would contravene our obligations under the General Data Protection Regulation (GDPR)
around which much of the Bill will be based. GDPR effectively mirrors the existing
European Data Protection Directive (given effect in our existing Data Protection Act
1998). Under these laws, there are multiple circumstances under which personal data,
and higher-category sensitive personal data can be processed. Consent is one of those.
But there are, in Article 9(2) of GDPR, nine other conditions which permit the processing
of special category data (the GDPR term used to replicate what is called sensitive
personal data under existing domestic data protection law), and GDPR affords member
states the power to legislate for further conditions.

What the DCMS release should say is that when consent is legitimately relied upon to
process sensitive personal data the consent must be explicit. I know that sentence has got
more words on it than the DCMS original, but thats because sometimes a statement
needs more words in order to be correct, and make sense, rather than mislead on a very
important point regarding peoples fundamental rights.

I tweeted Matt Hancock, the minister, about the error, but with no answer as yet. Ive also
invited DCMS to correct it. The horse has already bolted though, as a Google news search
for the offending phrase will show. The Information Commissioners Office has begun
a series of pieces addressing GDPR myths, and I hope this is one theyll talk about, but
DCMS themselves should still issue a corrective, and soon.
The views in this post (and indeed all posts on this blog) are my personal ones, and do not
represent the views of any organisation I am involved with.
DCMS Statement of Intent on the Data
Protection Bill
Not so much a Statement of Intent, as a Statement of the Bleeding Obvious
The wait is not quite over. We dont yet have a Data Protection Bill, but we do have
a Statement of Intent from DCMS, explaining what the proposed legislation will contain.
I though it would be helpful to do a short briefing note based on my very quick
assessment of the Statement. So here it is
ITS JUST AN ANNOUNCEMENT OF ALL THE THINGS THE UK WOULD
HAVE TO IMPLEMENT ANYWAY UNDER EUROPEAN LAW
By which I mean, it proposes law changes which will be happening in May next year,
when the General Data Protection Regulation becomes directly applicable, or changes
made under our obligation to implement the Police and Crime Directive. In a little more
detail, here are some things of passing interest, none of which is hugely unexpected.
As predicted by many, at page 8 it is announced that the UK will legislate to require
parents to give consent to childrens access to information society services (i.e. online
services) where the child is under 13 (rather than GDPRs default 16). As the UK lobbied
to give member states discretion on this, it is no surprise.

Exemptions from compliance with majority of data protection law when the processing is
for the purposes of journalism will remain (page 19). The Statement says that the
government

believe the existing exemptions set out in section 32 strike the right balance between
privacy and freedom of expression
But of potential note is the suggestion that

The main difference will be to amend provisions relating to the ICOs enforcement
powers to strengthen the ICOs ability to enforce the re-enacted section 32 exemptions
effectively
Without further details it is impossible to know what will be proposed here, but any
changes to the existing regime which might have the effect of decreasing the size of the
medias huge carve-out will no doubt be vigorously lobbied against.

There is confirmation (at pp17 and 18) that third parties (i.e. not just criminal justice
bodies) will be able to access criminal conviction information. Again, this is not
unexpected the regime for criminal records checks for employers etc was unlikely to be
removed.

The Statement proposes a new criminal offence of intentionally or recklessly re-

identifying individuals from anonymised or pseudonymised data, something the
Commons Science and Technology Committee has called for. Those who subsequently
process such data will also be guilty of an offence. The details here will be interesting to
see as with most privacy-enhancing technology, in order for anonymisation to be robust
it needs to stress-tested such testing will not be effective if those undertaking do so at
risk of committing an offence, so presumably the forthcoming Bill will provide for this.
The Bill will also introduce an offence of altering records with intent to prevent disclosure
following a subject access request. This will use the current mechanism at section 77 of
the Freedom of Information Act 2000. Whether that section itself will be amended (time
limits for prosecutions militate against its effectiveness) remains unknown.
I also note that the existing offence of unlawfully obtaining personal data will be widened
to those who retain personal data against the wishes of the data controller, even where it
was initially obtained lawfully. This will probably cover those situations where people
gather or are sent personal data in error, and then refuse to return it.
There is one particular howler at page 21, which suggests the government doesnt
understand what privacy by design and privacy by default mean:

The Bill will also set out to reassure citizens by promoting the concept of privacy by
default and design. This is achieved by giving citizens the right to know when their
personal data has been released in contravention of the data protection safeguards, and
also by offering them a clearer right of redress
Privacy by design/default is about embedding privacy protection throughout the lifecycle
of a project or process etc., and has got nothing at all to do with notifying data subjects of
breaches, and whether this is a drafting error in the Statement, or a fundamental
misunderstanding, it is rather concerning that the government, which makes much of
innovation (around which privacy by design should be emphasised), fails to get this
right.

So thats a whistle stop tour of the Statement, ignoring all the fluff about implementing
things which are required under GDPR and the Directive. Ill update this piece in due
course, if anything else emerges from a closer reading.

The General Data Protection Regulation comes into force on 25 May 2018.

Thats not new news. But it is a fact.

Its also fact that not everything you read or hear about the GDPR is true.

For the most part, writers, bloggers and expert speakers have their facts
straight. And what they say and sometimes challenge helps organisations
prepare for whats ahead.

And theres a lot to take in. The Data Protection Bill announced this week
gives more detail of the reforms beyond the GDPR, for example.

But theres also some misinformation out there too. And Im worried that the
misinformation is in danger of being considered truth.

GDPR will stop dentists ringing patients to remind them about

appointments or cleaners and gardeners will face massive fines that will
put them out of business or all breaches must be reported under
GDPR. Ive even read that big fines will help fund our work.
For the record, these are all wrong.

If this kind of misinformation goes unchecked, we risk losing sight of what

this new law is about greater transparency, enhanced rights for citizens and
increased accountability.

So, I want to set the record straight. I want to bust the myths. Because I know
that most organisations want to get the GDPR right when it comes into force
in 289 days.
This is the first in a series of blogs to separate the fact from the fiction. Well
be publishing future myth-busting blogs on consent, guidance, the burden on
business and breach reporting.
Myth #1:
The biggest threat to organisations from the GDPR is massive fines.

Fact:
This law is not about fines. Its about putting the consumer and citizen first.
We cant lose sight of that.

Focusing on big fines makes for great headlines, but thinking that GDPR is
about crippling financial punishment misses the point.

And that concerns me.

Its true well have the power to impose fines much bigger than the 500,000
limit the DPA allows us. Its also true that companies are fearful of the
maximum 17 million or 4% of turnover allowed under the new law.

But its scaremongering to suggest that well be making early examples of

organisations for minor infringements or that maximum fines will become the
norm.

The ICOs commitment to guiding, advising and educating organisations

about how to comply with the law will not change under the GDPR. We have
always preferred the carrot to the stick.

Our Information Rights Strategy a blueprint for my five-year term in office

confirms that commitment.
And just look at our record:

https://ico.org.uk/media/about-the-
ico/documents/2014134/20170413icoinformationrightsstrategicplan2017to2
021v10.pdf

Innovation plan

https://ico.org.uk/media/about-the-ico/documents/2014356/international-
strategy-03.pdf

ICO innovation plan details April 2017

https://www.gov.uk/government/uploads/system/uploads/attachment_data
/file/608843/ICO_Innovation_Plan_April_2017__1_.pdf
Issuing fines has always been and will continue to be, a last resort. Last year
(2016/2017) we concluded 17,300 cases. I can tell you that 16 of them resulted
in fines for the organisations concerned.
And we have yet to invoke our maximum powers.

Predictions of massive fines under the GDPR that simply scale up penalties
weve issued under the Data Protection Act are nonsense.
Dont get me wrong, the UK fought for increased powers when the GDPR was
being drawn up. Heavy fines for serious breaches reflect just how important
personal data is in a 21stcentury world.
But we intend to use those powers proportionately and judiciously.

And while fines may be the sledgehammer in our toolbox, we have access to
lots of other tools that are well-suited to the task at hand and just as effective.

Like the DPA, the GDPR gives us a suite of sanctions to help organisations
comply warnings, reprimands, corrective orders. While these will not hit
organisations in the pocket their reputations will suffer a significant blow.

And you cant insure against that.

https://informationrightsandwrongs.com/2017/08/11/serious-dcms-error-about-
consent-and-data-protection/

Compensation for breach of

the General Data Protection
Regulation
22 AUGUST, 2017

I have just posted a paper on SSRN entitled Compensation for

breach of the General Data Protection Regulation; this is the
abstract:
Article 82(1) of the General Data Protection Regulation (GDPR)
provides that any person who has suffered material or non-
material damage as a result of an infringement of this Regulation
shall have the right to receive compensation from the controller or
processor for the damage suffered. As a consequence,
compliance with the GDPR is ensured through a mutually
reinforcing combination of public and private enforcement that
blends public fines with private damages.
After the introduction, the second part of this article compares and
contrasts Article 82(1) GDPR with compensation provisions in
other EU Regulations and Directives and with the caselaw of the
CJEU on those provisions, and compares and contrasts the
English version of Article 82(1) GDPR with the versions of that
Article in the other official languages of the EU, and concludes that
at least 5 of the versions of Article 82(1) GDPR are unnecessarily
ambiguous, though the CJEU (eventually, if and when it is asked)
is likely to afford it a consistent broad interpretation. However, the
safest course of action at this stage is to provide expressly for a
claim for compensation in national law. The third part of this article
compares and contrasts the compensation provisions in the Irish
governments General Scheme of the Data Protection Bill 2017
with existing legislation and case-law in Ireland and the UK, and
with incorporating legislation and Bills in other EU Member States,
and concludes that the Heads of the Scheme do not give full effect
to Article 82(1) GDPR. Amendments to the Scheme are therefore
proposed.
To ensure that any person who has suffered such damage has an
effective remedy pursuant to Article 47 CFR, Member States will
have to provide, pursuant to Article 19 TEU, remedies sufficient to
ensure effective legal protection in the fields of privacy and data
protection. In particular, they will have to provide expressly for a
claim for compensation, incorporating Article 82(1) GDPR into
national law. Claims for compensation are an important part of the
enforcement architecture of the GDPR. Private enforcement will
help to discourage infringements of the rights of data subjects; it
will make a significant contribution to the protection of privacy and
data protection rights in the European Union; and it will help to
ensure that the great promise of the GDPR is fully realised.
As I was working on this paper, I published several posts on this
blog (here | here | here) including discussions of the literal
meaning of Article 82(1) GDPR in each of the EUs 24 official
languages and the current status of GDPR incorporation in the
EUs 28 Member States. Thanks to everyone who has engaged
with these posts the analysis in my paper has improved
immeasurably. All comments on the current version gratefully
received.

Compensation for breach of the General Data Protection Regulation (update of my piece about
Article 82(1) #GDPR on
http://www.cearta.ie/2017/08/compensation-for-breach-of-the-general-data-protection-regulation/

What is the current status of

GDPR incorporation in the
EUs 28 Member States?
[Ongoing updates]
27 JULY, 2017
Having looked, in my previous post, at what Article 82(1) of the
General Data Protection Regulation says and means in each of the
EUs 24 official languages, Im interested in this post in the related
question of the current status of incorporation of the GDPR in each
of the EUs 28 Member States. I am interested in particular in
whether provision has been made in any incorporating legislation
or draft for an express claim for compensation or damages to give
effect to Article 82. The list below is the current state of play so far
as I have been able to find out. I would be grateful if you correct
any errors and help me fill in the blanks via the comments below,
via email, or via the contact page on this blog I would very
grateful indeed.
It seems that incorporations in various jurisdictions are taking
differing positions on Article 82. On the one hand, On the one
hand, such express claims are included in legislation in Austria, in
draft Bills in the Netherlands, Poland, Slovakia, and Spain, and in
reports in Sweden and the UK. On the other, no such express
claims appear in legislation in Germany and France, in draft Bills in
Estonia and Lithuania, or in a report in Finland. Somewhere in the
middle comes Ireland.

Austria 29(1) of the Bundesgesetz, mit dem das

Datenschutzgesetz 2000 gendert wird (Datenschutz-
Anpassungsgesetz 2018) (Bundesgesetzblatt I Nr. 120/2017 Teil I)
provides for a claim to compensation, which seems to be modelled
on, and which directly refers to, Article 82 GDPR.
Belgium The Belgian Commission for the Protection of Privacy
has published various preparatory documents which do not
mention compensation or damages, but there is no information so
far about draft legislation.
Bulgaria A Bill is not expected before September 2017.
Croatia Draft legislation is expected in the third quarter of 2017.*
Cyprus No information so far.
Czech Republic Draft legislation is expected no later than 31
August 2017.*
Denmark Work has commenced, and draft legislation is expected
in the Autumn.*
Estonia The process of amendment is well underway; but there do
not seem to be plans for provisions relating to compensation or
damages or Article 82.
Finland The Working Group appointed by the Finnish Ministry of
Justice has published a report, which considers that Article 82
does not need national incorporation (see p62).
France LOI n 2016-1321 du 7 octobre 2016 pour une Rpublique
numrique (the Digital Republic Act), amends French law to
implement various provisions of the GDPR, but does not provide a
claim for compensation or damages. The Commission Nationale
de lInformatique et des Liberts suggests that further legislation is
required (see CNIL Rapport dactivit 2016 (pdf) p23), but does not
refer to compensation or damages or Article 82.
Germany There is no express provision for compensation or
damages in the Gesetz zur Anpassung des Datenschutzrechts an
die Verordnung (EU) 2016/679 und zur Umsetzung der Richtlinie
(EU) 2016/680 (Datenschutz-Anpassungs- und -
Umsetzungsgesetz EU DSAnpUG-EU); (Gesetz vom 30 Juni
2017; Bundesgesetzblatt Teil I, 2097); official English translation:
Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and
to Implement Directive (EU) 2016/680 (DSAnpUG-EU) (pdf, via
here).
Greece Work has commenced, but there is no draft legislation
yet.
Hungary The Nemzeti Adatvdelmi s Informciszabadsg
Hatsg [DPA] has published a preparatory document which does
not mention compensation or damages, but there is no information
so far about draft legislation.
Italy The legislative process has formally commenced, but there is
no draft legislation yet.
Ireland The Government has published a draft General Scheme of
a Data Protection Bill 2017. Head 91 seeks to provide an effective
judicial remedy for data breaches, and assumes a claim for
compensation. I think that it is unclear whether the current draft
effectively incorporates Article 82 GDPR.
Latvia No information so far.
Lithuania The current draft Bill does not refer to compensation or
damages or Article 82.
Luxembourg Drafting so far has concentrated on authorisation
regimes, and there is no information on when legislation will
address other GDPR issues.
Malta No information so far.
Netherlands Article 36 of the current draft Bill provides for a claim
for compensation. The draft bill went through public consultation
and has been sent for advice to the Council of State, with a view to
submission to Parliament in the Autumn.
Poland Article 55 of the current draft Bill (pdf) provides for a claim
to compensation.
Portugal No information so far.
Romania No information so far.
Slovakia A consultation process on draft legislation has begun; it
seems that 39 of the Draft Bill [available as the 12th .doc here;
helpfully reposted .pdf here] provides for a claim to compensation.
Slovenia No information so far.
Spain Article 32(2) of the current draft Bill (pdf download) provides
for a claim for compensation by reference to Article 82 GDPR. The
Plenum of the General Council of the Judiciary unanimously
approved the draft.
Sweden Chapter 8 1 of the draft Bill proposed in a recent Report
for the Ministry of Justice (pdf) (pp25, 48, 274-278, 302-304, 384,
401) includes compensation claims that refer to Article 82 GDPR.
United Kingdom The Department of Digital, Culture, Media and
Sport conducted a consultation which did not refer to Article 82. On
foot of that consultation, and in advance of publishing a Bill, the
Department has issued a Statement of Intent, outlining its planned
reforms in advance of a Bill due next month. This refers the
greater scope for enforcing rights under the GDPR (p13); a
further document (pdf) says that Article 82 is one of the Articles of
the GDPR in respect of which Member States have flexibility; and
that document (pp8-9) envisages an express provision relating to
compensation claims.
European Economic Area (EEA) Since the GDPR is a text with
EEA relevance, its incorporation into domestic law in Iceland,
Liechtenstein and Norway is also relevant.
Iceland The Persnuvernd [DPA] has produced a draft Icelandic
translation of the GDPR, and the Government expects legislation
in the Spring of 2018, but no further details are available.
Liechtenstein No information so far.
Norway A draft Bill (pdf) has been published; the main part of the
Bill will contain a clause to incorporate the GDPR generally, with a
Norwegian translation (pdf) of the Regulation itself in an Appendix;
other clauses of the Bill will provide additional detail; compensation
claims pursuant to Article 82(1) GDPR (see section 27.2; p101) will
be provided via the general incorporation and not in an additional
specific clause.
Third countries: Other countries that have enacted data
protection regimes modelled upon the Data Protection Directive,
are likely to amend these regimes to come into line with the
GDPR, not least to maintain their current EU adequacy decisions.
For this reason, in Switzerland, the government has recently
issued a preliminary draft of a new Bill (available via here), which
does not seem to provide for a compensation claim (for example,
there is no entry for Article 82 in the GDPR column in the
concordance table (pdf)).
* Source: Baker McKenzie GDPR National Legislation Survey
(May 2017) (pdf) (via here).
Source: Global Privacy & Security Compliance Law Blog GDPR
implementation tracker (pdf) (via here)

REGULATION (EU) 2016/679 OF THE EUROPEAN

PARLIAMENT AND OF THE COUNCIL of 27 April
2016 on the protection of natural persons with regard to
the processing of personal data and on the free
movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation)
https://www.regjeringen.no/contentassets/c907cd2776264a6486b8dd3ee00a4e3d/uoffisiell-norsk-
oversettelse-av-personvernforordningen.pdf

Statement of Intent 7 August 2017 Summary of GDPR derogations in the Data

Protection Bill

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/635900/2017-08-
07_DP_Bill_-_Statement_of_Intent.pdf
Research and analysis to quantify benefits arising from personal data rights under the GDPR
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/635701/PersonalData
Rights_LE_-_for_Data_Protection_Bill__1_.pdf

Data Protection Bill - Letter to stakeholders

https://www.gov.uk/government/uploads/system/uploads/atta
chment_data/file/635869/2017-08-
07_Data_protection_bill_stakeholder_letter.pdf

UK Home Office says it is ... EU court of justice ... The European court of
justice has declared the data retention directive illegal,

The Court of Justice declares the Data Retention Directive to be invalid

https://curia.europa.eu/jcms/upload/docs/application/pdf/2014
-04/cp140054en.pdf

Political and Constitutional Reform Committee, Session 2014-15, ...

pcrc@parliament.uk, ... comply with the Constitution shall be invalid
http://www.parliament.uk/documents/commons-
committees/political-and-constitutional-reform/The-UK-
Constitution.pdf

Mays new snoopers charter (the draft investigatory powers bill), she will be
seeking to legalise something she claims is perfectly legal already but really
isnt.

https://www.gov.uk/government/
uploads/system/uploads/attach
ment_data/file/473770/Draft_Inv
estigatory_Powers_Bill.pdf
RIPA and the European Union
The purpose of RIPA was to implement Article 5 of the 1997 European Union
Directive 97/66/EC (now Art 5 of Directive 2002

http://eur-
lex.europa.eu/LexUriServ/LexUr
iServ.do?uri=CELEX:32002L005
8:en:HTML
British court when faced with obscure or confusing legislation based on an
EU directive to simply interpret it according to that directive. Thus Article 249
EC states:

http://eur-
lex.europa.eu/LexUriServ/LexUr
iServ.do?uri=CELEX:12002E249
:EN:HTML

LAW OF CONTRACTS -
newagepublishers.com The law of
contracts differs from other
branches of law in a ... can say
that the parties to ... there are
some agreements which are not
enforceable in a law court.
http://newagepublishers.com/sa
mplechapter/001048.pdf

Call for views on the General Data

Protection Regulation derogations
12 April 2017
https://www.gov.uk/government/
uploads/system/uploads/attach
ment_data/file/610133/EnglishG
DPRCFV_v1.5.2pdf_2.pdf
Government not compliant
in sharing citizen data - TD
Catherine Murphy tabled questions to Ministers over ruling
from EU Court of Justice
Tue, Nov 24, 2015, 16:32 Updated: Tue, Nov 24, 2015, 16:33
Elaine Edwards

Social Democrats TD Catherine Murphy questioned whether advice to

Ministers on the sharing of citizens data was flawed. Photograph: Alan
Betson/The Irish Times
AddThis Sharing Buttons
Share to LinkedIn

Share to Pinterest

Share to Reddit

Share to Google+
AddThis Sharing Buttons
Share to Facebook

Share to Twitter

Share to Email App

The Government is not compliant with a recent

significant ruling by Europes top court that affects the
sharing of citizens personal data between departments
and agencies, Social Democrats TD Catherine Murphy
has claimed.
Ms Murphy tabled written questions to ministers in the
Dil last week asking whether databases including those
set up for the property tax, Eircode, water charges and
information on school pupils were now illegal in light of
the so-called Bara judgment by the Court of Justice of
the European Union.
That ruling, delivered on October 1st, concerned a
Romanian case where the personal data of citizens was
shared by a tax authority with another body for the
purposes of assessing their liability for health insurance
contributions.
The court ruled that administrative bodies were
precluded under a 1995 EU directive from transferring
personal data to another administrative body without
the citizens concerned having been informed of that
transfer.
Satisfied at compliance
Government Ministers, including Minister for Finance
Michael Noonan, Tnaiste and Minister for Social
Protection Joan Burton and Minister for the
Environment Alan Kelly told the Dil they were satisfied
their departments are in compliance with the law.
Mr Noonan said he had been informed by the Revenue
Commissioners that the administration of the Local
Property Tax had been specifically provided for in
legislation.
Revenue had, he said, considered the Bara judgment
with regard to any possible implications for it as a data
controller.
The Bara judgment concerned the sharing between two
state entities in Romania of data without legislative
authority or consent from data subjects [citizens], he
said.
On that basis, the European Court of Justice found that
the data-sharing in question was illegal without
notification to or consent from the data subjects.
Ms Murphy contended, however, that the advice to
Ministers on the case was incorrect, as legislation had, in
fact, been in place in the Romanian case and this was
referred to in the EU judgment.

If that advice [to Ministers] is flawed, well, we dont

want to run into a situation where we end up having an
individual having to take the State through the courts
and seeking recompense and a change in the law in
retrospect.
Recognise the problem
What we need to do is recognise now that theres a
problem, we need to deal with that problem
appropriately with the right protections put in place and
were not within the legal parameters that were outlined
by that judgment.
Lets do it before we have to do a commission of inquiry
or a tribunal on it, Ms Murphy said.
Irish legislative measures in recent years have, for
example, allowed Irish Water to access information from
various State bodies, utilities and other sources in order
to compile a customer database from scratch.
It faced controversy last year when it emerged the water
utility was seeking access to peoples PPS numbers. The
Data Protection Commissioners office received a huge
number of inquiries about the matter.
The requirement for individuals to give their
PPS number was subsequently dropped when
the Government announced an amended scheme
involving the water conservation grant,
administered by the Department of Social
Protection.

https://www.irishtimes.com/new
s/politics/government-not-
compliant-in-sharing-citizen-
data-td-1.2442166

Government to strengthen UK
data protection law
Whats the prognosis for Health Identifiers
after the Bara Judgment?

The Irish State loves a good database, as regular readers will know.
I was doing the washing up recently, listening to the video of a recent
event in TCDs Science Gallery when I heard about the latest one.

The HSE has launched a new document- their Open Health Data
Governance Strategy.
Which is to say, it is the blueprint which should explain what medical
records and data they plan to release to researchers (including
commercially backed drug company researchers) from our medical files.
This is a very live issue internationally- with the UK having only recently
scrapped their plans to create a single digital medical record for
patients, and then share that data to 3rd parties.
We have already written on our website about some of our concerns
with the HSE's Individual Health Identifier plan.
( see: http://www.mcgarrsolicitors.ie//whats-the-prognosis-for-h/ )
However, if patients (which in the end means all of us) are to be moved
to a single, digitally accessible eHealth record, we're going to need to
see what- exactly- the HSE means when it says it will only share that
data after being 'de-identified'.
After the Governor of Massachusetts collapsed on stage in 1996, his de-
identified health records, which had been released as part of a dataset,
were successfully re-identified by an MIT student using only public data
to match his details. This eventually led to a law restricting release of
medical data in the US.
It would be better for everyone if we knew what the HSE currently
considers to be 'de-identifying'.

A store of electronic health records for women and infants, starting in

four maternity hospitals in the new year. This is a subsection of the
wider eHealth project being run by the HSE, which also includes the
Individual Health Identifier database system.
There was a problem connecting to Twitter.
The Health Identifier Act 2014 provides the statutory basis for the
creation of this database which is intended to eventually take in
everyone born or resident in Ireland, citizen or not. To build this (latest)
national identity database, the Government has spared itself no power.
The Minister for Health has been given the power to take information
from every other database within the reach of any part of the
Government. Section 8 of the Act reads;
A Minister of the Government may, solely for the purpose of
establishing, or maintaining the accuracy of, the National
Register of Individual Health Identifiers, provide the Minister
with an individuals other identifying particulars and the
Minister may use any such particulars so provided for that
purpose.
The Department of Social Welfares register of PPS numbers, the
Department of Educations Primary and Post Primary Online Database,
the Department of Environments Local Property Tax personal data
from all of them now combined into a single database.
We know this has already happened because Richard Corbridge, the
official charged with bringing in the eHealth project, has confirmed that
the data transfer has already taken place and that the IHI database is
populated with a full cohort of real citizens data.

All of which is to say that this is a plan with far reaching consequences
for the whole population, involving what most people would agree is the
most sensitive of sensitive data.
All of which makes the impact of the recent judgment by the CJEU in
the Bara case all the more significant.
The Irish Times has a report today arising from my questions on Twitter
to Mr. Corbridge (which he admirably engaged with) on the new ruling
forbidding the transfer of peoples personal data between state
agencies without giving people prior notice of the intention to do so. I
asked how Section 8, above, could be legal in the light of that judgment.
There were the usual reassurance statements made- The Dept of
Health has legislation and, of course, the Data Protection Commissioner
is happy.

Later, however, he confirmed that as a result of legal investigation the

Department of Health is now seeking advice on the impact of the Bara
judgement before taking their next steps in the Health Indentifer project.
Section 8 of the Health Identifiers Act is now profoundly challenged by
the CJEUs finding of what is acceptable manipulation of private data by
States under the EU Charter. And, more broadly, I would question the
focus on patient privacy of a project where the Privacy Impact
Accessment is still only in draft form at a time when the database has
already been fully compiled and filled with our personal data.

The recent example of the UKs Care.data project should give pause to
the Department of Health in treating the question of patient privacy and
consent as an afterthought. There, a multi-million pound project simply
came off the rails as it became clear the patients did not trust officials to
respect the privacy of their medical history.
Dr. Ben Goldacre, writing in the Guardian, set out the stakes if patient
trust is lost in dealing with their medical data.

This breaks my heart. I love big medical datasets, I work

on them in my day job, and I can think of a hundred life-

saving uses for better ones. But patients medical records

contain secrets, and we owe them our highest protection.

The Government has announced a database to
My heart now sinks when I see these words. IT solutionism has a mesmerising power over
governments everywhere but seems to exercise particular power over the Irish State. It allows
them to announce a crisp remedy for a (frequently mis-defined) problem. All they need do is
spend public money and through the magic of computers and surveillance tech they can
assert they can actually get rid of that problem.
However, a very significant decision this week from the Court of Justice of the European
Union (the EUs top court, whose decisions are binding on member states) may force a
change in government behaviour.

Asked to rule on the legitimacy of the Romanian governments laws allowing for citizens data
to be shared by the government between institutions without the knowledge of the person
whose data it is, the Court delivered an emphatic decision.

Articles 10, 11 and 13 of Directive 95/46/EC of the European Parliament and of the
Council of 24 October 1995, on the protection of individuals with regard to the
processing of personal data and on the free movement of such data, must be interpreted
as precluding national measures, such as those at issue in the main proceedings, which
allow a public administrative body of a Member State to transfer personal data to
another public administrative body and their subsequent processing, without the data
subjects having been informed of that transfer or processing.

In the life of this one government alone weve seen announced a series of database building
initiatives. Not all of them will survive this ruling. The Irish Water database, for example, was
assembled from disparate sources on foot of legislative provisions analogous to the
Romanian law found illegitimate by the Court.

It will be for the Data Protection Commissioners office to take the next move.

***

Lets build a data base!

The government hasnt been slow to announce databases as solutions for all sorts of
problems. Implementation has frequently proved more complicated.

Rural crime panic? Build a database of car movements through CCTV cameras on motorway
exits that read and record number plates.
Want to charge people for their houses?
Build a database of addresses by sequestering info from other state, semi-state and private
bodies.
Want to number the population but use it in ways not permitted by the existing PPS
numbering system?
Build an entirely new parallel numbering system.
Want to create a new water utility and make everyone pay for it?
Build a database of every man woman and child in the state and try to track where they live
from all the other databases you can think of.
Want to have a database of all the children in the state, linked to their PPS number and their
mothers ID for some unexplained reason?
Build a database of all the schoolchildren in the state by threatening to cut off the education
funding of any children whose parents refuse.
http://www.mcgarrsolicitors.ie/2
015/10/03/all-your-database-are-
belong-to-us/

Persons whose personal data are subject to transfer and processing between two
public administrative bodies must be informed in advance

https://curia.europa.eu/jcms/upl
oad/docs/application/pdf/2015-
10/cp150110en.pdf

New database to link

motorists driving licences to
vehicles
Funding for system to deal with penalty point avoidance to
be provided in October budget
Thu, Oct 1, 2015, 14:22 Updated: Thu, Oct 1, 2015, 14:25
Tim O'Brien
Move is aimed at motorists who do not have their licences with them when
before the courts for offences. Photograph: Getty Images

A new database to match motorists driving

licences with vehicle registrations is to be

prepared by Government.

http://www.irishtimes.com/news/ireland/irish-news/new-database-to-link-

motorists-driving-licences-to-vehicles-1.2374460?mode=sample&auth-

failed=1&pw-

origin=https%3A%2F%2Fwww.irishtimes.com%2Fnews%2Fireland%2Fir

ish-news%2Fnew-database-to-link-motorists-driving-licences-to-

vehicles-1.2374460
Data Protection Commissioner finds
POD was, and still is, unlawful
JUNE 18, 2015 EDUCATION SIMON MCGARR 2

The Data Protection Commissioners Office today confirmed that, having investigated the Primary
Online Database, they found that parental concerns raised were valid and that, even following changes
to the scheme in April, the POD would require further legislation to be lawful.

Unless that legislation is introduced, schools transferring the requested pupils data to the Departmemt
of Education will not have the nessecary lawful basis to do so.

The Primary Online Database is the Department of Education and Skills project to create a centralised
database on all the countrys children.

It was originally grounded on a Departmental Circular of Jan 2014.

Following parental questioning of the legality of the scheme, the Minister for Education strongly
defended it, saying
I have gone back and asked for the reasons why its up to the 30th birthday and I am told it is in order
to ensure that we have full maximum data that we need.
I did say I would examine it but it looks to me that up to the 30th birthday is probably appropriate and
it satisfies the Data Commissioner as well which is obviously very important, she added.
Despite these assertions, the retention period for childrens data was reduced until they turned 19 and
other changes made piecemeal before the whole Circular was scrapped and replaced with a second
scheme based on a new Circular- which is still not lawful.

You can see rather nice visual history to this retreat here.
A senior official in the Data Protection Commissioners office today confirmed that the legislation the
Department of Education had relied upon to justify the legality of transferring data from schools to the
Department did not cover most of the data requested.

a number of POD fields are not listed in Regulation 189 and, as such, they do not constitute
prescribed information for the purposes of Section 266 of the 2005 Act.
The data fields concerned are as follows: Mothers Maiden Name; Enrolment Date; Enrolment Source;
Leaving Date; Leaving Destination; Integrated Indicator; Indicator for Receipt of Learning Support;
Pupil Type and Special Class Type. We consider that an amending statutory instrument should have
been signed before these data fields were included in POD.
The full text of the email from the senior official in the Data Protection Commissioners office is
below.
***

Dear Mr McGarr

I refer to your previous correspondence to this Office concerning the Primary Online Database (POD).

As you know, we opened an investigation in relation to the POD in accordance with Section 10(1)(a) of
the Data Protection Acts, 1988 & 2003.
The investigation involved extensive contact with the relevant officials in the Department of Education
and Skills including written communications, conference calls and meetings. The Department
cooperated fully with our investigation. I am now writing to advise you of the outcome of that
investigation.

The aim of our investigation has been to establish whether the POD and its implementation is in
compliance with the Data Protection Acts, 1988 & 2003. In that regard, we identified a number of
deficiencies which have been the focus of directions on our part to the Department of Education and
Skills over the last number of months. Some of the areas where we identified issues corresponded with
issues referred to in complaints received from you and from other parents.

Retention Period and Fair Processing Notice

The retention age for pupil data in the POD was set at 30 years of age. Following the intervention of
this Office in which we drew the Departments attention to the valid concerns raised by you and other
parents, the retention period has now been revised downwards to the pupils 19th birthday. In a further
corrective action, the Department of Education revised its original Fair Processing Notice and it
published its revised notice in April 2015 which gives more detailed information to explain how the
personal data of pupils on the POD will be processed. The revised Fair Processing Notice also
indicates that some changes have been made by the Department to the original list of data fields
referred to in the previous notice.
PPSN

The collection and sharing of PPSN data was raised as a matter of concern by you and some other
parents. This Office is satisfied that, in principle, the collection and sharing of PPSN data between
schools and the Department of Education and Skills for the purposes of the POD, and the subsequent
use of PPSN numbers by the Minister for Education in the discharge of his/her statutory functions can
lawfully be undertaken. Under Section 262(4) of the Social Welfare Consolidation Act, 2005 (the
2005 Act) a specified body may require access to an individuals PPSN in any case where (a) the
individual in question is entering into a transaction with the specified body; and (b) the specified
body requires the individuals PPSN number for the purposes of that transaction. The Minister for
Education is a specified body for the purposes of Section 262(4). Transaction in this context is
defined to included a supply of a service relating to a public function of a specified body which relates
to a natural person. The provision of primary education to children resident in the State, delivered
through a network of recognised schools necessarily involves the supply of a service by the Minister to
natural persons relating to a public function of the Minister.

It is also the case that all children have a right to free primary education under Article 42.4 of the
Constitution. That right is also the subject of primary legislation. In particular, the Education Act, 1998
expressly provides that it shall be a function of the Minister for Education that he/she shall ensure that
there is made available to each person resident in the State a level and quality of education appropriate
to meeting the needs and abilities of that person.

Moreover, we are satisfied that Section 262(6)(b) of the 2005 Act authorises the Minister for Education
and Skills to use pupils PPSN numbers in performing his/her public functions as those functions relate
to pupils.
The Ministers functions also include the following:

to plan and coordinate the provision of education in recognised schools and centres for
education.
to provide funding to each recognised school and centre for education
and to provide support services to recognised schools and centres for education
to monitor and assess the quality, economy, efficiency and effectiveness of the education
system provided in the State by recognised schools and centres for education.
Legal Basis for Sharing of Data

With regard to the sharing of broader categories of personal data, it is worth noting that the 2005 Act
authorises a specified body to share prescribed information with the Minister for Education and
Skills. This is achieved by Section 266 of the 2005 Act and a list of specified bodies is contained in
Schedule 5 of the Act. This list includes any recognised school or centre for education within the
meaning of Section 2 of the Education Act, 1998. It follows that any primary school that is a
recognised school for the purposes of Section 2 of the Education Act, 1998 is constituted as a
specified body for the purpose of Section 266 of the Social Welfare Consolidation Act, 2005 and
may share prescribed information with the Minister for Education. The nature and extent of the
prescribed information that may be passed by a specified body to the Minister under Section 266 of
the 2005 Act is defined in the Social Welfare (Consolidated Claims, Payments and Control)
Regulations, 2007 (SI 142/2007). Specifically therein Regulation 189 prescribes a whole range of data
fields such as name, address, date of birth, PPSN, roll number, class group and year, special needs, etc.
All of the prescribed information listed in Regulation 189 is relevant to the operation of the POD i.e.
POD requires each primary school to enter data into the database by reference to all of the data fields
identified in Regulation 189. We are satisfied, in principle, that those data fields that are required for
the purposes of POD and are listed in Regulation 189 can lawfully be shared by schools with the
Department of Education and Skills.

However, a number of POD fields are not listed in Regulation 189 and, as such, they do not constitute
prescribed information for the purposes of
Section 266 of the 2005 Act. The data fields concerned are as follows: Mothers Maiden Name;
Enrolment Date; Enrolment Source; Leaving Date; Leaving Destination; Integrated Indicator; Indicator
for Receipt of Learning Support; Pupil Type and Special Class Type. We consider that an amending
statutory instrument should have been signed before these data fields were included in POD. Having
identified this deficiency in the legitimising of the processing, we directed the Department of
Education and Skills to have an amending statutory instrument introduced.

The statutory instrument concerned is one which falls under the remit of the Minister for Social
Protection. Having conveyed our direction on this particular issue to the Department of Education and
Skills, it has informed us that it has raised the matter with the Department of Social Protection and that
they have jointly agreed to work towards introducing an amending statutory instrument as soon as
possible. We will, of course, continue to monitor progress on this matter and we will take whatever
actions we deem necessary if this matter is not progressed to finality within a reasonable timeframe.

Register of Users of PPSN

You also raised concerns that the Register of Users of PPSN numbers published on the website of the
Department of Social Protection does not include the use of PPSN data for the purposes of POD.
Corrective action has also been taken on that matter. The entry for the Department of Education and
Skills on that Register now shows at No. 5 that the Department uses the PPSN number as a unique
identifier for all pupils entered on the POD.
Conclusion

In conclusion, then, a number of deficiencies in the implementation of this project were identified. I am
satisfied that on foot of directions from this Office, the Department of Education and Skills has taken
or is in the process of taking corrective action in relation to these deficiencies.
Yours sincerely

XXXX XXXX
Senior Investigations Officer
17/06/2015
[This email is not a legal notice or a decision of the Data Protection

Commissioner to which Section 26 of the Data Protection Acts, 1988 & 2003

applies].

ENCLOSURES:

An Coimisinir Cosanta Sonra

Teach na Canlach

Bthar an Stisiin

Cil an tSdaire

Co. Laoise

Office of the Data Protection Commissioner

http://www.tuppenceworth.ie/bl
og/2015/06/18/data-protection-
commissioner-finds-pod-was-
and-still-is-unlawful/
POD complaint to go to the European
Commission
JUNE 1, 2016 POD SIMON MCGARR 0

There has been a pretty significant exchange of correspondence with the Data Protection
Commissioner over the Primary Online Database since my last post.
The result is that I am copying all of the documentation to date and will be forwarding it to the
European Commission as part of a complaint regarding Irelands failures to ensure that Article 8.3 of
the Charter of Fundemental Rights and Article 28 of the Data Protection Directive are given force by
the Irish State. I have notified the Attorney Generals legal agent, the Chief State Solicitors office, of
this intention.

I attach a lightly redacted copy of the relevant recent letters from me and the Data Protection
Commissioners agent.

(There was also a minor one of today where I point out that I had answered the questions raised
regarding my daughters data in one of the emails of the 19th May acknowledged in the first paragraph
of the DPCs reply letter.)

This is a regrettable sequence.

1st Reply letter to DPC email of April 2016 copy_Redacted

http://www.tuppenceworth.ie/blog/wp-content/uploads/2016/06/1st-Reply-letter-to-DPC-email-of-
April-2016-copy_Redacted.pdf

2nd Letter re FOI docs sent to DPC PDF format _Redacted

http://www.tuppenceworth.ie/blog/wp-content/uploads/2016/06/Final-2nd-Letter-re-FOI-docs-sent-to-
DPC-PDF-format-_Redacted.pdf

Letter to Simon McGarr 01-06-2016_Redacted

http://www.tuppenceworth.ie/blog/wp-content/uploads/2016/06/Letter-to-Simon-McGarr-01-06-
2016_Redacted.pdf

http://www.tuppenceworth.ie/bl
og/2016/06/01/pod-complaint-
go-european-commission/
Sample letter to refuse
permission for a childs
data to be transferred into
POD
JUNE 15, 2016 EDUCATION SIMON MCGARR 4
The Department of Education has issued a new circular
accepting it cannot defund the education of children whose
parents do not want their kids data to be in POD.
Theyll only accept a written request as the basis of that refusal,
however. So, heres one you can use that meets the
requirements (Now in English or Irish, thanks to an enterprising
parent). Send or give it to your school.
***
Dear Principal,
I write further to the proposed transfer of data regarding my child
(insert your childs name here) to the Department of Education
as part of the Primary Online Database. I am not satisfied that
the Department has acted legally regarding this scheme in the
past, and the Data Protection Commissioners office has
confirmed the lack of legal basis for the transfer of data during
the course of the rollout of this scheme.
As I both object to the creation of the POD and have no
confidence in the Departments capacity to process this data in
accordance with data protection law, please note that, per
Paragraph 2(a) of Department of Education Circular No.
37/2016, I wish no transfer of data relating to my child to be
made to the POD database.
Thank you for your assistance.
Yours faithfully
(Your name)

And the same letter As Gaelge:

GAEILGE (IRISH):
A Phromhoide, a chara,
Tim ag scrobh chugat maidir le haistri beartaithe sonra a
bhaineann le mo leanbh [AINM AN LINBH] chuig an Roinn
Oideachais mar chuid den Bhunachar Sonra ar Lne do
Bhunscoileanna. Nlim ssta gur ghnomhaigh an Roinn i
gcomhrir leis an dl i ndil leis an scim sin roimhe seo, agus
dhearbhaigh Oifig an Choimisinara Cosanta Sonra nach bhfuil
buns dlthiil ann sonra a aistri le linn an scim seo a bheith
cur i bhfeidhm.
Toisc go bhfuilim i gcoinne an Bunachar Sonra ar Lne do
Bhunscoileanna a chruth, agus toisc nach bhfuil muinn ar bith
agam as cumas na Roinne na sonra sin a phriseil de rir an
dl a bhaineann le cosaint sonra, tabhair do daire, de rir Mhr
2(a) de Chiorcln Uimh. 37/2016 n Roinn Oideachais, nach
dteastaonn uaim go ndanfa aon sonra a bhaineann le mo
leanbh a aistri chuig an mBunachar Sonra ar Lne do
Bhunscoileanna.
Go raibh maith agat as do chabhair i ndil leis an bhar seo.
Is mise le meas,
[DAINM FIN]

http://www.tuppenceworth.ie/bl
og/2016/06/15/sample-letter-to-
refuse-permission-for-a-childs-
data-to-be-transferred-into-pod/
Primary Online Database (POD)
To- The Boards of Management
and Principal Teachers of
Primary Schools
https://www.education.ie/en/Cir
culars-and-Forms/Active-
Circulars/cl0037_2016.pdf
Unanswered legal
problems with the
Governments new
database of children
JANUARY 20, 2015 GENERAL SIMON MCGARR 7
The Department of Education is building a database of Irelands
children. Its called the Primary Online Database and, currently,
its intention is to collect a full profile of data on all the children in
education and to store that data until they turn 30. Yes, 30.
They started last September 2014, taking data from schools
directly, rather than asking parents in almost all cases. Now the
department is sending home letters to parents about the
database, baldly telling parents that theyre taking their childs
data.
___
UPDATE: See my follow-up post with lots of the extra problems
identified with the Ministers POD plan
UPDATE 2: NEW! A simple web form to tell the Minister that this
is a bad idea. Sign it and share it!
___
The Department is collecting data, including sensitive data such
as medical information, whether the children have psychological
assessments, religious and racial characteristics on children.
This is something that requires careful planning to be done
correctly. As the Irish Water debacle showed, an organisation
can destroy public trust by careless information governance and
ill-considered data demands. And any database that contains
such critically sensitive data about all the citizens and residents
of the state who are under 30 needs very significant and broadly
based support.
This database, if leaked or misused, would compromise the
identity security of every young person in the entire country. It
would provide a treasure trove for blackmailers or identity
thieves. Its precisely because this sort of data is so red-hot
radioactive that the Census data- the only collection comparable
to this proposed datagrab- is given special legislative protections
in the Statistics Act 1993.
Regrettably, it seems the Department of Education has not
learned anything from the recent past. I contacted the
department on the 6th January to set out some Data Protection
concerns with the database. I followed this up with more than
one telephone conversation. I received no written reply by the
20th January so I then made a formal complaint to the Data
Protection Commissioner.
In that complaint I made the following points;
1/ Section 2(1)(c) of the Data Protection Acts (referred to
hereunder as DPA) sets out the principle that data should be
obtained for one or more specified, explicit and legitimate
purposes. Childrens data was obtained from parents by their
schools for specific, legitimate, internal school purposes. The
Department is seeking to take that data from the school, under
threat to its continued funding, and use it for different radically
different purposes, none of which were specified at the time the
school obtained the childs data, or or necessary for those
internal uses. This is not legitimate.
2/ In addition, the Departments Letter to Parents states that it is
the Departments intention to store childrens data in the Primary
Online Database until they reach the age of 30.
To me, this appears to be self-evidently an excessive retention
period. Data may only be stored for as long as is required for the
purpose for which it is collected. (per Section 2 (1)(c)(iv) DPA)
As all the purposes of this database are related to childrens
primary school experiences, retention for decades after that
experience ends will be a breach of the data protection acts, and
contrary to Data Protection principles.
3/ I have very significant concerns about the data relating to
children proposed by the Department to be obtained, processed,
shared and retained until the age of 30. The material describing
the contents of the POD database sets out data which is clearly
sensitive personal data per the definition at Section 1 DPA.
In particular, the data fields;
Learning Support
Is the pupil in receipt of low incidence support through NCSE?
(drop-down list)
Yes
No
Is pupil receiving support under the General Allocation Model?
(drop-down list)
Yes
No
EAL (tick-box)
Specific Learning Disability (tick-box)
Learning Support (tick-box)
Mild/Borderline Mild GLD Resource Teaching
(tick-box)
Does the child have a psychological or medical assessment
report which recommends provision of an additional teaching
resource ? (drop-down
list)
Yes
No
represent sensitive personal data as it relates to the physical or
mental health or condition or sexual life of the data subject,.
However, the Department is proceeding on the assertion that all
this data is non-sensitive data and does not require parental
consent for processing.
Furthermore, the database includes a free text Notes tab.
Notes about a pupil may be entered into the Notes tab. At
present, notes entered here can be seen by Department of
Education staff
(per P 10 of the Instruction Manual on the POD. The existence
of this data field is not notified to parents in any notice
addressed to them. )
There is no way for this data to be obtained or retained in
compliance with the DPA, as there is no description or limits on
what notes may be added to each childs entry into the
database- whether sensitive, relevant, necessary or appropriate.
Whether the data is routinely accessed by the Department is
irrelevant as it is being retained by the Dept and is accessible to
any departmental user with Administrator status.
Furthermore it is not unknown for children to change schools
precisely to obtain a fresh start, and it is unsatisfactory that the
unlimited and unmonitored notes by staff of one institution would
be transferred to the new school, colouring that schools opinion
of the child before they had even started.
4/ The Department of Educations use case statement which
may be accessed on the Department of Social Protections own
website does not include the proposed use of childrens PPSNs
as described in the Departments letter to parents regarding this
database.
From the records available to me, the proposed use case the
Departments letter describes has not been notified to the
Department of Social Welfare and, therefore, has not been
agreed with the Minister, as required under S 262(4) and Sec
262(6) of the Social Welfare Consolidation Act 2005.
In the absence of such consent a childs school would be in
breach of the data protection acts were they to transfer his or
her PPSN data to the Department as a new Data Controller.

5/ I note that by letter dated 15th January the Minister for

Educations private secretary wrote to parents who have
complained about this database and told them that;
If you do not consent to your childs data being entered on POD
then you should inform your school in writing that you do not
wish to have your childs information entered on POD, however
from 2016/2017 this may have funding and teacher allocation
implications for your school going forward
This threat effectively negates any consent that might be given,
as it is clearly represents a coercive effort to force consent in the
face of the defunding of their childs education. In addition, the
threat to partially defund a school on the basis of purely
automatic processing of data in a database it represents a
breach of
Section 6B of the DPA,
a decision which produces legal effects concerning a data
subject or otherwise significantly affects a data subject may not
be based solely on processing by automatic means of personal
data in respect of which he or she is the data subject and which
is intended to evaluate certain personal matters relating to him
To read more about how this database is being implemented in
a way to undermine trust and effectiveness, take a look at data
protection expert Daragh OBriens two posts on the subject,
here and here. Those posts give context to this ill-conceived
project, by showing how and why the State consistently fails to
respect citizens data rights.

If you agree with my points, please do contact your childs

school and let them know that you dont give consent to

your childs data being entered onto POD, and let the

Minister for Education, Jan OSullivan TD know your

concerns about her plan by email

minister@education.gov.ie and/or make a complaint to the

Data Protection Commissioners office (details here) if you

have no satisfactory outcome from your contacts.

Primary Online Database (POD)

What is POD?
The Primary Online Database (POD) is a nationwide individualised database of primary
school pupils, facilitating the monitoring of educational progress as pupils move through the
primary education system and on to post primary. The system allows schools to make online
returns to the Department of Education and Skills (DES) and provides the Department with
the comprehensive and in-depth information needed to develop and evaluate educational
policy.
What is it used for?
Completion of the National School Annual Census As of September 2016 POD
is the mechanism for schools to complete the Annual Census
Teacher allocation and payment of capitation and other grants Information
submitted through the Annual Census forms the basis for teacher allocation,
capitation and grant payments for each school
Resource allocation and planning purposes
Statistical Information- POD is the source of statistical information for the primary
school sector
Register of pupils POD has removed the need for schools to maintain a hardcopy
of their schools Clrleabhar, as all necessary information is recorded on the system
Centralised updating of school information POD provides a single point for
schools to view and correct the details held by the Department

What information is recorded on POD?

The following information is collected for each pupil on POD:

Personal Information Enrolment Information

PPSN Standard (i.e. Junior Infants, First Class etc)
Name Teacher / Class Name
Birth Certificate Name (if different from above) Enrolment Source
Date of Birth Enrolment Date
Gender Leaving Date
Mother's Birth Surname Leaving Destination
Address (Including Eircode) Pupil Type
County of Residence Class Type**
Nationality Integrated Indicator**
Mother Tongue* Category of Capitation***
Irish Exemption (if any)* Second Level Programme***
*Pupils in Mainstream Schools Only
**Pupils in Special Classes Only
***Pupils in Special Schools Only

There are also two optional fields of data on POD. As these are considered sensitive personal
information under the Data Protection Acts, they can only be recorded on POD with the
explicit written consent of the pupils parent(s) or guardian(s). The fields are as follows:

Religion
Ethnic or Cultural Background.
Further details on the information collected on POD including the purpose for which it is
collected, the period for which it will be retained and the legal basis for its collection can be
found in the POD Fair Processing notice, available below.

Access to POD
Each school can access only their own pupils records on POD. Within the Department of
Education, access to the individualized information recorded on POD is restricted to a small
number of staff within the Statistics Section.

How can I find out more?

A POD Helpdesk is available to assist with any queries on POD. The Helpdesk is available
Monday to Friday 8:30am 5pm on 01 889 2311. The Helpdesk can also be reached
at pod@education.gov.ie. If you have any queries or comments please do not hesitate to
contact us.
If you are contacting the Helpdesk on behalf of a school, please include your schools
roll number on all correspondence.

Latest Information on POD

Interesting Facts - First Look at Data from POD, 2016/2017 - Excel Format
Circular 0037/2016 - Primary Online Database (POD)
Circular 0025/2015 - Primary Online Database
Fair Processing Notice- Revised September 2015
Sample data collection form for mainstream schools who wish to use it - word format -
Revised July 2016
Sample data collection form for mainstream schools who wish to use it - pdf format - Revised
July 2016

Latest Information on POD Special Schools

Circular 0038/2016 - Primary Online Database (POD) - Special Schools
Circular 0050/2015 - Primary Online Database - Special Schools
Fair Processing Notice for Special Schools
Sample data collection form for Special Schools who wish to use it -word format - Revised
July 2016
Sample data collection form Special Schools who wish to use it- pdf format - Revised
July2016
Letter to Special Schools - September 2015

Additional information and associated documents on

POD
POD for Special Schools - Capitation Category
Letter to Principals regarding POD Implementation Grant December 2014
Letter to Principals of Special Schools regarding POD Implementation Grant December 2014
Letter to Special School Principals Apr 2014
FAQ on the POD for Schools
FAQ on the POD for Parents
Full List of Parameters in POD - Mainstream School
Full List of Parameters in POD - Special School
The Development of the Primary Online Database (POD)
Data Protection website for schools
Pupil Validation - Guidelines on Official Names
 Related Links:
Census: National School Annual Census Return

Related Files:
Updating and simplifying the manner in which schools can maintain pupil enrolment
and attendance records (Clrleabhar, Leabhar Rolla and Leabhar Tinrimh Laethil)
following the introduction of the Primary Online Database (POD) (.pdf - 339 KB)

Census: National School Annual

Census Return
National School Annual Census 2016/2017 for special
schools not on POD
Please note that if your school is on the Primary Online Database (POD) you do not need to
complete the form below. The returns for the 2016/2017 academic year will be made
through POD and instructions will be issued to all schools at the end of September.

Instructions for completing the Primary School Annual Census Return

2016/2017

Instructions for Completing the Special School Annual Census Return

Special School Form
Please save the appropriate Excel form above, complete and return
to primarycensus@education.gov.ie

Contact
If you have any queries on the Primary School Annual Census please contact us on (01) 8892085.
Please return as soon as possible and in any event not later than the 30th October, 2016.
As the payment of capitation and other grants are based on enrolment details supplied on this form, any
delay in returning this form could result in a delay of such payments

Re: Primary Online Database (POD) and Primary Online Database Implementation Grant

Dear Principal,

https://www.education.ie/en/Publications/Statistics/Primary-Online-Database-
POD-/POD-Primary-Online-Database-POD-and-Primary-Online-Database-
Implementation-Grant-Special-Schools-.pdf

The Development of the Primary Online Database (POD)

https://www.education.ie/en/Publications/Statistics/Primary-Online-Database-
POD-/The-Development-of-the-Primary-Online-Database-POD-.pdf
POD Pupil Validation- Guidelines on Official Names
https://www.education.ie/en/Publications/Statistics/Primary-Online-Database-
POD-/POD-Validation-Guidelines.pdf

https://www.education.ie/en/Pub
lications/Statistics/Primary-
Online-Database-POD-/
Advice Note: Considering Cloud Services
Supporting the Public Service ICT Strategy December 2015

http://dataprotectionschools.ie/
Document-
Library/Cloud%20Advice%20No
te.pdf
Data Protection Acts 1988 and 2003: Informal
Consolidation

http://dataprotectionschools.ie/
Document-Library/Data-
Protection-Acts.pdf
Preparing for GDPR The 12
steps to be taken-
http://dataprotectionschools.ie/
Document-Library/GDPR-12-
Steps.pdf
Fair Processing Notice to
explain how the personal data
of pupils in primary schools on
the Primary Online Database
(POD) will be recorded,
processed and shared.
http://dataprotectionschools.ie/
Document-Library/POD-Fair-
Processing-Notice.pdf
Biometric Systems

Guidelines have been developed by the Office of the Data Protection

Commissioner on Use of Biometric Time and Attendance Systems in
Schools. See Biometrics in Schools
(Source: www.dataprotection.ie)

http://dataprotectionschools.ie/en/Data-Protection-

Guidelines/Biometric-Systems/

Biometrics in Schools, Colleges and other Educational

Institutions
The following guidance has been prepared as an aid to schools, colleges and other educational
institutions that may be considering the installation and use of a biometric system. This
document is intended to encourage such institutions to fully consider if there is need for a
biometric system in the first place and then to assess the privacy impact of different systems.

The critical issues to be considered from a data protection perspective are the
proportionality of introducing a biometric system and the requirement to obtain the signed
consent of the student users (and their parents or guardians in the case of minors) giving
them a clear and unambiguous right to opt out of the system without penalty.

The document is not intended to promote any particular system, but is intended to make
schools and colleges aware of their responsibilities under the Data Protection Acts 1988 & 2003.
It is the use of a biometric system that may give rise to a data protection concern, not
necessarily the production or sale of a system. All situations must be judged on a case-by-case
basis.

1. Different types of Biometric systems

All biometric systems operate on the basis of the automatic identification or
authentication/verification of a person. What differs between systems is the nature of the
biometric and the type of storage.

1.1 Information used to generate biometric data

Biometric data may be created from physical or physiological characteristics of a person. These
include a fingerprint, an iris, a retina, a face, outline of a hand, an ear shape, voice pattern, DNA,
and body odour. Biometric data might also be created from behavioural data such as hand
writing or keystroke analysis. Generally, a digitised template is produced from the biometric
data. This template is then compared with one produced when a person presents at a reader.

1.2 Types of biometric data

There are three principal types of biometric data:
 Raw Images, consisting of recognisable data such as an image of a face or a fingerprint, etc.
Encrypted images, consisting of data that can be used to generate an image.
Encrypted partial data, consisting of partial data from an image, which is encrypted and cannot
be used to recreate the complete original image.

1.3 Types of Biometric systems

There are two principal types of systems:

Identification systems, which confirm the identity of an individual;

Authentication / verification systems, which confirm that a biometric derived from a person who
presents at a reader matches another biometric, typically stored on a card and presented
simultaneously.

1.4 Storage of biometric data.

There are two principal methods of storing biometric data/templates:

Central databases store the templates on a central system which is then searched each time a
person presents at a reader.
A card is used to store a template. A template is generated when a person presents at a reader,
and this template is compared with the template on the card.

Data Protection issues concerning biometrics.

2. Proportionality
Section 2(1)(c)(iii) of the Data Protection Acts states that data

"shall be adequate, relevant and not excessive in relation to the purpose or purposes for which
they were collected or are further processed."

The key word here is "excessive." Accordingly, the first question to be asked when considering
the installation of such a system is what is the need for it? What is wrong with current systems
or less invasive alternatives?

As individuals have fundamental Human Rights which are protected by the Data Protection
Acts, a school or college must conduct some assessment of the need for a biometric system and
an evaluation of the different types of available systems before the introduction of any
particular system.

Determining what is excessive requires a case-by-case analysis. Some factors which may be
taken into account include:

Environment. Does the nature of the school or college require high levels of security? Are there
areas of the campus which contain sensitive information, high value goods or potentially
dangerous material which may warrant a higher level of security than would areas with low value
goods or areas with full public access? Of course such a consideration would also point towards
all persons working in the environment being similarly required to use the biometric system.
Purpose. Can the intended purpose be achieved in a less intrusive way? A biometric system used
to control access for security purposes in certain areas of the campus might be legitimate while a
biometric system used by the same school or college purely for attendance management purposes
might not.
Efficiency. Ease of administration may necessitate the introduction of a system where other less
invasive systems have failed, or proved to be prohibitively expensive to run.
 Reliability. If a school or college suffers as a result of students impersonating each other for
various reasons, then a system could possibly be justified as long as other less invasive ones have
been assessed and reasonably rejected.

3. Fair obtaining and processing.

Section 2(1)(a) of the Acts require that

"The data or, as the case may be, the information constituting the data shall have been
obtained, and the data shall be processed, fairly."

In order to demonstrate compliance with this provision, at least one of the provisions of Section
2A of the Acts must be met. In the context of the introduction of a biometric system for use by
students in a school or college, these include:

Consent, and
Legitimate interests of the school or college: where the processing is necessary for the purposes
of the legitimate interests pursued by the school or college or by a third party or parties to whom
the data are disclosed, except where the processing is unwarranted in any particular case by reason
of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject.
Consent: In the context of students attending a place of education, the Data Protection
Commissioner would stipulate that the obtaining of consent is of paramount importance when
consideration is being given to the introduction of a biometric system. It is the Commissioner?s
view that when dealing with personal data relating to minors, the standards of fairness in the
obtaining and use of data, required by the Data Protection Acts, are much more onerous than
when dealing with adults. Section 2A(1)(a) of the Data Protection Acts states that personal data
shall not be processed by a data controller unless the data subject has given his/her consent to
the processing, or if the data subject by reason of his/her physical or mental incapacity or age, is
or is likely to be unable to appreciate the nature and effect of such consent, it is given by a
parent or guardian etc. While the Data Protection Acts are not specific on what age a subject will
be able to consent on their own behalf, it would be prudent to interpret the Acts in accordance
with the Constitution. As a matter of Constitutional and family law a parent has rights and
duties in relation to a child. The Commissioner considers that use of a minor?s personal data
cannot be legitimate unless accompanied by the clear signed consent of the child and of the
child?s parents or guardian.

As a general guide, a student aged eighteen or older should give consent themselves. A student
aged from twelve up to and including seventeen should give consent themselves and, in
addition, consent should also be obtained from the student?s parent or guardian. (Consent may
not be considered to be in place for students in this age bracket unless it is given by both the
student and a parent/guardian). In the case of children under the age of twelve, consent of a
parent or guardian will suffice. Consent to the use of a biometric system in places of education
should be obtained by means of a positive opt-in on the part of students (and/or their parents or
guardians as set out above). An audit trail of the opt-ins should be maintained by the data
controller for the duration of each student's enrolment. All students (and/or their parents or
guardians as set out above) should, therefore, be given a clear and unambiguous right to opt out
of a biometric system without penalty. Furthermore, provision must be made for the withdrawal
of consent which had previously been given.

Legitimate interests: Whilst the "legitimate interest" provision may seem appealing, it requires
that a balance be struck. What is acceptable in one case may not be acceptable in another and a
school or college seeking to rely upon this provision must take into account the potential effect
upon student privacy rights. In any event, the Data Protection Commissioner considers that, in
the context of a student environment, the processing of personal data using a biometric system
would be prejudicial to the fundamental rights and freedoms of the students concerned in the
absence of freely given consent.
3A. Fair obtaining of sensitive data.
If a biometric identifies sensitive data (such as data relating to a student's health or facial
appearance thereby revealing race), at least one provision of section 2B of the Acts must be met
in addition to those mentioned above. In the context of the introduction of a biometric system
for use by students in a school or college, these provisions include:

consent explicitly given.

necessary processing for the performance of a function conferred on a person by or under an
enactment.

Explicit consent: As stated above, all students (and/or their parents or guardians) should be
given a clear and unambiguous right to opt out of a biometric system without penalty. The same
consent which applied to the principle of obtaining and processing data fairly also applies to the
fair obtaining of sensitive data.

Necessary for the performance of a function conferred under an enactment: Any legal
obligation to record the attendance of students need not, in itself, require a biometric system to
satisfy. For example, the Education (Welfare) Act, 2000 requires schools to maintain a record of
the attendance or non-attendance on each school day of each student registered at the school.
This requirement does not specify how the attendance data should be obtained. The key word
in this provision of the Data Protection Acts concerning the processing of sensitive personal
data is "necessary." It is the view of the Data Protection Commissioner that the processing of
sensitive personal data through use of a biometric system is not necessary to meet the
requirements of the Education (Welfare) Act, 2000 in respect of recording student attendance.
There are several long established and successful alternative methods of recording student
attendance at schools which do not require the processing of a student?s sensitive personal
data.

4. Transparency
Section 2D of the Acts require that a school or college provide at least the following information
to students when processing their data:

The identity of the data controller in the school or college.

The purpose in processing the data.
Any third party to whom the biometric data will be given.

It is essential that students are aware of the purpose for which the biometrics data will be
processed. This means that a school or college must carefully think through any purpose or
potential purpose. Is the system solely for attendance management purposes? Will it be used for
access control? What are the consequences for the student concerned if there is an identified
abuse of the system? Under what circumstances will management access logs created by the
system?

Transparency is even more important where the biometric system does not require the
knowledge or active participation of a student. A facial recognition system, for instance, may
capture and compare images without that person's knowledge.

5. Accuracy
Section 2(1)(b) of the Acts require that data shall be
"Accurate and complete and, where necessary, kept up to date."

Any biometric system must accurately identify the persons whose data are processed by the
system. If changes in physical or physiological characteristics result in a template becoming
outdated, a procedure must be in place to ensure that the data are kept up to date.

6. Security
The requirement, under section 2(1)(d), that a school or college has appropriate security
measures in place to prevent the unauthorised access to, or the unauthorised alteration,
disclosure or destruction of data would appear to promote the use of technological solutions
such as encryption.

However, in deciding upon what constitutes an appropriate security measure, Section 2C details
four factors that should be taken into account:

The state of technological development.

The cost of implementing such technology.
The nature of the data being protected.
The harm that might result through the unlawful processing of such data.

A minimum standard of security would include:

Access to the information restricted to authorised staff on a ?need to know? basis in accordance
with a defined policy.
Computer systems should be password protected.
Information on computer screens or manual files should be hidden from persons who are not
authorised to see them.
A back-up procedure for computer held data, including off-site back-up.
Ensuring that staff are made aware of the school or college?s security measures, and comply
with them.
Careful disposal of documents such as computer printouts, etc.
The designation of a person with responsibility for security and the periodic review of the
security measures and practices in place.
Adequate overall security of the premises when it is unoccupied.
Where the processing of personal data is carried out by a data processor on behalf of the school
or college, a contract should be in place which imposes equivalent security obligations on the data
processor.
7. Retention
Section 2(1)(c)(iv) of the Data Protection Acts provides that data shall not be kept for longer
than is necessary for the purpose. In the context of a biometric system in a school or college, it
would be necessary to devise a retention policy in advance of the deployment of the system
which clearly sets out the retention period which would apply to biometric data. The Data
Protection Commissioner would expect that as soon as a student permanently leaves the school
or college, his/her biometric data would be immediately deleted.

8. Privacy Impact Assessment.

The Data Protection Commissioner cannot give a general approval or condemnation of
biometric systems. Each system must be judged in respect of the situation in which it is used. A
case-by-case judgement is required. With that in mind, the Commissioner encourages schools
and colleges to take the above guidance into account if considering introducing any biometric
system.
Before a school or college installs a biometric system, the Data Protection Commissioner
recommends that a documented privacy impact assessment is carried out. A school or college
which properly conducts such an assessment is less likely to introduce a system that
contravenes the provisions of the Data Protection Acts 1988 & 2003. This is an important
procedure to adopt as a contravention may result in action being taking against a school or
college by the Commissioner, or may expose a school or college to a claim for damages from a
student. Data protection responsibility and liability rests with the school or college, not with the
person who has supplied the system (where that person also acts as a data processor on behalf
of the employer, it will have its own separate data protection responsibilities in relation to the
security of the data).

Some of the points that might be included in a Privacy Impact Assessment are:

Do I have an attendance management and/or access control system in place?

Why do I feel I need to replace it?
What problems are there with the system?
Are these problems a result of poor administration of the system or an inherent design
problem?
Have I examined a number of types of system that are available?
Will the non-biometric systems perform the required tasks adequately?
Do I need a biometric system?
If so, which kind do I need?
Do I need a system that identifies students as opposed to a verification system?
Do I need a central database?
If so, what is wrong with a system that does not use a central database?
What is the biometric system required to achieve for me?
Is it for attendance management purposes and/or for access control purposes?
How accurate shall the data be?
What procedures are used to ensure accuracy of data?
Will the data require updating?
How will the information on it be secured?
Who shall have access to the data or to logs?
Why, when and how shall such access be permitted?
What constitutes an abuse of the system by a student?
What procedures shall I put in place to deal with abuse?
What legal basis do I have for requiring students to participate?
How will I obtain the consent of the existing students (or their parents/guardians if
applicable)?
How will I obtain the consent of new students (or their parents/guardians) who will enrol at a
future date?
How will I ensure that students will be given a clear and unambiguous right to opt out of a
biometric system without penalty?
What procedures will I put in place to provide for the withdrawal by students of consent
previously given?
What system will I put in place for students who opt out of using the biometric system?
How will I ensure that students who are unable to provide biometric data, because of a
disability for example, are not discriminated against by my school or college by being required
to operate a different system, or otherwise?
Does the system used employ additional identifiers (e.g. PIN number, smart card) along with
the biometric?
If so, would these additional identifiers be sufficient on their own, rather than requiring
operation in conjunction with a biometric?
If the introduction of a biometric system is justified, can I offer an alternative system to
individuals who may object to the invasion of privacy involved in a biometric system?
 What is my retention policy on biometric data?
Can I justify the retention period in my retention policy?
How shall I inform students about the system?
What information about the system need I provide to students?
Would I be happy if I was a student asked to use such a system?
Am I happy to operate a biometric system in an educational establishment where the use of
such a system can make students less aware of the data protection risks that may impact upon
them in later life?
Does my school or college have a comprehensive data protection policy as required by the
Department of Education and Science since 2003?
Have I updated this policy to take account of the introduction of a biometric system for use by
students?

https://www.dataprotection.ie/docs/biometrics-in-

schools-colleges-and-other-educational-

institutions/409.htm

Development Studies Courses Available on the Island

of Ireland Review undertaken by Jacinta Greene in

2011 in collaboration with Professor Mike Gibney,

Director, UCD Institute of Food and Health, University

College Dublin.

https://www.tcd.ie/tidi/assets/doc/Teaching/Developm

ent%20studies%20courses%20in%202011.pdf

Biometrics in schools explained

in UK
http://everything.explained.toda
y/Biometrics_in_schools/
Student Data Privacy Act; SB 367

http://kslegislature.org/li_2014/b
2013_14/measures/documents/s
ummary_sb_367_2014.pdf
Public and Private schools: ... A brief history of public and private involvement in schools in Ireland...
can lead to unequal educational opportunities

http://www.oecd.org/pisa/50110
750.pdf

Descriptions of the legal system for assessment - Ireland; ... of the schools and
other educationalinstitutions; ... institutions are: teacher training college

Biometrics, Migrants, and Human Rights. ... In the fight against illegal migration, biometricidentifiers
... The issue has already been raised by the EU Data ...

protection of individuals with regard to the processing of personal data and on the free
movement of such data (General Data Protection Regulation)

http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELE
X:52012PC0011&from=en

Biometrics In Schools, Colleges And

Other Educational Institutions!
In todays world, biometrics in schools, colleges and other educational institutions
is increasingly common.
Biometric technology refers to technologies that measure the behavioral or
physiological characteristics of an individual.

Some examples of this type of security technology included retina scanning, hand
geometry, facial recognition and fingerprint identification.

The use of this type of security technology has become more common, both
privately and publicly.

https://www.youtube.com/watch?v=UbX8VKFk0cA

Biometrics In Schools Are You Worried?

In recent years, its even become quite popular in schools as future biometrics
become more commonplace.

A look at biometrics in a public school shows that automated fingerprint systems

have become quite popular. Schools are using this technology for cashless
catering, school registration and even for students to borrow library books.

One of the benefits of using the fingerprint systems is that the problem of lost
cards can be eliminated. For this system to work, the unique features of the
fingerprint are scanned and then turned into a template that is saved within the
system.

Whenever a person uses the system and places their finger on the scanner, their
fingerprint is checked against the template within the system. Then the system
identifies and authenticates the individual that has provided their fingerprint.

Some individuals today do have objections to the use of biometrics in public

schools. For example, in schools and other educational institutions where
fingerprinting is used, some feel that the use of this type of security technology
indicates that organizations are suspicious and mistrusting of students, treating
them as if they are criminals.

Another concern about the use of fingerprinting and other biometric technology
within schools is that younger children will begin feeling comfortable giving up
their biometric information without a problem. Some feel that this is working to
get young people used to biometric privacy intrusion in the future.

Of course, while some individuals do object to the use of biometrics in schools,

others are fond of this new technology in schools and the advantages it has to
offer. Of course, most students and their parents are adamant that this biometric
information of students should only be used for the specific purposes for which it
is collected.

This is why individuals are supportive of biometric applications that use self
contained systems so other biometric systems cannot easily retrieve and use the
biometric information being used within the system. With the use of biometric
security information in the form of templates, it is less likely that this information
will be stolen and then used with severe consequences in the future.

Most proponents of using biometrics in schools also feel that the data used within
these school systems should be destroyed once it is no longer needed.
Another issue that has brought about quite a bit of debate is the issue of consent
when it comes to collecting biometric information from underage students. Some
feel that it should be illegal for schools to take this information without the
consent of a parent.

If children are allowed to give their own consent, it is difficult to decide when
children are fully able to decide how their own biometric information should be
used and when they should have the authority to make these decisions.

It is argued that while children might understand the explanation they are given
for their biometric data being taken, they may not fully understand or appreciate
the implications this move may have in the future.

For schools that plan on using future biometrics systems, it is important to

explain why they want to introduce these security systems, how they will use the
data collected and how that data will be kept safe. Since this is such a sensitive
issue with parents, keeping parents involved in the process is definitely
important.

Some parents even hope that schools will use systems where students will be
able to use a card instead of a fingerprint, giving individuals the ability to opt
out of school biometrics without having to give up certain services.

Overall, the topic of biometrics in schools, colleges and other educational

institutions continues to be a highly controversial one. While many parents
appreciate the benefits of biometric technology, they are not yet comfortable with
their childrens biometric data being collected and used with so many issues to
consider.

http://www.biometric-security-
devices.com/biometrics-in-
schools.html
Government plan to deny
human freedom to protect their
revenue stream
No work, no travel
A story of serious concern has finally hit the mainstream papers today
involving the Gardai, your PPS numbers and the unlawful removal of your
freedom.
RTE report (see below) that the Criminal Justice Working Group set up
early last year have made a number of suggestions including giving Gardai
access to PPS numbers of all drivers. This however is the tip of the iceberg
as the plan is to use them to identify people to prevent them from traveling
or trading.
We are seeing the construction of a system that will be used to curtail
human rights in an attempt to maximise the revenue government generates
form old and new legislation, through penalty charges and fines.
We have already experienced this, with the government preventing people
selling their own homes until they pay back charges and fines lumped onto
the household charge or property taxes, and even the cost of energy audits.
We also saw the government using the same method to stop people working,
and causing businesses to collapse, by not issuing tax clearance certificates
for a business because the private individual who runs the business has not
payed their personal tax in the form of household charges.
Now they want to spread this control to your car and further. They want to
prevent you from selling your car if your fines are not up to date. They also
want to prevent you from driving at all by preventing you receiving a
driving license. Thus, they will through their enforcement arm, the Gardai,
infringe on your free right to travel. Imagine how that would affect your
ability to work or go about your normal private business.
PPS is not the real issue
People have recently been whipped up into a frenzy at the notion of their
PPS numbers being used by anyone at all, but this is a big red herring. The
PPS number is not anything special or top secret, it is simply an identifier
number that everyone in the country uses when they have interaction with
the State or any of its offices. It simply guarantees who you are in your
dealings with them more accurately than Name, Address, Date of Birth.
For instance there could be John Smith born 1st March 1970 living in
Wicklow Town and another in nearby Arklow Town, the only way to know
whether they are the same guy with 2 properties or 2 different people is the
PPS number. So dont get sidetracked into debating the use of the PPS for
ID with government agencies. For one thing It will be the only way to
guarantee one man one vote, or if the holder has that citizens right to vote
in a direct democracy system in the future, especially if we use online
voting.
No, the important thing to take from this story is the attempted removal of
peoples natural rights of free movement and to earn a living, and they will
do this whether they use the PPS numbers or just your name, address and
date of birth.
Already being implemented
DDI picked up on this story last year but awaited confirmation from
officialdom that they were really going down this route. We were tipped off
from inside the departments that government were not only planning this but
had already started implementing it last year.
We were given examples even last year where driving licenses had been
refused to people who had not paid property tax or court fines, and we
expect this will also be extended to cover other charges including water
charges, especially if they implement the kind of unlawful clearing house
courts they use in the UK for such charges in batches of thousands at a time
uncontested, which give them a quasi court order.
We have heard the ramblings of Alan Kelly only this week intimating he
wishes to subvert the constitutional court system here too.
However, there is worse to come, as we were also informed that people have
already been refused passports last year for the same reasons.
Dont believe for a minute that this isnt a reality because they have already
started doing this in UK, Australia and New Zealand and are starting in the
US. This information is being shared with customs there who have already
been stopping people from getting on planes to take them on holiday.
Of course the media is told to sell it to the public in the usual divide and
conquer manner blaming it on people on the dole or people with traffic fines
going on holidays before paying their dues. This is always how they try to
garner support by setting one group up as a pariah. They love to make out
everyone on the dole is rolling in it or is a scrounger, when in reality not
only they but also the working poor now have to choose between feeding
and clothing themselves or turning on the heat.
It is a diversion because the biggest scroungers and tax beneficiaries in the
state are those corporations getting billions of euros in tax relief or knock
down prices and debt write off on distressed businesses and property from
the likes of NAMA.
So while the government tries to inhibit the free movement of everybody in
the country, the billionaire class get to have the movements of their private
jet scrubbed from the flight tracker database so we can no longer prove they
are not actually living abroad as a tax exile but instead avoid tax while
living a lot closer to home.
So what is the purpose of all this?
You may already be aware that when you apply for a new driving license or
passport in the last 12 months they have been demanding your PPS number
before issuing. They also ask for a biometric photo and a digital signature.
We have been advised, when we made inquiries, that these 3 things are for
internal use and are not shared with any other department or organisation.
However it seems by this article that that promise is yet another that was
pre-designed to be broken. Just another ruse to get the information in. This
is becoming rather too common and highlights the deceitful long term
planning behind the governments of this country.
We are watching the slow construction of a control system around every
man woman and child in the country so that the government can stifle all
dissent and all opposition to any crackpot or corrupt piece of legislation they
introduce. Most all of the legislation is about money generation. It is
designed with revenue collection in mind through new charges and fines.
Most of this of course ends up in the hands of the bankers and will do for
generations to come.
They think this control system will guarantee their income by holding
peoples lives hostage if we dont comply. They will stop us working and
trading within the tax system, and stop us traveling within this land for work
and social reasons. They will also stop us traveling outside this land, no
matter how ludicrous or unjust their charges or fines are. No matter whether
you agreed to contract or not, or whether you were given the opportunity to
challenge them.
They will do this for all state bodies and they will extend it to all their
private entities pretending to be public utilities.
They will basically hold you prisoner until you do their will. This goes
against your human rights.
This could go two ways
People could either be bullied into conformity, or they might just as easily
decide to stand against this. The government could very well push a lot of
people to stand up for their rights and simply travel without licensing, after
all they passed their driving tests so they have every right to travel without
permission.
They may even force many to carry out their business outside the tax system
if they are being denied the ability to support their families. Remember their
is now a huge class of working poor in this country, a direct result of the
governments policy of bailing out their wealthy friends in banks ahead of
the people who have been driven into poverty.
This has the potential to wake people up to a mass disengagement with the
State which is becoming more and more obvious in its desire to dominate
and fleece the people of this island.
What is their next step for enforcement
The next step for them is to completely cut people off from their ability to
refuse. They will do this by introducing a cashless society, making everyone
dependent on it to exist. They have been slowly tip-toeing us towards it for
years and now they will speed up the process.
Once all transactions are electronic you will have no way of stopping them
deducting taxes, charges and fines from your credit balance. They will
introduce legislation at will to give them the power to access your account.
It is that simple.
However this may simply herald and hasten the creation of local service
trading and local interest free non governmental currencies for local
transactions and trade. In a sense this could be the galvanizing element that
pulls communities back together and gets people off the teat and out from
under the control of national government.
Every malevolent act of government can also be viewed as an opportunity
for the people.
However it would be easier to simply remove every single sitting TD from
government at the election. Get behind DDI and help your local group
pushing the message ahead of the election and we can turn this thing around.

Irish Water 'to be stopped from collecting PPS numbers';

charge to be capped at 200
16/11/2014

It is reported Irish Water is to be stopped from collecting PPS numbers, and that
water bills will be capped for three years.
As the Government tries to address public anger and concerns over water
charges, the Sunday Times reports that responsibility for collection of PPS
numbers will be handed to the Department of Social Protection.
It is also reported that Irish Water will not be given the power to make deductions
from wages or social welfare payments for those who do not register.
One adult per household will be required to register to qualify for the universal
water support payment of 100.
Meanwhile, the Sunday Business Post says water bills will be capped for at least
three years, at the maximum rate of 200.
The Government is also expected to announce a major investment programme
for Irish Water in the near future.

Another traitorous act will happen soon .Many main political parties are
staying silent over this , I wonder why ?.... Wonder what is the Labour
party views on The water framework directive, which was adopted in
2000 ??.......;..Despite all that has been said about water charges three
very important issues have been strangely absent from the debate.
First, the Government claims it must charge for domestic water because
it is required to in the EU water framework directive. This is not true.
EU directives are binding. Member states must implement them
through national legislation. Article 9 of the water framework directive
requires charging for domestic water. There is one exemption. It is
known within the European Commission as the Irish Exemption
because it was won by the Irish and only Ireland qualifies for it. It is
found in article 9.4 of the directive.
In 2000, the Irish government brokered this exemption and the inclusion
of article 9.4 which formally and legally absolves Ireland and only
Ireland from the requirement to charge for domestic water.

A man arrested in Limerick in connection with the London terror

attacks, was working as a chef in the city using a PRSI identity paper
number issued in the name of terrorist, Rachid Redouane.

Update 7.31pm: A source close to the investigation has said the

arrested man has been working at a restaurant in Limerick city, and that
he is suspected of working in Ireland illegally, and with allegedly using a
false PPS number, writes David Raleigh.
Garda arrested the man at his workplace Monday night, sources said.
Officers attached to the Garda National Immigration Bureau (GNIB)
then carried out a search of the man's home, which is located in the city
centre.
The man was taken to Roxboro Road Garda Station and questioned for
around 17 hours on suspicion of using "forged documentation", garda
sources confirmed.
He was released without charge this afternoon, pending a garda
investigation file on the matter sent to the Director of Public
Prosecutions.
Senior garda sources said the investigation is "being led by GNIB". They
added, garda were satisfied the man does not have any direct links with
terrorists.
Sources said investigating officers suspect the man acquired
identification documentation, via a third party, and that he had no
knowledge of any terrorism plans.
"Gardai suspect he has been working here illegally and with a false PPS
number, but the DPP will have to decide (if the man is to be charged)," a
reliable source added.
Meanwhile, garda have discounted security concerns raised by a
number of different parties about large numbers of foreign nationals
transiting through a building in Limerick city, having entered the
country via commercial flights at Shannon Airport.
Dozens of groups of men believed to have travelled from countries
outside of Europe were reported to have been using the building after
having landing at the Clare airport.
Having checked the matter out garda said the parties concerned did
not pose any security threat.
"No there's nothing suspicious about it. We looked into it as there had
been a number of reports made to us. It seems to have been a
grounding address for people coming from Romania and other
countries, who have right of access anyway," a senior garda source said.

Update 3.40pm:A man arrested in Limerick in connection with the

London terror attacks, was working as a chef in the city using a PRSI
identity paper number issued in the name of terrorist, Rachid
Redouane, writes Mid West correspondent Jimmy Woulfe.

Like Redouane, the man arrested in Limerick is of Moroccan descent,

and had been working here for some time illegally,

A source said: "This man had used false ID to acquire an RSI number in
order to work. It seems he got Redouane's RSI number by chance and
he used his own photo on the identity card with Redouane's name.

"Before coming to Limerick he worked in the South East of the country.

He worked as a chef."

It appears his name came up on the Welfare system data and garda
were alerted.
The man was released yesterday afternoon having been in custody
since his arrest on Monday afternoon.
Fianna Fil spokesman, Niall Collins said: "This shows up a major flaw in
our welfare identity system. It now seems that RSI details of individuals
are beng sold on to illegal immigrants who want to get work.

"This is worrying from a security point of view and also in relation to

fraud. This only came to light because a major trawl has been conducted
once it emerged that the killer, Redouane, had lived and worked as a
chef in Dublin and was moving over and back to the UK.
"The Minister for Justice, Frances Fitzgerald and and the Minister for
Social Protection, Leo Varadkar must make immdiate and detailed
statements as to what has been going on. This has now come to our
own doorstep.

"Islamic fundamental terrorists are now using Ireland as a base for their
activies in the UK. We are seen as an easy open door to the UK as our
security services have been decimated with cutbacks."
Update 3pm:The Limerick resident was was being questioned by Gardai after identification
documents linked to one of the London terror attackers was found in his apartment has been
released.

The man had been detained on suspicion of theft and fraud offences in relation to alleged false
documentation.

The man was questioned for a number of hours and released this afternoon. A file will be sent to
the DPP.

Earlier:The Limerick resident was was being questioned by Gardai after identification
documents linked to one of the London terror attackers was found in his apartment has
been released.A resident of Limerick is being questioned by Gardai after identification
documents were discovered in his apartment in the name of one of the London terror
attackers, a Limerick based website is reporting.

The Limerick Leader have reported this afternoon that the Moroccan national was arrested
at a property in the city on Monday night on foot of information received from UK Police.

IN the exclusive Limerick Leader report it is suggested the documents were located during
searches of an apartment and that the man in question is being questioned by detectives
attached to the Garda National Immigration Bureau (GNIB).

It is believed the documents are in the name of Rachid Redouane - one of the London
attackers and who lived in Ireland for apewriod between 2055 and 2016.

The Limerick Leader are also reporting that sources within the gardai believe the man in
custody has been living and working in Limerick for some time and that he may have lived
elsewhere in Ireland prior to that.

They report that sources do not believe the man has been radicalised and that detectives
are seeking to establish the authenticity of the documents and how they were obtained.

It is understood that one of the possibilities being explored is that the man acquired the
documents after the London attacker had left the country.
GDPR Start now!
IN: DATA PROTECTION

If you do not know about the personal data you hold, you cannot comply
with the GDPR. So, trace the flow of personal data in your company.
Bear in mind that the personal data of employees is covered by the
GDPR.
Compliance with the GDPR will involve those self-same employees.
They will need training in the application of the principles of the GDPR
in your organization.
Possibly you are obliged to appoint a Data Protection Officer (DPO). If
so, even if you decide you need one regardless of a lack of obligation to
appoint one, there is little point in leaving it to May 2018 to do so. The
DPO will be needed to help you reach compliance with the GDPR.
As your DPO will tell you quickly, many systems must be devised and
implemented to ensure compliance. You will have to ensure that data
protection is baked in to your systems. In other words, no change can
take place without a rational analysis of the data protection implications
and the measurement of risk for any such change. Here, speaking of
change carries the assumption that your organization is not currently in
compliance. It would be an unusual organization if it were to be already
in compliance with the GDPR.
The GDPR requires the writing of a Data Protection Impact Assessment
for change. To comply with the GDPR is to change. So, you will need to
write your Data Protection Impact Assessment.
The foregoing is a cursory look at what you have to do. Start doing it
now. You are possibly going to be late and not in compliance on 25th
May 2018 but if you recognize the urgency you might just make it.
Start. Start now. Do not get diverted or distracted. You need to focus;
you will need all the time that remains to do even the few things listed
above.

Implementing Health Identifiers

A STRATEGIC INFORMATION GOVERNANCE PERSPECTIVE

DARAGH O BRIEN, KATHERINE OKEEFE

https://castlebridge.ie/system/files/private/whitepapers/implementing_health_identifiers_-
_a_strategic_information_governance_review_v3.0_0.pdf

The Health Information & Quality Authority (HIQA) recently published their Standards for Health
Identifier Operators which will form the basis for the implementation of Health Identifiers in the Irish
Health Service.

Since then, the European Court of Justice has issued two cases with potentially significant implications
for the data privacy governance of Health Identifiers, and the EU Data Protection Supervisor has issued
an Opinion on Ethics in Big Data which also raises issues to be considered in the context of the rollout
of Health Identifiers in Ireland.

Castlebridge has conducted a line by line review of the Health Identifiers Act 2014 and the HIQA
standards in both their draft and final form. Our review has looked at the Information Governance and
Data Protection issues, challenges, and opportunities in the implementation of Health Identifiers. This
edition of the Report reviews that analysis again in the context of the CJEU rulings in
Bara and Schrems, and the EDPS opinion on Ethics.

This edition consists of approximately 20% additional content, including an assessment on a section by
section basis of the implications of Schrems and Bara on the effective operation of the Health
Identifiers Act 2014.

Topics we address include:

 A section by section analysis of the legislation and the practical impacts on current work practices
in Health Care providers
A theme by theme review of the HIQA standards, including an analysis of sections that were
included in the Draft standards but have been removed from the final standard
The potential for Information Governance confusion with multiple roles being defined in the
Standards that are potentially duplicating effort or muddying lines of accountability.
The importance of objective standards for measuring the effectiveness and appropriateness of
training for Information Governance and Data Protection.
The impact of CJEU rulings on the practical implementation of information governance for the
Health Identifiers Act 2014
An overview of a model for aligning ethics with Information Governance
The increased importance of Privacy Impact Assessments, and the optimum time in the
Information Asset Life Cycle to conduct them.
In addition, we reference how our 3DC framework for Information Stewardship and our 11-Box Model
for Information Strategy alignment can help organisations and Healthcare professionals prepare for the
implementation of Health Identifiers.

Tags:
data protection
data privacy
healthcare

https://castlebridge.ie/products/whitepapers/2015/11/implementing-health-identifiers-
strategic-information-governance

A digitally stored photograph is a biometric

facial scan held electronically on the card. Ppt
source:
Why the brackets around "Number Plate/Face
Recognition" in this Smart CCTV plan?
-Its an offence to have people show you their PSC card. Its not an ID card. -Hey, whats this in
S5 of your Social Welfare 2017 Bill?

The Department has recently deployed facial image matching software

Dil debates
Wednesday, 5 March 2014
What are Dil debates?
Other Questions
Public Services Card
See the whole debate
Previous speaker
Next speaker
10:35 am

Joan Burton (Minister, Department of Social Protection; Dublin West,

Labour) | Oireachtas source
I propose to take Questions Nos. 9, 17 and 30 together.
Considerable progress has been made in the roll-out of the new
public service card, PSC. Approximately 580,000 cards have now
been produced. The purpose of the PSC is to enable people to
gain access to public services more efficiently and with a
minimum of duplication of effort, while preserving their privacy
to the maximum extent possible. In this regard, the Department
has developed, in conjunction with a number of other
Departments, a rules based standard for establishing and
authenticating an individuals identity for the purposes of access
to public services. The PSC is designed to replace other cards in
the public sector such as the free travel pass. Many pensioners
have the PSC card with the FT designation indicating free travel.
It proves very popular with pensioners to whom it is being rolled
out. It will make it easy for providers of public services to verify
the identity of customers.
The PSC is issued following a registration process. The legislation
provides that an individuals photograph and signature and the
verification of identity data already held by the Department are
captured by the card. Existing legislation provides for the
collection and storage of photographs or images in this context.
The Department has recently deployed facial image matching
software to help to detect and deter duplicate SAFE applications.
For example, if someone goes in and has a photograph taken, it
is matched with the stock of 580,000 photographs on the
system. Facial recognition techniques are used to a high level. If
someone applies for a PSC in Galway and is already on the
departmental system, it will show that the person has a card in
Athlone. We receive reports on a weekly basis.
Additional information not given on the floor of the House

Provision has not been made for further biometrics and there are
no plans to alter the position.
Deputies may wish to note that the introduction of the card can,
in addition to providing a more efficient service for customers,
also help to deter and prevent irregularities. For example, the
new card has led to the identification of 18 cases of facial
matches. Some prosecutions are pending as a result and it is
estimated that, at a minimum, the level of fraud detected and
stopped to date amounts to in excess of 1 million.
Face-to-face registration is taking place countrywide in 55 offices
of the Department for individual applicants for a personal public
service, PPS, number and people applying for or in receipt of
social protection payments or benefits, including jobseeker
payments, free travel entitlements, child benefit payments, State
pensions and one parent family payments. A table of the relevant
locations has been provided for the Deputies.
Selected low-risk customers have also been invited to avail of a
"postal" registration process which involves utilisation, with
consent, of information already provided for other Government
agencies, for example, a photograph supplied in connection with
an application for a passport. In addition, selected pensioners
over 66 years who collect their payments at a post office will be
invited, commencing early next month, to register by post,
including providing a passport standard photograph.
The PSC project has been earmarked as a key initiative in the
new public service reform plan; the aim is to expand the use of
the PSC to cover a greater range of services. PSC registration is
being expanded to encompass all departmental scheme
customers and over time the adult population of Ireland. In this
regard, the Department is in discussions with a wide range of
other public bodies to extend the client registration service and
the use of the PSC. Recently the PSC was included in regulations
as an acceptable form of ID for upcoming local and European
elections.

https://www.kildarestreet.com/debate/?id=2014-03-05a.99

The Department has recently deployed facial image matching software

Public Services Card/ 5 Mar 2014/ Dil debates (KildareStreet.com)

https://www.kildarestreet.com/debates/?id=2014-03-05a.94#g99

Heres what EU law defines as biometric data. Yes, facial images are included.
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

SG of DSP, at the PAC, in May 2015? Yes, the #PSC photo is biometric.
The development of the SAFE system (phases 1,2 and 3) was funded by the DSP and DPER. It
includes, in SAFE 3, a fingerprint/iris scan.

GDPR; Personal data belongs to people

IN: DATA PROTECTION
The EU deferred the application of the GDPR personal data rules for
two years to allow organisations to make the necessary internal
changes to reach compliance. The first, and possibly the most difficult,
is to perceive what is stated in the title here; personal data belongs to
the data subject.
Personal data, collected by you, is not owned by you.
Think of it as money. Less than one year from now, your organisation
must be able to account for personal data in very close detail. You will
be answerable to regulators and to the data subject for the personal
data.
If youre in a business or organisation preparing their GDPR compliance
project, you are going to need to include a map of all the personal data
you are storing (storage,in EU law, is a form of processing) , as well as
the purpose for which it is stored. Youll also need to be able to show
that you have a legal basis for that use, even if youre only storing it.
The GDPR even requires that you keep an up-to-date register of all the
data processing done in your organisation, for inspection by the
regulator.
Unless you prepare, the very possession of personal data could be a
breach of the GDPR data protection rules and, depending on the nature
of that breach, its circumstances etc., the fine for a breach could be fatal
for your organisation.
That is intended by the EU; under the GDPR, personal data is
potentially commercially radioactive. The EU intends to send that
message that if it is mishandled, you may go out of business. There are
historical reasons (see, most of the 20th Century) why the EU takes the
primacy of human dignity in data protection seriously. Theres no doubt
that, with the coming into force of the General Data Protection
Regulation, it intends that all the organisations doing business inside
the EU take it just as seriously as well.
Very clever. "We have no plans" doesn't mean that plans are ruled out altogether. Sure
didn't the Government once tell us that these cards were just for those claiming
entitlements? Now look at how that has changed...
Why give the contract to a Company that specialises in biometrics if they have no intention
of using the cards for biometrics?
Why even have a SAFE level system whereby one of the highest levels demand biometrics
as part of the card in order to comply if they have "no plans" for any of it??
And finally... why does the card have an RFID chip if they never intend on storing anything on it?
What a load of cock. Take with a very suspicions pinch of salt...

Very clever. "We have no plans" doesn't mean that plans are ruled out altogether. Sure
didn't the Government once tell us that these cards were just for those claiming
entitlements? Now look at how that has changed...
Why give the contract to a Company that specialises in biometrics if they have no intention
of using the cards for biometrics?
Why even have a SAFE level system whereby one of the highest levels demand biometrics
as part of the card in order to comply if they have "no plans" for any of it??
And finally... why does the card have an RFID chip if they never intend on storing anything on it?
What a load of cock. Take with a very suspicions pinch of salt...
so a private company is involved of a security measure and data,does that not goes against the data
prtoection set by social serveices?
everything in this country, it takes bringing this to the courts to get them to stand down. The question is,
who has the means to do it
can access the information on these cards? I've had one for some time and I'd like to think that people who
have been issued them would have a right to know what's on them and what the information is being used
for - the line that they're spinning so far is a patent load of codswallop.

The biometric facial recognition system employed by the Department is called "Cogent".
This software was developed by 3M to scan faces and match them to their data...
Just a photograph... ah yeah
Classic spin Simon. They are experts at it...
This is the Department's response to valid questions posed by Simon McGarr on Morning
Ireland radio this morning..

Statement on Public Services Card 25th August

2017
he Public Services Card (PSC) is precisely that, a card for accessing public services. It helps
customers access a range of public services easily. The users identity is fully authenticated when
it is issued so they do not have to give the same information to multiple organisations. It was first
introduced in 2011 and was initially rolled out to people getting social welfare payments. It is now
being rolled out to other public services.

The PSC is currently a requirement for the following;

Access to Social Welfare Services (including Child Benefit and Treatment Benefits)
First time adult passport applicants in the state
Replacement of lost, stolen or damaged passports issued prior to January 2005, where
the person is resident in the State.
Citizenship applications
Driver Theory Test Applicants
Access to high value or personal online public services, e.g. Social Welfare and Revenue
services, via MyGovId, the mechanism for accessing public services online.

The Department of Social Protection makes it clear to customers in receipt of social welfare
payments that they do need to register to SAFE 2 to access, or continue to access, a social
welfare entitlement.

Customers in receipt of a social welfare entitlement are written to and invited to make an
appointment to complete the SAFE 2 registration process -which results in them being issued with
a Public Services Card. The process takes about 15 minutes to complete, once all required
documents are presented. The Department also issues reminder letters to customers, if
required.
The majority of our customers accept the importance of, and need for the robust SAFE 2 identity
verification process when in receipt of a social welfare entitlement and c2.77m Public Services
Cards have been issued to date.

The decision to suspend or stop a payment is never made lightly. However, where a customer
does not satisfy the Minister in relation to identity as per the legislative requirements outlined
below, a payment can be stopped or suspended.

Legislative Basis for disqualification from receipt of benefit where identity is not
authenticated

In 2005, the Government approved a rules based standard for establishing and authenticating an
individuals identity for the purposes of access to public services. This standard is known as the
Standard Authentication Framework environment or SAFE. A Public Services Card (PSC) is
issued to an individual who has successfully completed a registration process to a substantial level
of assurance this is known as SAFE 2.

In the case of the Department of Social Protections own services, the legislation governing the
validation of identity for access to these is contained in the Social Welfare Consolidation Act 2005,
as amended, viz.

Section 247C(1) of the Act provides that the Minister may require any person receiving
a benefit to satisfy the Minister as to his or her identity;

Section 247C(2) of the Act specifies the consequences of failure to satisfy the
Minister in relation to identity as required, specifically that a person shall be
disqualified from receiving a benefit;

Section 247C(3) of the Act specifies the manner in which the Minister may be so
satisfied; in effect, this Section describes the process for registering a persons identity -
this is the SAFE 2 Process.

In other words, this legislation requires a person to satisfy the Minister as to their identity and
allows disqualification from receipt of a benefit in the event that it is not done. It is not possible for
a person to satisfy the Minister as to his or her identity without being SAFE 2 registered.

Legislative basis for usage of PSC by other public bodies

The legislation governing the production of the PSC and its usage by other public bodies is set out
at Section 263 of the Social Welfare Consolidation Act 2005. Section 263 also sets out how it is
an offence for bodies not specified in the legislation to seek or use the PSC. As an Garda
Sochna is not a specified body in the legislation (except in respect of its own members), it would
therefore be an offence for a Garda to ask someone to present a PSC

Is a Public Services Card a national Identity Card?

The Public Service Card is a card for accessing public services only. It is a token which proves
that a person has had their identity verified to a substantial level of assurance in accordance with
the SAFE 2 standard. It is governed in that context by legislative provisions in the Social Welfare
Consolidation Act 2005 (as amended), which limit its usage.

The Public Services Card does not have any of the typical characteristics of a national identity
card in that

You are not required by law to register for a Public Services Card. It is not compulsory or
mandatory for individuals to hold or carry a Public Services Card. There is no law in
Ireland requiring a person to carry any form of ID card (other than a driving licence when
driving).
 You are not required by law to provide it to a member of the police force at their
request. An Garda Sochna is specifically precluded from requesting an individual to
produce a PSC as proof of identity. This deliberate exclusion is a clear signal as to the
purpose of the PSC.

Bodies not specified in the legislation in either the public or private sector may not request
the PSC or may not be required to use it in any transactions.

The Public Services Card is exactly that a card is designed for the purpose of safely, securely
and efficiently providing public services.

PSC and Data Protection

The design of the card was discussed with the Office of Data Protection Commissioner which, in
its Annual Report of 2010, advised that The Public Services Card will include a photograph,
signature and electronic chip, as well as featuring the PPSN of the individual on the back of the
card. The incremental nature of the rollout of the Public Services Card is welcome as is the active
engagement of the Department of Social Protection with all stakeholders including our Office to try
to ensure that all relevant issues are addressed. It has already completely taken on board a
number of points which we have made, which I very much welcome.

The personal information on the card is deliberately restricted to avoid misrepresentation or

identity fraud in circumstances where the card has been lost or stolen. Lost or stolen cards are
replaced without charge.

PSC and Security

Given the value of a Public Services Card, its design includes a number of advanced physical and
technical security features that meet the highest international standards of data security.
Importantly, all data contained on the PSC chip is encrypted. Only paired card readers specifically
programmed to accept Public Services Cards can read the encrypted personal data which is held
on the card.

Free Travel Variant of the Public Services Card

Free Travel customers include those over 66 years of age, and customers in receipt of Disability
Allowance, Blind pension, Invalidity payments, Carers payments and those participating in the
Make Work Pay scheme who can retain their free travel entitlement for a period of five years
after they return to work. The Free Travel variant of the PSC holds a separate contactless chip
which allows it to interact with the Integrated Ticketing System operated by the National Transport
Authority. No personal information on a customer is made available to any transport operator
either inside or outside of the jurisdiction when the PSC is used to interact with the ticketing
system.

Have the Public Been informed about this ?

The Department has always been open about its plans to invite all customers in receipt of social
welfare payments to register to SAFE 2. The Department has also produced explainer videos in
both English and Irish relating to the PSC card and it use; these are available on the Departments
website. www.welfare.ie/psc

The legislation underpinning the Departments application of the SAFE registration process and
use of the PSC has been published and debated in the Oireachtas. Since the launch of the PSC in
2011, the Department has answered a considerable amount of questions both in the Dil and in
the Irish media.

ENDS
Department of Social Protection
25th August 2017

So the Department of Social "Protection" have discredited themselves with that statement
saying the do not use biometrics.
The government lying ! No way , I'm shocked.
So if the Department admitted in 2015 that they do in fact take a biometric photo of you,
where exactly is that biometric photo stored?
Well according to this powerpoint slide from the very same Department, it's stored ON THE
CARD even though they stated it's not.

In fact here's Joan telling it like it is back in 2014...

That geebag says anything u know it's a lie

Letter in the Irish Times re Public services card and data privacy
Sir, In response to Donal McGrath (August 25th) on the public services card, and his
comparison with Denmark, the Danish Sundhedskort (health card) is merely for access to
a local doctor, and contains no information beyond a persons name and equivalent of a
PPS number.
It does not contain any photo, and thus is nowhere near comparable as an ID card.
In my many years residing in Denmark, not once have I been prompted to produce my Sundhedskort
for access to any Danish public services. This includes exchange of my Irish driving licence to a
Danish driving licence. Accordingly, equating the Danish health card with Irelands new public
services card is an inaccurate comparison.
Debate about the future mandatory nature of any public services card in Ireland has to focus on
citizens privacy, and the right to respect for their personal data, which the Government is carefully
tip-toeing around.
Avoiding any serious debate about the use and potential abuse of individuals data and public
services cards is a disservice to taxpayers, first and foremost. Yours, etc,
Yours, etc,
Dr GRAHAM BUTLER
Assistant Professor of Law,
Aarhus University,
Denmark.
Seems Actavo (aka Siteserv) are branching into all things military, now that the water
metering contract awarded to Denis by his Fine Gael pals is being hampered by those
annoying anti-water protesters. Simon Coveney, the Bilderberg man who wants to scrap
Irish neutrality and get this country involved in EU wars must have been very helpful to
Dinny in this regard.

Banks write off over 300m in three deals

with Denis OBrien
Deals saw businessman invest 230 million to acquire Siteserv Group, Topaz
Group and Beacon Private Hospital
Fri, Jun 13, 2014
Billionaire businessman Denis O'Brien has recently added the Beacon Hospital, Topaz Energy and
others, to his portfolio. Colm Keena takes a look at the steady stream of Irish acquisitions by the
businessman over recent years. Video: Darragh Bambrick

The purchase of three major Irish businesses over the past two years by the
billionaire businessman Denis OBrien involved total bank write-offs of more than
300 million.
The deals saw the businessman invest 230 million to acquire the Siteserv Group,
the Topaz Group and the Beacon Private Hospital.
The Siteserv deal saw the State-owned Irish Bank Resolution Corporation, which
is now in liquidation, write off 110 million of the 150 million it was owed. Mr
OBriens move to become the major shareholder in the Topaz Group earlier this
year involved the IBRC writing off slightly more than half of the 304 million it
was owed.
Beacon Hospital
Last month, Mr OBrien bought debt of approximately 100 million due to Ulster
Bank for a reported 35 million in a deal that gave him control of the Beacon
Hospital in Sandyford, Co Dublin.
Mr OBrien, who has a 29.9 per cent stake, is the biggest shareholder in the
Independent News & Media. In April last year the group did a deal with its eight
banks, which include AIB and Bank of Ireland, where the banks wrote off 138
million of an overall debt of 422 million, in exchange for a shareholding in the
group worth approximately 10 million.
The Topaz Group was purchased by Mr OBrien using Kendrick Investments Ltd,
an Isle of Man company incorporated in July of last year. Siteserv was bought
using another Isle of Man company, Millington Ltd, incorporated in December
2011 to buy the Irish services group.
In March this year Kendrick entered into a mortgage arrangement with the Bank
of Ireland, with the Topaz business among the mortgaged assets, according to its
filings in the Isle of Man. No charge has been registered against Millington.
Mr OBrien is not tax-resident in Ireland and his Digicel group is headquartered in
Bermuda. The Isle of Man does not impose corporation tax on most companies
and does not have capital gains tax.

Kenny successfully kicked the Siteserv controversy down the road to

allow him to stretch out his long goodbye. But the truth might emerge
soon because of emails carelessly exchanged. Not that it will make any
difference, politicians are never punished in Ireland for any wrongdoing,
they never suffer financially and even if it emerges that Kenny and his
close circle of Blueshirts, including Noonan and Hogan were involved in
ahem ... "helping out" their close friend Denis O'Brien, they will all just
have a good laugh about it. Of course Varadkar was in the same room
along with Paschal ... but let me guess - they heard nothing, saw
nothing.

CAUGHT ON TAPE RIDING LITTLE BOYS IN A HOTELROOM

https://www.irishtimes.com/business/companies/banks-write-off-over-300m-
in-three-deals-with-denis-o-brien-1.1830533
Thanks to The Phoenix magazine we find out that Simon Coveney - the man who wants to
be Taoiseach, has given away out multi-billion seaweed industry to foreign multinational
companies. The present and last government, including Ministers Pat Rabbitte, Alex White
and Alan Kelly allowed dirty deals to be done behind closed doors to hand over more of
Ireland's natural resources to companies who will reap huge profits from a shady
agreement that was hidden from the Irish people. As if it wasn't bad enough that Noonan and
his henchmen in NAMA sold our country brick by brick to vulture funds.
It started when we joined the EEC and meekly gave away our valuable fisheries to French, Spanish
and countries trawlers. They arrived in our waters in massive factory ships, stole BILLIONS of our
wealth and have almost wiped out our fishing industry. We continued the fine tradition of being
Europe's laughing stock by giving away our oil and gas to Shell, Statoil, etc. (of course that rotten
deal was greased by brown envelopes). Then we took on the EU's bad banking debt and paid their
gambling bondholders because we LIKE being the whipping boys of the EU.
Now we find out that the Bilderberg Group's man in Ireland, Simon Coveney, the Minister for Lying
about House Builds, has been busy giving away our seaweed industry. Why Simon? What's in it for
you?
What a corrupt little banana republic we have become. What a rotten-to-the core crowd of fucking
useless politicians we have allowed to get into power.

Very kind of Fine Gael owner Denis O'Brien to give the Canadian Taoiseach some space
in his Irish Independent today to promote the Blueshirts latest catchphrase - "Republic of
Opportunity." As you know our Taoiseach is on three months holidays and on a Pride Tour
of the World, but his new spindoctors/propaganda unit are working diligently and cobbled
together the article to fill some space in the Indo, this being the silly season and not much
happening with the government on an extended holiday. I had a quick read of "Leo's" wise
words to see if they mentioned homelessness or children in hotels, but no. You see in Leo
VarThatcher's world "OPPORTUNITY" means opportunity for the elites, the wealthy
backers of Fine Gael, like Dinny, the bankers, the Vulture Funds, the re-emerging property
developers and the big business owners who always backed Leo's party. The Republic of
Opportunity is theirs once more and to paraphrase Bertie - the boom is getting boomier for
them.

Poor old Bruce Forsyth passed away at the weekend, but I'm sure he wouldn't mind if the
spindoctors borrowed one of his famous catchphrases for Leo to use when welcoming his
wealthy backers ...

Leo "It's nice to see you, to see you ..."

Fine Gael Republic of Opportunists "Nice"

The 60 million Euro question. Why do we allow this?

All I have to say is this. Look at Texas. The world over is changing, and changing fast. Mental health is rife,
suicides are up, people are homeless and children on the streets, a few heavy rainfalls here and we'll see
flooding, destroyed homes and businesses and broken people. That ledge in Antarctica has broken off,
sea levels will rise, the poles are due a shift..... I couldn't give a rat s ass about a card.
1. On the link provided above there is no "Are you scared yet?". Fact.

2. Your words: "Unless there is an ethical and strong legal recourse in our very "fair and unbiased" courts of law that
can put an end to all this, (pfffft!)" - Our words and others: It's considered legal unconstitutional. Let's get ourselves in
a position, to be able to take this peaceful solution also.

3. So instead of just giving out about others trying to also highlight the issue to others more unaware of the whole
matter - what have you done also, to progress things too, to a possible solution?
4. Should we all just then give up and die (as you seem to suggest) - or organise ourselves into opposition groups. get
elected, so that we can also start to turn the tide of legislation back to a direction where people come first, once again?

5. What can we do - besides the above already mentioned? Further educate others would be an additional start. Then
again, as soon as some of us are doing just that, we are knocked by others - 'others' giving out about others speaking
up - go figure!
The Irish Government are all Part of Agenda 21- 30..Depopulation is
their Agenda...And we all sit back and Post on Fb..when will we Rise Up
Against This....

WELFARE FRAUD - WHAT ABOUT GOVERNMENT FRAUD - WHAT ABOUT

OFFSHORE ACCOUNTS? WHAT ABOUT CORRUPTION IN THE GARDAI? WHAT
ABOUT TREASON WITHIN THE COURTS BY KNOWN TD`S LEO ?
Jim Daly is Minister of State at the Department of Health with special
responsibility for Mental Health and Older People. Daly was promoted
by Varadkar after making some typical Thatcherite comments over the
last few years which endeared him to the Sock Man. Jim, wanted all
those on Free Travel to start paying - a little at first, no doubt, later Jim
and Fine Gael would increase the charges every year to do away with
free travel. Note that Jim is Minister for Older People.
Jim is also chomping at the bit to get water charges back and would like
to take the charges out of Social Welfare payments, old age pensions,
etc.
The billing cycle at Irish Water has been paused, not ceased or
discontinued" says Blueshirt Jim.
I suggest a penalty for late payments similar to the 10 per month
which would focus minds and result in a significantly increased payment
rate.
The already legislated for attachment orders which allow for
deductions from State payments would kick in on all bills which exceed
the 500 threshold, thereby ensuring full compliance, Daly said.
We predict that Jim will go far in Varadkars Right Wing adminstration.
Oh, how General Eoin O'Duffy, the founder of Fine Gael/the Blueshirts
could have done with a few Jim Daly's in the 1930's when trying to
create his fascist state.
Our Taoiseach is on holidays until September 17th and is on a world tour
with his partner (at our expense). Today Leo popped up in Canada,
where he continued his bromance with Justin Trudeau, the Canadian
Prime Minister. Trudeau, like Varadkar is media savvy, but a fake.
Trudeau twitters too. But Leo's pal never mentions the arms sales to the
Saudi Arabia nutjobs or his dirty little secret - the Tar Sands. The Tars
Sands project involves the dredging of oil from under Canadas boreal
forest and piping it to Trump's United States. It is causing massive
environmental damage and forcing First Nations communities to
abandon their ancestral lands. Trudeau and Varadkar employ highly
skilled teams of spindoctors to project themselves as modern, smart,
caring leaders.
The reality is very, very different.
That is why Varadkar has eastablished a brand new PR department
within the Taoiseach's office and headhunted some of the top
spindoctors in the country to run it - John Concannon, the marketing
guru behind the Wild Atlantic Way, The Gathering, Ireland 2016 and
Creative Ireland, John Carroll, a PR executive, who played a leading role
in Mr Varadkar's leadership campaign and previously worked as a policy
adviser, Sarah Meade, previously a spindoctor to Heather Humphries
and Dr Patrick Geoghegan, a Trinity College historian who also works
for Denis O'Brien's Newstalk and who is now writing Varadkar's
speeches. This propaganda unit are up and running and the above and
others who staff the "Goebbels Unit" (as they apparently refer to
themselves) are on lucrative contracts - paid for by YOU and ME. They
do have to work hard 'though, to be fair to them ... explaining away the
homeless families sleeping in cars... the families sleeping on the streets
and in tents ... and the "family" hubs ...
https://www.nrdc.org//dirty-fight-over-canadian-tar-sands-

Is Bart Simpson real? Of course not, says you - he's just a cartoon, a
media creation. Is Leo Varadkar real? Well he must be says you. He's our
Taoiseach, the leader of our country, the man who's going to house the
homeless, the man looking after Brexit ...
Dig deeper though and start asking questions and you discover that Leo
was actually created by a PR company, is a caricature just like Bart and
does not DO anything apart from reality TV.
Reality TV is manufactured by media companies and is beamed into our
lives via our smartphones, Sky, Twitter, Facebook, Netflix, etc. The
team behind "Taoiseach Leo" plucked a fairly average individual from
the obscurity of being a run-of-the-mill Fine Gael TD and with a bit of
careful promotion turned him into a Media Star. The fact that the guy
had limited talent was no obstacle - just like "Britain's Got Talent," what
they were looking for was an oddball. A sword swallower ... one man
and his dancing dog ... a brutally bad Karaoke singer ... "that's been
done already, so lets get this guy who is Irish but half Indian, is a doctor
but got into politics, went to TCD, lives in posh Castleknock .... fuckin
sounds ideal!"
"He's gay". "What? OM ..good ... FG .. this is unbefuckingbelievable ...
get this guy in here, hire the best photographer, lets make this guy a
star"
"He can't sing, can't dance".
"Doesn't matter ... we'll make him Prime Minister instead".
The PR photos
1. Leo and the Finance Minister enjoy tea and scones
2. Leo side view. Makes him look like a statesman
3. Leo the Ordinary Man, listening to the people, sharing a joke
4. Leo the Fit and Healthy leader jogging in the park
5. Leo the champion swimmer gets up every morning and does 50
lengths of Olympic swimming pool before work
6. Leo. International Statesman meets other world leaders
7. Leo on the front cover of Time Magazine, just like Obama

Remember how Irish Water wanted our PPS numbers? They just HAD to
have them and a lot of people handed them over or were bullied into
giving them. And then Fine Gael/Labour discovered that this was
against data protection laws and Irish Water ignominiously had to
destroy their PPS database. But now it seems to perfectly OK for the
Department of Social Protection to gather much, much, more data on
every citizen and share it around different State departments willy-nilly.
For good measure all the information on every citizen is on the
computers of a British company who were awarded the mouth-watering
SIXTY MILLION EURO contract to issue ID cards. It is almost certain
that this National ID card project is illegal under EU laws on data
protection, but such was the haste of Paschal Donohue, Varadkar,
Kenny & Rabbitte and now Regina Doherty to sail ahead full steam with
the ID cards that they forgot about citizens rights and privacy laws.
This has the potential to be another Irish Water, another E-Voting
machines... ANOTHER MASSIVE FIASCO. But these politicians don't
care. THEY won't suffer. It's only OUR hard earned money. All SIXTY
MILLION of it.
http://www.thejournal.ie/pps-numbers-irish-water-2016577-M/
Garda could be given access to
PPS numbers of two million
drivers
Mark O'Regan
March 30 2015
Giving garda widespread access to the PPS numbers of two million road users
would be an "absolute game changer" in Irish motoring, the head of the AA
has said.

A special Government taskforce is now considering allowing gardai more

widespread access to the numbers.

Other measures examined by the multi-agency group include the exchange of

PPS details between private vehicle buyers and sellers.

Also being reviewed is the linking of the PPS number of a car owner with the
registration of each new vehicle. The group is also looking at social security
numbers being used to block people with unpaid fines from selling or buying
vehicles or from renewing a licence. Garda are not on the list of bodies that
are allowed to access the PPS details of private citizens.

The director of AA Ireland, Conor Faughnan, said the measures were

"drastic", but unlikely to be introduced anytime soon.

Speaking to the Irish Independent, he stressed there's more at play than just
"motoring issues".

"Essentially, they're talking about using PPS numbers as a national

identification system. But there's more to doing that than simple road safety
administrative matters. It's a drastic solution, and the debate should go far
beyond road safety. But in terms of road safety, it is true that this area needs
to be tidied up, and we need better administration."

The proposals are contained in the official minutes of meetings of the

Criminal Justice Working Group. The group was set up to consider changes to
road traffic crime enforcement, in the aftermath of the penalty points
controversy.

The prospect of giving garda widespread access to PPS numbers was first
raised last April.

The proposal was tabled at a meeting of the taskforce, which is jointly chaired
by the Departments of Transport and Justice, according to documents
obtained by RTE's 'This Week'.

The membership of the Criminal Justice Working Group includes the

Departments of Justice and Transport, An Garda Sochna, the Courts
Service, the office of the Director of Public Prosecutions, and the Road Safety
Authority.
advertisement
Advertisement 00:25
Access to PPS numbers is primarily the responsibility of Tnaiste Joan
Burton's Department of Social Protection. Ms Burton said one of the main
issues being examined by the internal working group was how to clamp down
on motorists who refuse to pay fines.

"Some of those may be dangerous to other road users," she told the Irish
Independent.

"I presume, like all working groups in every department, they're examining to
see if there are things they can do to actually improve the situation, and
reduce potential dangers for people using our roads."

http://www.independent.ie/irish-news/news/garda-could-be-given-access-to-
pps-numbers-of-two-million-drivers-31104150.html

Donohoe supportive of
garda getting drivers PPS
numbers
Proposal aimed at helping garda identify drivers
Mon, Mar 30, 2015, 13:19 Updated: Mon, Mar 30, 2015, 15:36
Mary Minihan

Minister for Transport Paschal Donohoe has indicated he

would welcome a move to allow garda to have access to
PPS numbers to enforce penalty points.
https://www.irishtimes.com/news/politics/donohoe-supportive-of-
garda%C3%AD-getting-drivers-pps-numbers-1.2158665?mode=sample&auth-
failed=1&pw-
origin=https%3A%2F%2Fwww.irishtimes.com%2Fnews%2Fpolitics%2Fdonoh
oe-supportive-of-garda%25C3%25AD-getting-drivers-pps-numbers-1.2158665

Gardai arrest waiter who had PPS number linked to

terrorist

GARDAI are attempting to determine how a Moroccan national working

here came into possession of a Personal Public Service (PPS) number
registered to one of the London Bridge attackers.
Detectives from the Garda National Immigration Bureau (GNIB) arrested the
man on Monday evening, after receiving intelligence that he had documents
linked to 30-year-old Rachid Redouane.

Reports indicate that the Moroccan man was working as a waiter in Limerick
and was using a PPS number previously linked to Redouane.

However, following initial inquiries, gardai do not believe the man came into
direct contact with the terrorist.

He was held at Roxboro Garda Station in Limerick city for several hours, but
was eventually released without charge.
Detectives are in the process of establishing if the documents containing
Redouanes information are authentic or if they were forged.

A file is now being prepared for the DPP.

A man was arrested on the evening of June 5, 2017, for offences under the
Theft and Fraud Offences Act 2001 and was detained under Section 4 of
Criminal Justice Act 1994, a garda spokeswoman said.

A senior source said last night that the arrested man was not suspected of
being directly associated with the London terror attacker.

This does not appear to be terror-related and the individual who was arrested
may have been unaware until now of who the documentation he was using
belonged to, a source said.

Documents bearing a PPS number linked to Redouane were found and were
used for employment rather than for anything more sinister.

At this stage gardai have nothing to suggest that he was ever even in direct
contact with Redouane.

Redouane (30) was a pastry chef who was first recorded as being in Dublin in
2012, along with his wife Charisse OLeary (38), who is originally from the UK.

Security sources have said the terror attacker lived at an apartment block in
Rathmines, south Dublin, with Ms OLeary. They were there on and off over a
period of four years.

Redouane and Ms OLeary married in Ireland on November 7, 2012, before

moving to the UK.

They returned in 2016, before leaving again in March of that year, records
show.

Authorities have not yet established how and when Redouane originally
entered Ireland, and believe he made several return trips to pass UK
immigration checks.

http://www.sundayworld.com/news/crimedesk/gardai-arrest-waiter-who-had-
pps-number-linked-to-terrorist

Inquiry into Reports of Unlawful Surveillance of Garda Siocha na Ombudsman

Commission
http://www.taoiseach.gov.ie/eng/Publications/Publications_2014/GSOC_Cooke
_Report_.pdf
Fake breath tests not used by
Gardai to claim overtime says
Garda Commissioner Noirin
O'Sullivan

Fake breath tests not used by Gardai to claim overtime says

Garda Commissioner Noirin O'Sullivan" title="Fake breath tests
not used by Gardai to claim overtime says Garda Commissioner
Noirin O'Sullivan" class="img-responsive" />
An audit has revealed almost one million fewer drink-driving breath
tests were carried out from 2012 to 2016 than gardai had claimed
The Garda Commissioner has said bogus roadside breath tests were
not used by officers to claim overtime.
Noirin O'Sullivan also told a parliamentary watchdog that she has no
evidence that records of 400,000 mandatory alcohol testing (Mat)
checkpoints on the roads are false.
In 23 pages of written replies to the Oireachtas Justice Committee on
the gross exaggeration of drink-driving statistics and the wrongful
prosecution of motorists for traffic offences, the commissioner said
there was no "co-ordinated effort or drive" to inflate activity from
drink-driving crackdowns.
An audit has revealed almost one million fewer drink-driving breath
tests were carried out from 2012 to 2016 than gardai had claimed.
The Garda also admitted that 146,000 people were taken to court and
14,700 people were wrongly convicted of motoring offences because
of issues with the fixed penalty system.
Some of those had not paid fines but were prosecuted even though
they had not received the fixed charge notice in the post, while others
were taken to court even though they had received the penalty and
paid it.
The Garda chief was asked to answer another 27 questions on the
scandal after a lengthy hearing in Leinster House almost two weeks
ago.
Ms O'Sullivan told the committee: "The results of breath-testing were
neither used as a performance indicator nor justification for incurring
overtime."
And with reviews of the controversy ongoing and no official
explanation for the improper prosecutions and gross exaggeration of
data, the commissioner said there is no evidence "at this point in
time" to suggest the records on mandatory drink-driving checkpoints
are not accurate.
"An Garda Siochana has put considerable control mechanisms in
place to ensure that Mat checkpoints are conducted and recorded
correctly," she said.
Ms O'Sullivan told the committee that the checkpoints were primarily
preventative but designed and located to improve safety and reduce
road deaths.
The written responses to the committee also revealed "staff
associations" were concerned about increased paperwork when a new
order was issued last year on how records of checkpoints were to be
kept.
The scandal, on the back of a catalogue of controversies to have
dogged the force, not least the treatment of whistleblowers, prompted
the government to promise a special commission to review of
management, training, recruitment, culture and oversight.
Meanwhile, the committee was told internal auditors are reviewing
Garda data on domestic violence and the classification of a number of
homicides.
In the written responses, the commissioner also said that an article in
the Irish Times on anomalies in breath test figures did not influence
the decision to contact the Medical Bureau of Road Safety about data
it held on breathalyser use.
An anonymous letter from a Garda Reserve to the Road Safety
Authority in April 2014, which was subsequently sent to the
Department of Transport and then the Garda, was the catalyst for the
initial sample review of breath tests figures in the Southern Region in
2015.
The commissioner claimed that because the tip-off was made
anonymously, "it was not possible, at that point in time, to identify if
there was substance to any of the issues raised".
The assistant commissioner for the Western Region assessed the
allegations about anomalies in the data in 2014 but shut down the
inquiry in December of that year after he "was unable to progress the
matter any further".
According to the Garda website, Donall O'Cualain took charge of the
Western Region in July 2012.
Seven months lapsed between a final report on bogus breath test
numbers in the Southern Region being completed in November 2015
and a nationwide audit being set up, the committee was told.
It would be another year before the public had any indication of an
issue when a notice was posted on the Garda website warning about
the data.
The issue was reported to the commissioner's office in June last year,
the committee was told.
An interim report on the issues the scale of them and potential
insight as to how and why they occurred will be completed in a
month and a final report will be sent to the Policing Authority by the
end of June.
Garda face fake breath test report difficulties
Garda Commissioner Nirn OSullivans failure to deliver an internal
audit report into 1m fake breath tests and fixed-charge notices has been
blamed on considerable difficulties in gathering facts, several months
after the scandal broke.
Wednesday, July 12, 2017
By Daniel McConnell and Fiachra Cionnaith

A confidential internal Garda report into the affair, drafted by

Assistant Commissioner Michael OSullivan and seen by the Irish
Examiner, has stated the process will not be completed until July 31,
after the Dil rises for the summer.
As a result, the Public Accounts Committee, which will take evidence
from the commissioner on Thursday, will not be in a position to probe
her on the fake breath test issue until the autumn.
PAC member and Social Democrat leader Catherine Murphy last night
said once again we have a coincidence that an issue which the
committee wishes to press cannot be dealt with.
Anyone watching US crime shows are told there is no such thing as a
coincidence, and we cannot say this is deliberate, but as a result we will
have to wait until the Autumn to get answers on this most serious
issue, she told the Irish Examiner.
According to the report, work remains to deliver a full explanation of
what happened because of problems in reconciling data.
There have been considerable difficulties in reconciling data in the
course of this examination, the confidential report states.
This includes data held by the medical bureau of road safety and An
Garda Sochna.
This difficulty was a factor highlighted by the Garda Siochana
Inspectorate in their review of Roads Policing and Recommendations in
November 2008.
The report, dated June 26, said there was work to complete in more
than 20 strands of inquiry both in terms of the breath test issue and the
fixed-charge notice issue.
The commissioner came under pressure to resign in March after it
emerged the force exaggerated the number of breath tests taken
between 2012 and 2016 by 1m.
In response to the revelations, Ms OSullivan was to make public a final
report into what happened, how, and who was responsible.
The PAC met privately on the Garda college report yesterday. It is due
to be published next Tuesday. They meet again in private this
afternoon, before a public meeting with Ms OSullivan tomorrow.
The PACs college report is expected to heavily criticise Ms OSullivan
and the Department of Justice for failing to fully inform the Comptroller
and Auditor General of the crisis at the facility, but will not be able to
make claims on alleged fraud or other issues.
The second interim report into the controversy was criticised by Policing
Authority chair Josephine Feehily last week for containing no analysis
at all on the fake figures.
Update 5.40pm:The Road Safety Authority says it is greatly concerned
by today's revelations.

It says the absence of credible and reliable enforcement metrics - such

as the numbers of drivers being breath tested - makes it almost
impossible to evaluate the effectiveness of efforts to make our roads
safer.

The body says it is now seeking an urgent meeting with Assistant

Commissioner Mick Finn to get clarity on what is being done to deal
with the issue.
The RSA says it is particularly concerned about the impact the situation
will have on the public's faith in An Garda Sochna.

Update 4.40pm: The Garda have released further details of the issues
discovered with administration of fixed charge notices (FCN) and
roadside breath tests.

Administration of fixed charge notices

An Garda Sochna has issued over 10.5m Fixed Charge Notices since
2006.

An initial examination of records for offence Not having a valid NCT

Certificate indicated that in 759 cases, where a fixed charge
notice had been issued and paid a summons was later issued.

The examination of all fixed charge offences identifies that 1,130 cases
have had summonses issued for offences where the FCN has been
paid.

An examination of 830,687 summonses issued between 1st January

2006 and 27th May 2016 for road traffic offences declared as fixed
charge offences has now taken place.

This review has identified that in addition to prosecutions taken where

the person prosecuted had already paid a fixed charge for the
offence prosecutions were initiated where a fixed charge notice
had not been issued. A total 146,865 summonses were brought
before the Court in these circumstances.

In relation to 146865 summonses 14,700 cases resulted in a penalty

being imposed by the courts. The force has undertaken to appeal
those outcomes to the Circuit Court.

Garda have spoken to the DPP and the Court Services about how to
rectify cases where a penalty has been imposed. They will be
bringing these matters before the courts and requesting that the
convictions are set aside.

A number of solutions were identified by Garda IT and, as of July 15
2016, an IT solution has been designed and rolled out.

People affected can expect to receive a letter between April 3 and 14

and this will contain a contact telephone number.

Roadside breath tests

A review - initially of breath tests conducted at traffic collisions - led to

concerns about the overall quality of our data and recording
systems.

A full review of breath test data across the entire organisation

commenced in 2016 and was unable to reconcile the PULSE data
and our paper based breath test data - primarily due to significant
gaps in the manually recorded breath test data.

There was a significant deficit between the data recorded on the

PULSE System for Roadside Breath tests versus the number of
breath test recorded on the apparatus used by the Medical
Bureau for Road Safety. The difference between the data (2011-
 2016) is:Pulse Data: 1,995,369Medical Bureau of Road Safety
Data: 1,058,157

Garda say there is no one single reason that may account for the
discrepancy.

Over that period over 1,200 devices were in use across 108 Garda
Districts with no central recording process.

A new IT upgrade means that personnel now have to record the serial
number of the device used for each breath test plus the meter
reading before and after the checkpoint was concluded.

Earlier: Thousands of drivers will have their penalties overturned after a

serious mistake by the Garda. The force has also admitted there is a
huge discrepancy in their recorded breath test figures.

Between 2006 and 2016 there were 147,000 offences where a court
summons was issued instead of a fine.

Of those 96% had other offences that could have landed them in court,
but almost 6,000 had no other offence and should have just received a
fixed charge notice.

One of the country's policing watchdogs has issued a damning

indictment of the ethics and integrity of An Garda Siochana after the
audit, which found almost one million fewer breath tests were carried
out than the force claimed.
All these cases will be appealed in court with the Garda not contesting
the cases - meaning fines, possibly in the millions, will have the be re-
paid.

Superintendent Con O'Donoghue apologised for the mistake.

Separately, the Garda have discovered a massive discrepancy in their

recorded number of breath tests.

Almost a million extra tests were recorded, with the Garda admitting
they do not know what caused the mistake.

Garda were recording the figures from memory instead of digitally,

which has changed according to chief commissioner Michael Finn

The mistakes raise questions over garda procedures, and they say an
internal investigation has been launched to establish how it occurred.

The Policing Authority said the discrepancies raise widespread concern

about how garda go about their work on a daily basis.
The oversight body also warned the scandal erodes confidence in the
credibility of data recorded by the Garda.

The review of roadside breath tests for five years to 2016 found the
Medical Bureau of Road Safety recorded 1,058,157 tests had been
carried out but the Garda recorded 1,995,369.

In a statement, the watchdog said: "The Authority is alarmed at the

scale of the discrepancies disclosed between actual alcohol tests
administered and the numbers recorded by garda.

"This is not just an academic statistical matter, it is an ethical one. It

raises serious questions of integrity for the Garda Siochana organisation
and combined with previous issues regarding inflated activity levels,
erodes confidence in the credibility of Garda data generally.

"It again raises concerns about management and supervision... In the

view of the Authority, the scale of the discrepancy is further evidence of
deep cultural problems within the Garda service - a culture in which such
behaviour was possible."

The Policing Authority said the Garda had admitted that there are
possible wrongful prosecutions and convictions.

Some 830,000 cases have been reviewed by the force and people
affected are being contacted but the watchdog said there are
potentially thousands of people caught up in the errors.

The Policing Authority said it raised questions about roadside breath-

testing statistics and practices in January but was not told a review was
taking place.

It said it also has concerns about how decisions are taken on the issuing
of a summons and what happens to cases between checkpoint,
detection and conviction.

It is not the first time the Garda's record keeping has been called to
account.

Last year, official analysis by the Central Statistics Office found almost a
fifth of crime reported to the force was not recorded on its own system.

It also said the force's success rate in solving crimes is probably 10%
lower than claimed.

In 2015, the CSO said almost a fifth of crimes reported to the Garda in
2011 were not recorded on the Pulse database.

That followed a damning audit by the Garda Inspectorate, published in

2014, that exposed massive errors on the Pulse system including poor
classification of incidents and under-reporting casting doubt on the
country's true crime rates.

The watchdog concluded that it was difficult to determine the scale of

unrecorded crime but it could be about a quarter of offences.
http://www.irishexaminer.com/ireland/gardai-face-fake-breath-test-report-
difficulties-454623.html

Garda taskforce reviews possibility of garda

access to PPS numbers
Sunday 29 March 2015 15.44

The prospect garda access to PPS numbers was

first raised last April at a meeting of a Government
taskforce
Unprecedented garda access to the PPS numbers
of more than two million road users is being
considered by a special Government taskforce,
according to documents seen by RTs This Week.
Other measures examined by the multi-agency
group include the exchange of PPS numbers
between private vehicle buyers and sellers.
Also being reviewed is the linking of car-owners
PPS numbers for each new vehicle registration.
Social security numbers being used to block people
with unpaid fines from selling or buying cars or from
renewing a licence is also being assessed.
The proposals are contained in the official minutes
of meetings of the Criminal Justice Working Group.
Irish Water had to destroy
859,099 PPS numbers and its
still not finished doing it
The company said it could not yet reveal the cost of deleting the PPSN.
Mar 29th 2015

Image: Shutterstock/rtbilder
IT WAS ANNOUNCED last November that Irish Water
would cease to ask for PPS numbers and that it would delete
any numbers it had already received.
At the time the Managing Director of Irish Water John
Tierney said the company expected to have all the PPS
records deleted by the end of January.
We have now reached the end of March, but are all the PPS
numbers deleted?
Under a Freedom of Information request Irish Water
revealed that it received 859,099 registration forms by 19
November last year the date it discontinued the practice of
collecting them as part of the registration process.
A protocol for the deletion of PPS numbers returned to Irish
Water was agreed with the Data Protection Commissioners
office.
However, when asked how much was spent on deleting the
numbers, it said, The final costs of disposal have yet to
be determinedwhen the disposal of all PPSN information
has been completed the full cost of carrying out this process
will be made available by Irish Water.
The company says it will send out more than 1.7 million bills
in the coming weeks, knowing that hundreds of thousands of
those are incorrect because people havent filled in their
forms correctly.
Minister for the Environment Alan Kelly announced in the
Dil this week that people will have to register with Irish
Water by June 30 to qualify for the 100 water conservation
grant.
http://www.thejournal.ie/pps-numbers-irish-water-2016577-Mar2015/
Well delete all those PPS
numbers by January Irish
Water chief
The big sell of Irish Water is well under way Ministers have also
been out today talking up the 1.15 a week figure.
Nov 20th 2014,

Irish Water managing director John Tierney.

Image: Niall Carson
Updated at 10.40pm
IRISH WATER MANAGING Director John Tierney has said
the company expects to have deleted all PPS records by the
end of January.
Concerns were raised over the utilitys requirement for the
ID numbers in recent months.
And in its revamped plan for the contentious semi-state, the
Government announced yesterday that all PPS numbers
already on record with it will be deleted.
Speaking to RT News today, Tierney said that the initial
requirement for PPS numbers had been well intentioned.
But he said they were already working with the Data
Protection Commissioner on the plan to erase the data.
That should be done within 7 to 8 weeks, Tierney said.
He added that it would be a big job of work
We already have submissions and responses from 870,000
households.
Courts
Elsewhere, the Irish Water boss said the company didnt
envision a situation where we would have to be taking
people to court.
A system of late payment fines was announced yesterday as
part of the coalitions new plan.
But Tierney said:
The aim of Irish Water is to work with people so were not
getting into penalties of any description.
We want to work with them so that there are no add-on
payments
The net charge is 1.15 for a one person home, per week,
Tierney said, echoing talking points used by the Taoiseach
and senior ministers since yesterday.
Its 3 for a 2 adult plus home.
That is very very affordable by any measure or by any
comparison to other countries around the world.
http://www.thejournal.ie/irish-water-pps-1791341-Nov2014/

Irish Water using protocol to

destroy your PPS numbers
The utility has consulted the Data Commissioner prior to starting the
job.
Dec 2nd 2014,
IRISH WATER SAYS it putting a protocol in place to destroy
PPS numbers it received in recent weeks.
Following the reforms announced by the utility at the end of
November, Irish Waters Managing Director John Tierney
promised to delete all PPS records by the end of January.
Data protection
Irish Water confirmed to TheJournal.ie it has consulted
with the Data Protection Commissioner and it is currently
putting in place the protocol for the removal of PPS
numbers from their systems.
Irish Water will consult with the Office of the Data
Protection Commissioner to establish the parameters for
independent verification by a third party of the systems put
in place to manage the removal of PPS Numbers, it stated.
Tierney had said that the deletion of these records was a big
job of work adding that at the time they had received
submissions and responses from over 870,00 households.
While the Government has stood by its recent reforms to
water charges, another mass protest is planned for 10
December.
http://www.thejournal.ie/irish-water-pps-number-1810691-Dec2014/

Irish Waters PPS demand

was pushed through after
two-minute debate at Dil
subcommittee
Opinion: Senator Feargal Quinn aims to reverse Irish
Waters new power
Fri, Oct 31, 2014, 12:01

Noel Whelan

The fact that the Government no longer has a majority in the Seanad raises
the possibility that Senator Feargal Quinns legislation will get some traction.
Photograph: Alan Betson, Irish Times
I know I am beginning to sound like a broken record on
the theme of how dysfunctional our parliament has
become but I feel compelled this week to take another spin
on the turntable.
https://www.irishtimes.com/news/politics/irish-water-s-pps-demand-was-
pushed-through-after-two-minute-debate-at-dil-subcommittee-
1.1982418?mode=sample&auth-failed=1&pw-
origin=https%3A%2F%2Fwww.irishtimes.com%2Fnews%2Fpolitics%2Firish-
water-s-pps-demand-was-pushed-through-after-two-minute-debate-at-
d%25C3%25A1il-subcommittee-1.1982418

Irish Water seeks PPS

numbers of householders
and children
Four-page forms asking for bank and personal details to
be sent out in September
Mon, Jul 14, 2014, 01:00
Kitty Holland

Brd Smith (second from right) at a water charges protest during the local
election campaign with fellow People Before Profit candidates Paul Shields,
Kim ODonnell and Andrew Keegan. Photograph: Aidan Crawley
Every householder will be asked to provide their bank
account details, their PPS numbers and the PPS numbers
of any children living with them to Irish Water.
https://www.irishtimes.com/news/social-affairs/irish-water-seeks-pps-
numbers-of-householders-and-children-1.1865234?mode=sample&auth-
failed=1&pw-
origin=https%3A%2F%2Fwww.irishtimes.com%2Fnews%2Fsocial-
affairs%2Firish-water-seeks-pps-numbers-of-householders-and-children-
1.1865234
Demand for PPS Numbers by Irish Water raised serious
questions over Data Protection
Oct 1, 2014
 Richard Boyd Barrett, TD, People Before Profit Alliance, raises with the Minister the demands
for PPS Numbers by Irish Water and the serious questions over the implications for Data
Protection in the Dail on Oct 1st 2014.

https://www.youtube.com/watch?v=BKWlbjhqv4M

Data Protection
Background
Irish Water was established under the Water Services (No. 1) Act 2013 for the
purposes of providing water services functions, which include the provision of
water and collection, treatment and disposal of wastewater from domestic and
non-domestic customers. The Water Services (No. 2) Act 2013 obliges Irish
Water to charge customers for the provision by it of water services. This Data
Protection Notice sets out Irish Waters procedures for the fair collection and
processing of personal data required for Irish Water to perform its statutory
functions.

Collection of Customer Personal Data

In order for Irish Water to provide the customer with water services, and to
enable Irish Water to establish and manage the relationship with that
customer, Irish Water needs to collect and use data relating to the customer.
Irish Water collects information when its customers contact us (such as by
phone, e-mail or letter), for example, to open or transfer an account, or to
make a complaint. Irish Water may collect information from local authorities,
who were responsible for water services in Ireland before 1 January 2014,
and who now provide water services on Irish Waters behalf.

This data is used to manage and administer the customer account and for
operational reasons, to include

determining who is the customer account holder for each address;

determining whether a customer is an owner or a tenant so that Irish Water

can revert the customer account to the owner if a tenant moves out;

utilising information on water and wastewater services to determine who is

a customer;

calculating the correct tariffs and caps, and billing the customer;

complying with Code of Practice requirements, for example, if a customer is

a vulnerable customer;
 responding to and managing operational issues, for example, issues with
drinking water quality, pipes or meters;

carrying out assessments, statistical analysis or research and development

processes, so that we can review, develop and improve appropriate tariffs,
services and conservation measures.

The provision of contact details (other than name and address) is optional,
and will be used for outbound communication to customers including outage
notification and general account management. Information may also be
processed to assess a customers ability to pay in the event of arrears on an
account, so that Irish Water can treat those having genuine difficulty in making
payment sympathetically.

In addition, data provided by the customer may be used for marketing

purposes, and this is explained further below.

Verifying Customer Information

Following the Government decision of 19 November 2014, PPS Numbers are

no longer required as part of customer applications; Irish Waters
arrangements are based on self-declaration and appropriate audit.

On occasion, for example where a customers water usage varies significantly

from that which is typical for their occupancy configuration, Irish Water may
ask customers to provide evidence in support of the occupancy declaration
they made in the application process. Proof may be sought, for example, to
ensure that children are still under 18 years old and so eligible for the
Childrens Water Allowance.

Customers may provide such evidence in a number of different forms. Any

evidence provided by customers in those circumstances will be retained only
for as long as it takes for Irish Water to verify the customers account details.

All PPS Numbers provided prior to 19 November 2014 have been removed
from Irish Waters systems.

Sensitive Personal Data Special Services and Priority Services

Customers may provide sensitive medical information to Irish Water if they

wish to register on Irish Waters Special Services Register and/or Priority
Services Register. Customers may provide information such as whether they
are elderly, deaf or hard of hearing, blind or visually impaired, mobility
impaired, suffering from mental illness, have an intellectual disability or have
an illness that requires a higher than normal water supply requirement. This
information will be used to provide bills and communications in alternative
formats, and to contact those customers at particular times, for example,
when there is a supply interruption, to adjust the customers bill appropriately
or to offer alternative water supplies. Sensitive personal data provided by a
customer may also be used to put in place special arrangements for a
customer, for example, during site works or in relation to a drinking water
incident. Irish Water has put in place procedures to minimise the amount of
sensitive personal data being recorded by it.

Data Processing

Irish Water may keep the customer's data for a reasonable period after the
customer ceases to be supplied with water services but will not keep it for any
longer than is necessary and/or as required by law, whether under the Data
Protection Acts 1988 and 2003 or otherwise.

Irish Water may share the customer's data with authorised agents or third
parties who act on behalf of Irish Water, including local authorities, in
connection with the activities referred to above, pursuant to a contractual
relationship. Irish Water continues to be the Data Controller for this data and
these authorised agents act as Data Processors on our behalf. Such agents
or third parties are only permitted to use the customer's data as instructed by
Irish Water. They are also required to keep the customer's data safe and
secure.

Irish Waters data centres are located in Ireland. On occasions, mainly to

resolve system issues, Irish Water may require technical support from outside
the European Economic Area (EEA). While this does not involve storing data
outside the EEA, it may involve technical support accessing Irish Waters
system remotely from outside the EEA, with a possibility that it may view
customer data while trying to resolve the issue. Technically, under data
protection law, this is deemed to be a transfer of data as the data can now
(temporarily) be viewed outside the EEA. In all cases, any such activity is
supported by a contract which includes data protection clauses which are
binding on the technical support agent. Irish Water has included reference to
this activity in its customer information for reasons of transparency.

Irish Water may also disclose customer data if it is under a duty to disclose or
share customer data in order to comply with any legal obligation, or in order to
protect the rights, property, or safety of Irish Water, its customers or others.
Irish Water will also disclose customer data if it is required to disclose it in
order to comply with any applicable law, a summons, a search warrant, a
court or regulatory order, or other valid legal process.

From time to time the customer may speak to employees of Irish Water (or
agents acting on its behalf) by telephone. To ensure that Irish Water provides
a quality service, the telephone conversations may be recorded. Irish Water
will treat the recorded information as confidential and will only use it for staff
training/quality control purposes, and for confirming details of the
conversations with Irish Water.
 If the customer requests that Irish Water communicates with him/her by email,
the customer is solely responsible for the security and integrity of the
customer's own email account. Unfortunately, the transmission of information
via the internet is not completely secure. Consequently, while Irish Water will
take all reasonable security measures, Irish Water cannot guarantee the
privacy or confidentiality of information relating to the customer being passed
via the Internet; any transmission is entirely at the customer's own risk.

For further information on data collected on our website, please see

our Privacy Statement.

Non Customers

From September 2014, Irish Water mailed all households in Ireland with an
application pack, using names and addresses based on information received
from multiple sources. As there is no one central list of all households in
Ireland that are connected to the public water main and/or public sewer, Irish
Water was unable to refine its mailing to Irish Water customers only.
Therefore, Irish Water asked all recipients of application packs to respond to
confirm whether they are or are not a customer of Irish Water. If someone
declares themselves not to be a customer, certain information is required in
order to confirm that this declaration is correct, and to verify that that person is
not in fact using water services provided by Irish Water. Such information will
be held until Irish Water has validated that that person is not a customer. The
information required in those circumstances is as follows:

Name

Supply Address

Whether that person is a Tenant or Owner

Type of water supply

Type of wastewater service

Any person who is declaring themselves as not being a customer will not have
to submit the following details to Irish Water:

Number of occupants in the household

Contact information

Vulnerable services requests

Direct Debit details

Access Requests
The customer, or other person whose data is held by Irish Water, has a right
to ask for a copy of that persons data, which is held by Irish Water (under
legislation Irish Water is entitled to charge a nominal administration fee for
this). If the customer or other person wishes to avail of this right, a request
must be submitted in writing to Irish Water, Data Protection Officer, PO Box
6000, Talbot St, Dublin 1 or via email to dataprotection@ervia.ie .

In order to protect privacy, the person making the request may be asked to
provide suitable proof of identification. If any of the details are incorrect that
person is entitled to notify Irish Water to amend such details. If data held by
Irish Water relating to a person is incorrect that person is entitled to notify Irish
Water to amend such details. You can download an Access Request
form here.

Marketing

Irish Water and/or authorised agents acting on behalf of Irish Water may wish
to contact the customer by text message, email, post, landline or in person
about water related products or services which may be of interest to the
customer ("Marketing Purpose"). For the avoidance of doubt, Irish Water will
not sell or provide personal data to third parties for marketing use. Irish Water
will not use personal data to market non-water or wastewater related products
or services.

If the customer does not wish to be contacted for Marketing Purposes as set
out above, the customer may exercise a right of opt-out by either writing to
Irish Water at FREEPOST, Irish Water, Data Protection Officer, PO Box 6000,
Talbot St, Dublin 1 or via email to dataprotection@ervia.ie or by calling Irish
Water on LoCall 1850 448 448. The customer may opt out at the time when
Irish Water collects their data or at any time thereafter.

Queries

Where a customer (or non-customer) has any queries in respect of personal

data he/she should contact Irish Water on LoCall 1850 448 448.
https://www.water.ie/data-protection-notice/

TDs raise concerns over PPS numbers

Saturday, October 18, 2014
By Shaun Connolly and Eoin English

Concern that Irish Water could pressure landlords to hand over former tenants PPS numbers
has led TDs to demand an intervention by the Data Protection Commissioner.

Independent TD and anti-water charges campaigner Catherine Murphy said such a move would
smack of Big Brother attitudes to personal information by the utility.
Former minister Roisin Shortall also condemned any such move to trace tenants who may have
moved on from properties.

advertisement
The Data Protection Commission said it had not yet discussed with Irish Water the matter of the
utility using PPS numbers to try and trace ex-tenants, but a spokeswoman said: Im sure it will
come up in due course.

The demand by Irish Water for its 2.2m customers, including children, to hand over PPS numbers
has been one of the most controversial elements of its start-up.

Confusion was sparked by the water company over the liability landlords would carry for tenants
who did not pay.

But landlords have insisted it is not their role to help track down ex-tenants.

In this instance, landlords would not be registering the tenants. So in this instance, it will be up to
the tenants, Fintan McNamara of the Residential Landlords Association told RT.

The backlash against council threats to evict tenants who fail to pay water charges has led to a
Cabinet minister branding the strong-arm tactics inappropriate.

Foreign Minister Charlie Flanagan said: I would hope county councils would observe a
sympathetic view. My hope is that most people will pay their fair share of water charges.

We are the only country in Europe that does not have a charge for water, so I would call on
county councils to be sensitive to the needs of people and talking about evictions at this stage is
not only unhelpful but inappropriate.

Agriculture Minster Simon Coveney urged Irish Water to improve its communications effort.

There are serious teething problems with Irish Water at the moment and they need to be
addressed as a serious priority. There needs to be a more effective communications structure, he
said.

Sinn Fin has hit out at what it calls the bullyboy tactics by councils who have sent
threatening letters to Rental Accommodation Scheme tenants that say they could face eviction if
they do not pay their water charges. One of the partys Wicklow councillors, John Brady, said: I
think it is an intimidating letter, bullyboy tactics being employed here. It follows on from other
bullyboy tactics that have been engaged.

The row came as the High Court gave a water meter installation company permission to serve
legal proceedings on a number of people allegedly interfering with workers putting in the meters.

Uproar has finally started over people realising that they have a right to keep
their personal data private. IrishWater have been facilitated by their friends in the
media to explain their position, but sadly their explanations fall short. Equally as
unfortunate is the fact that pretty much every media outlet is not challenging
IrishWater, whether this is due to the fact that IrishWater are currently spending
a very large advertising budget or due to a corrupt media class is something you
can judge for yourself.

For those of you that are not aware of what exactly your PPS number is and why
its important in relation to the current situation, here is a quick explanation. A
PPS number is a unique identifier for a person, sometimes used so government
services can verify who you are to make sure you are not using government
services or allowances twice. Its essentially an ID number. In the world of
software and databases, this is called a Key. This key unlocks the door and
allows the viewing of sensitive data such as Name, address and date of birth. As
explained in a previous post, this information is invaluable to marketing
companies and other private organisations.

IrishWater say they want your PPS number to verify that the data you supplied to
IrishWater is correct. Once verified, IrishWater will no longer store your PPS
number or sell it to anybody (note they have finished denying that the company
and its database will be sold). Thats all well and good, but the problem is that
once IrishWater have verified your data to be correct, its in their database with
their own unique ID or Key. So, for all intents and purposes, IrishWater have
effectively made a copy of your Key, and a very large chunk of a government
database. IrishWater have been saying that other utilities such as telephone
companies have PPS numbers, however this is stretching the truth. Fixed line
telecom companies get PPS numbers for senior citizens claiming an allowance.
Small databases are not worth much, the value in the IrishWater data is the
entirety of its database,it will cover almost every address and every citizen in the
country. Especially valuable in the future is the data belonging to the children of
today.

A public database is being moved into private hands by stealth. There is no doubt
at all that the entire process is fundamentally flawed. The question must now be
is whether this is due incompetence or the actual plan all along was to build a
valuable database as a saleable asset. Considering that a number of the senior
managers in IrishWater came from the Poolbeg incinerator project, questions
need to be asked. Was the 100 million spent on that project without any
explanations due to incompetence or was that trick planned all along also?

An IrishWater PR person was on the radio telling us that there have been
communication issues in relation to the whole PPS issue. What sort of an
explanation is that? IrishWater are spending a whopping 180 million (of our
money) on establishing itself and still cannot explain what is going on. Imagine
going into an expensive restaurant and paying up front for the most expensive
meal, the chef then arrives over with your meal and says I dont really know
whats wrong with the food, but you should eat it anyway. This all smells like
another Poolbeg (the sewage plant this time).

Whats even more curious is the silence from other arms of the state in relation to
this. Silence from the line Minister in charge. The Data Protection Commissioner
has gone to ground. IrishWater and their friends in the media have been busying
spouting the line that the commissioner approves of the gathering PPS of
numbers, however last Friday a notice appeared on the IrishWater website
stating that Please see below our updated Data Protection Notice that we
are currently reviewing with the office of the Data Protection
Commissioner. So, IrishWater are busy scaring people into handing over very
important data without any permission. Why the rush? Remember, once you
hand it over, your privacy is gone.

The privatisation of such a large database is very bad for the privacy and lives of
citizens. We already know that privatisation of public assets is good for a select
few connected insiders and bad for the public. A lot of you reading this will be too
young to remember what happened with Eircom, Eircom used to be called
Telecom Eireann, a state run telecoms service. It was incredibly inefficient, so the
decision was made to privatise it. Since it was privatised, its been asset stripped
and sold a number of times. We now have a poor broadband infrastructure due to
under investment in this now crucial asset. The story about how citizens were
conned into parting with their money to invest in shares is one for another day,
but a quick Google will tell all. A quick Google about the sale of the ESAT
telecoms license will also tell you a lot. Is it a coincidence that FG and Denis
OBrien are now all over IrishWater?

Strange how public assets are privatised and private losses are socialised? The
banks went bust and all sorts of laws were passed over night to ensure that the
taxpayers would take a loan to bailout the banks. This was sold to as a bailout for
Ireland, it was not a bailout for Ireland, it was a bailout for bankers. It was a loan
to the taxpayers. To repay this loan, we now must sell our most important assets,
our data and our water. We dont know how valuable a resource our data and
water will be in 20 years. We do know our population is growing, so water will be
an increasingly scare resource. At least when its in public ownership we have
control. Will our children and grandchildren forgive us for giving away such a
precious resource? Why should we be selling our assets to pay off debts that are
not ours?

Our medias lack of interest in questioning IrishWater is expected. We know RTE

is a propaganda arm of the government, we know who owns most of the rest of
our national media. So, its up to us to bail ourselves out. We have social media
and its time to spread the message that its OUR data and OUR water. If we
refuse to hand over our PPS numbers, then it makes the sale of IrishWater a lot
more difficult.

Spread the word,get on Twitter,Facebook and other sharing services and tell your
friends why you are keeping your data private.

They have robbed enough from us already.

We are not letting it happen again.

Why IrishWater really wants your PPS number and

other private data.

Your name, address and date of birth are valuable pieces of

information. From these bits of data, clever software can work out
your approximate social class and target you with direct marketing.
The problem with these bits of data is that they are not verified.
Nobody actually knows that its 100% real. Nobody knows if Michael
Murphy at 100 Main Street is a real and active consumer available
to be targeted. Adding a PPS number to this data is a dream for
marketers and others that want to track and monitor people. Your
PPS number stays with you for life, so by giving this data to a third
party they will be able to track every address you lived at and
deduce all kinds of information from that (such as who you live
with, where your relations are and all sorts of other pieces of what
we call metadata). Essentially, data and in particular personal
data is valuable and becoming increasingly invaluable.
Its not just marketing companies that will love this data, this data
combined with records from medical insurance companies will be
worth a small fortune. All sorts of big businesses want this data and
as technology evolves and improves this data becomes more
valuable. In the future, this data will be used in ways that we dont
know about yet. Simply put, we dont know the value of all this data
in 5 years time, thats why its essential its kept to ourselves. Does
any other utility or service ask the names and dates of birth for all
children in a house? No. Its your private dwelling, which is
protected under the constitution and you have the right to refuse to
divulge this information.

IrishWater are building a comprehensive database of personal

information that will be sold to whoever buys IrishWater. How do
we know this? Up until 19th September it was stated on their
website

if Irish Water or substantially all of its assets are acquired

by a third party, in which case Customer data held by it
about its Customer will be one of the transferred assets.

Curiously, this piece of text was removed, with the following

explanation

Please see below our updated Data Protection Notice that

we are currently reviewing with the office of the Data
Protection Commissioner. Amendments have been made
primarily to clarify to the customer the purposes for which
personal data (including PPS numbers) is collected.

This means the plan IS to sell IrishWater and its databases, just as
Bord Gais was sold and all the senior people getting nice hefty
bonuses that would make a lotto winner blush.

Even more worrying is this statement from their website

Data that we collect from you may be transferred to a

destination outside the European Economic Area ("EEA").

This means that your data can be exported to somewhere that Irish
or European law does not apply. So, by giving any data to
IrishWater, it can be whisked away to another organisation at the
touch of a button. Both frightening and dangerous. Why have we
not heard from any data protection experts through our media?
Well, Denis OBrien owns significant amounts of our media, and RTE
seem to have a policy of being nice to IrishWater. Its up to us on
social media to spread the truth and inform people, because RTE is
now essentially a mouthpiece for the government, you wont hear
the truth there.

Imagine if tomorrow the government said that they might sell the
entire database of PPS numbers and associated data? There would
be uproar. Whats happening with IrishWater is exactly the same
thing. Yes, IrishWater and the government are going to tell us to
trust them, it wont be sold and the usual fake promises. An
IrishWater spokesperson said this week IrishWater cant be sold
because its in the legislation that it cant be. Well, this is Ireland.
When the right people want legislation to be changed it happens at
the drop of a hat. Remember when the bankers came looking for
money? Emergency legislation was passed and hey presto, 80
billion was made disappear over night. Sorry, it did not disappear,
we are paying it off now and IrishWater is yet another new tax to
pay for the bankers. The tax that we used to use to pay for water
has been diverted to pay for bank debt.

Take a look at the personnel involved with IrishWater, the head

man, John Tierney (a man whose record of incompetence would
make Basil Faulty blush) was responsible for the failed Dublin
incinerator project. 100 million was made disappear under the
guise of consultancy fees. No records of how it was spent, its just
gone. Not a foundation dug or brick laid, just a big black hole where
all our cash went. How this man was given the job to head
IrishWater is beyond belief.

Who is installing the water meters? A good friend of FG, Mr Denis

OBrien. How OBrien got this gig is questionable at best. A year
before the IrishWater tender he bought a company called SiteServ.
SiteServ was bust and owed 100 million to Anglo. Other
companies offered more money, but for some reason OBrien got his
hands on it. Then hey presto, SiteServs debt was written off, this
means that the debt was moved to the taxpayer. Then another hey
presto, SiteServ gets the contract to install water meters. Its not
known how much SiteServ is being paid for this, even though its
our money being used to do it.

The government and IrishWater tell us that water is a precious

resource. Despite what the government and IrishWater want you to
believe, we are not stupid and we know that water is precious. How
many houses, bars or restaurants do you go into and see all the
taps turned on wasting water? Almost none. The vast majority of
people dont waste water. Instead of spending 50 million on
consultants, surely a public information campaign on how to
conserve water would have been more appropriate? Maybe a
subsidy to all households to have outside water containers to trap
rainwater to be used for purposes where non treated water is
required? No, instead they start with the usual bullying tactics
demanding money and data. IrishWater is nothing to do with
conserving water, its about lining the pockets of rich politicians,
civil servants and their friends.

IrishWater spent millions on state of the art IT systems, we were

told that this was needed to make it a world class company (in
reality its so it can be sold off quicker). Yet, somehow in the first
month of sending out its information packs it accidentally send out
over 6000 letters with compromised personal data. Personal data
from one person send to another, a data breach.

Can you honestly trust this collection of people with another of our
most precious resources, personal data?

Why the SiteServ-IBRC inquiry is a farce

Monday, June 8, 2015

The crazy comedy continues, once again with most media are not questioning
things (maybe because a lot of people in the media have had large debt write
downs). The latest news that the SiteServ inquiry will not report until the end
of the year is bizarre in the extreme. Not one person in the media is
questioning exactly what will this inquiry have to do, so we will put it simply
here. The first step is to get one of the banks computer people and ask them
to write a very quick program, this aim of this program is to return all the
details of loans accounts that were closed with more than 1m owing. This is
a simple task for a computer expert (ask one). Think about it, if you have a
bank account, your bank sends you regular statements, these statements are
an historical record of transactions. This is what computers were designed for,
because they are good at storing and retrieving data very quickly. Its simple
for a database expert to publish a report, telling us the number of people that
had 1m plus written off, very simple. Anybody that says any different is lying.

The banks computer systems also have whats known as Customer

Relationship Management (CRM) systems. These systems store all the
interactions with the customers, such as communications sent and received.
So, again, its simple to get this data. To make this clear, in less than a day all
the financial data and all of the correspondence can be made available to
those investigating.

There is not one valid reason why the financial data cannot be released
online, so people on Social Media can parse it, and we will. There is no need
to publish the names, just publish a unique number per IBRC client, we will
find the questionable transactions in a week.

Is there one valid reason why the top 20% of write offs cannot be fully
investigated and reported on with a month? The only reason is that if the
inquiry is not resourced properly. Which, knowing FG+Labour, it wont be. The
idea of this inquiry is to make sure there is no report until after they attempt to
buy the next election using our money in the budget.

A proper inquiry would be finished before the Dail returns from its summer
holidays. Resource it properly, like a private sector company does when it has
a deadline. Work 24/7 if needs be, just get the job done.

This inquiry is a farce, designed by the corrupt to protect the corrupt.

Time To Remove The Dissident Sinister Fringe

Once again our government are calling IrishWater protesters dissidents with a
sinister agenda. This morning the attack reached new levels when Minister
Alan Kelly said that the governments new proposals would be acceptable to
reasonable people. At the same time, Enda Kenny was spinning that
protesters are dissidents with an agenda. The subliminal message from this
spin is that if you oppose the latest proposals you are an unreasonable
dissident subversive Republican from the Real IRA, the message from this is
that the Gardai will beat the crap out of protesters (as a minority of Gardai
have been doing.). Basically, telling us to accept the latest proposals or they
will get heavy. Do not be fooled by these idle threats from rich elitist bullies.Its
our water, we already pay for it and this is all a scam to privatise it.

Lets take a look at Minister Alan Kelly and what he stands for. He is a
member of the Labour Party, a party founded by Connolly and Larkin which
led the Dublin Lockout. The Lockout was a precursor to the 1916 rising.
Unfortunately, the Labour Party franchise was taken over by a group
descended from the Official IRA, known as The Stickies. Their goal was to
subvert the State and constitution and implement their own myopic state. The
Stickies infiltrated RTE in a big way, thus partly explaining the ridiculous
biased reporting from the so called State Broadcaster. If you have time, its
worth reading this http://www.history.ac.uk/reviews/review/915, be in no doubt
at all, the current Labour Party are a dissident sinister fringe.

The usual government spin cheerleaders in Independent Newspapers and

RTE have been busy lecturing us about democracy and how it works. They
have been trying to make us believe that protesting is not democratic. Before
the last election, Labour stated The Labour Party abolished water charges
when Brendan Howlin was Environment Minister in the Rainbow Govt,
1996. We would oppose any attempt to reverse that move. To go against
this and implement Water Charges is a subversion of democracy. Labour are
subversives and will be removed from office. When somebody lies to get a job
and those lies are uncovered, they are fired. We are firing the Labour Party.

Since taking power, this government created the Economic Management

Council. This consists of four people and numerous unelected officials, and
takes all the decisions regarding our spending. This body is not in the
constitution and outside democratic control. This is a subversion of
democracy. Its members are Enda Kenny, Joan Burton, Michael Noonan and
Brendan Howlin. These people are all subversive dissidents undermining our
democracy.

We will not be deterred by the sinister elements ruining Irish society. We will
engage in peaceful protest until they are removed. Join the peaceful protests
outside the Dail this week and on the 10th of December when people power
will see the removal of the dictatorship that has wrecked our country.

Demand for PPS number

risks putting information
on tap

1
Dearbhail McDonald
October 29 2014
As well as citizens' PPSN numbers, Irish Water will have access to
their bank accounts, addresses and the number of people per
household.

FOUR years ago, the CEO of Bord Gais was hauled before an Oireachtas
committee after four laptops were stolen from Bord Gais's offices in central
Dublin.

Three of the laptops were unencrypted and one contained the data of almost
100,000 customers, including their account numbers, credit card numbers
and home addresses.

In the midst of a public outcry and not entirely unfounded fears that criminals
had secured control of sensitive data, John Mullins, CEO of Bord Gais,
reassured TDs and Senators that the people who stole the laptops were
"opportunistic" and probably not after the data. Mr Mullins told the
Oireachtas committee that the likelihood was that the laptops had their
memories wiped before being sold.

http://www.independent.ie/opinion/comment/demand-for-pps-number-risks-
putting-information-on-tap-30701460.html

Why Irish Water really wants your PPS number and

other private data. Sunday, September 21, 2014
Your name, address and date of birth are valuable pieces of
information. From these bits of data, clever software can work out
your approximate social class and target you with direct marketing.
The problem with these bits of data is that they are not verified.
Nobody actually knows that its 100% real. Nobody knows if Michael
Murphy at 100 Main Street is a real and active consumer available
to be targeted. Adding a PPS number to this data is a dream for
marketers and others that want to track and monitor people. Your
PPS number stays with you for life, so by giving this data to a third
party they will be able to track every address you lived at and
deduce all kinds of information from that (such as who you live
with, where your relations are and all sorts of other pieces of what
we call metadata). Essentially, data and in particular personal
data is valuable and becoming increasingly invaluable.

Its not just marketing companies that will love this data, this data
combined with records from medical insurance companies will be
worth a small fortune. All sorts of big businesses want this data and
as technology evolves and improves this data becomes more
valuable. In the future, this data will be used in ways that we dont
know about yet. Simply put, we dont know the value of all this data
in 5 years time, thats why its essential its kept to ourselves. Does
any other utility or service ask the names and dates of birth for all
children in a house? No. Its your private dwelling, which is
protected under the constitution and you have the right to refuse to
divulge this information.

IrishWater are building a comprehensive database of personal

information that will be sold to whoever buys IrishWater. How do
we know this? Up until 19th September it was stated on their
website

if Irish Water or substantially all of its assets are acquired

by a third party, in which case Customer data held by it
about its Customer will be one of the transferred assets.

Curiously, this piece of text was removed, with the following

explanation

Please see below our updated Data Protection Notice that

we are currently reviewing with the office of the Data
Protection Commissioner. Amendments have been made
primarily to clarify to the customer the purposes for which
personal data (including PPS numbers) is collected.

This means the plan IS to sell IrishWater and its databases, just as
Bord Gais was sold and all the senior people getting nice hefty
bonuses that would make a lotto winner blush.

Even more worrying is this statement from their website

Data that we collect from you may be transferred to a

destination outside the European Economic Area ("EEA").

This means that your data can be exported to somewhere that Irish
or European law does not apply. So, by giving any data to
IrishWater, it can be whisked away to another organisation at the
touch of a button. Both frightening and dangerous. Why have we
not heard from any data protection experts through our media?
Well, Denis OBrien owns significant amounts of our media, and RTE
seem to have a policy of being nice to IrishWater. Its up to us on
social media to spread the truth and inform people, because RTE is
now essentially a mouthpiece for the government, you wont hear
the truth there.

Imagine if tomorrow the government said that they might sell the
entire database of PPS numbers and associated data? There would
be uproar. Whats happening with IrishWater is exactly the same
thing. Yes, IrishWater and the government are going to tell us to
trust them, it wont be sold and the usual fake promises. An
IrishWater spokesperson said this week IrishWater cant be sold
because its in the legislation that it cant be. Well, this is Ireland.
When the right people want legislation to be changed it happens at
the drop of a hat. Remember when the bankers came looking for
money? Emergency legislation was passed and hey presto, 80
billion was made disappear over night. Sorry, it did not disappear,
we are paying it off now and IrishWater is yet another new tax to
pay for the bankers. The tax that we used to use to pay for water
has been diverted to pay for bank debt.

Take a look at the personnel involved with IrishWater, the head

man, John Tierney (a man whose record of incompetence would
make Basil Faulty blush) was responsible for the failed Dublin
incinerator project. 100 million was made disappear under the
guise of consultancy fees. No records of how it was spent, its just
gone. Not a foundation dug or brick laid, just a big black hole where
all our cash went. How this man was given the job to head
IrishWater is beyond belief.

Who is installing the water meters? A good friend of FG, Mr Denis

OBrien. How OBrien got this gig is questionable at best. A year
before the IrishWater tender he bought a company called SiteServ.
SiteServ was bust and owed 100 million to Anglo. Other
companies offered more money, but for some reason OBrien got his
hands on it. Then hey presto, SiteServs debt was written off, this
means that the debt was moved to the taxpayer. Then another hey
presto, SiteServ gets the contract to install water meters. Its not
known how much SiteServ is being paid for this, even though its
our money being used to do it.

The government and IrishWater tell us that water is a precious

resource. Despite what the government and IrishWater want you to
believe, we are not stupid and we know that water is precious. How
many houses, bars or restaurants do you go into and see all the
taps turned on wasting water? Almost none. The vast majority of
people dont waste water. Instead of spending 50 million on
consultants, surely a public information campaign on how to
conserve water would have been more appropriate? Maybe a
subsidy to all households to have outside water containers to trap
rainwater to be used for purposes where non treated water is
required? No, instead they start with the usual bullying tactics
demanding money and data. IrishWater is nothing to do with
conserving water, its about lining the pockets of rich politicians,
civil servants and their friends.

IrishWater spent millions on state of the art IT systems, we were

told that this was needed to make it a world class company (in
reality its so it can be sold off quicker). Yet, somehow in the first
month of sending out its information packs it accidentally send out
over 6000 letters with compromised personal data. Personal data
from one person send to another, a data breach.

Can you honestly trust this collection of people with another of our
most precious resources, personal data?
Gene Kerrigan in yesterdays Sindo:
What is the legislation that prohibits privatisation? It's the Water Services Act of 2013, part 1,
which deals with company formation.

Section 5 (4) of the Act says that the Board will have one share in the company, and all
remaining shares will be halved between the Minister for the Environment and the Minister for
Finance.

Section 5 (6) says: "The Board shall not . . . alienate the share issued to it in accordance with
subsection (4)".

Archaic language, but clear enough. Under this legislation, the Board is indeed prohibited
from selling its one share. But, see those three dots?

Where those three dots are, the legislation says: "without the consent of the Minister and the
Minister for Finance".

So, the legislation prohibits the Board from selling the company - unless the government
wants it sold. The law, therefore, specifically allows for privatisation.

At which point, no doubt, our personal data will indeed become a saleable asset.
http://www.independent.ie/opinion/columnists/gene-kerrigan/never-mind-the-small-print-trust-
us-30620675.html#sthash.luTt5Yht.dpuf

Irish Water has created this

privacy statement in order to
demonstrate our firm
 commitment to privacy. The
following discloses our
information gathering and
dissemination practices for
this website.
General information
This website logs IP addresses, browser types and length of user sessions for
administration purposes. We use your IP address to help diagnose problems
with our server, to administer our website and to help improve the quality of
service available on this website.
Your IP address is used to gather broad demographic information. We do not
link IP addresses to anything personally identifiable. This means that a user's
session will be tracked, but the user will be anonymous.

Information relating to you

If you fill out a form on this website requesting information from or providing
feedback to Irish Water, we ask that you provide, amongst other things, your
name, an email address, your postal address and your gender and
occupation. The type of information Irish Water collects is clearly set out on
the applicable online form on this website. We require these details to better
understand the needs of visitors to this website in order to provide any
requested information promptly so that we can provide you with information
regarding the products and services that Irish Water may provide from time to
time.
The following applies to any information you provide to Irish Water:

You authorise Irish Water to use, store, process and disclose such information
to the extent necessary to fulfil the required task;

You will ensure that the information you provide is accurate and complete. Irish
Water may disclose the information you provide under strict obligations of
confidentiality to our agents for the purposes of assisting you now and into the
future.
 Links
This website may provide links to other websites. Privacy policies on these
websites may differ from that on this website, and we advise that you review
the other website's policies before providing personal information.

While every care has been taken to ensure the high quality and standard of
websites to which we link, Irish Water takes no responsibility for the content of
those websites and is not responsible for their data protection policies. You
can view the Irish Water Data Protection notice here.

Security
Irish Water has taken all commercially reasonable steps to ensure the security
of your communications with this website. Information held by this website is
stored on password-protected machines, behind a firewall and not accessible
to the general public via the Internet.
However, the confidentiality or privacy of data passing over the Internet or by
email cannot be guaranteed.
https://www.water.ie/privacy-policy/

The story of Irish Water is

muddy and murky
Forget everything you've been told about
how the water charges will operate. So far
it's all bullshit, writes Willie Kealy

Many years ago, an old New York madam famously said: "You got it, you sell
it, you still got it. What a business!"

Since then, nobody has managed to emulate that perfect business model. But
lately, one Irish company - Irish Water - is having a damn good try.
Irish Water began life with all the natural advantages that being a creature of
the State confers. Because in dealing with the cash of private citizens the State
can do pretty much as it pleases, most of the time while lying to your face.

We had Enda assuring us about the 248-a-year water charge. But the
European and local elections were on then and now even Brendan Howlin
says Enda was talking through his hat. Then there was the stuff about waiting
for meters to be installed before billing us and how there would still be a
reasonable amount of free water, and if you were not wasteful you could
actually save money.

We were also told that establishing Irish Water would be the most efficient
and cost-effective way of doing the job. Well, it was all bullshit. All of it, not
just some of it or even most of it.

At the recent MacGill Summer School (where else), Joan Burton told us that
she did not believe in a "gold-plated" Irish Water, and she warned that if you
set up a full-cost, high-cost model, that may lead to "difficulties down the
road".

Well, sorry Joan, but that one is already well down the road. Don't you know
that in the establishment of Irish Water, the Government has accepted a staff
structure that entails foregoing 2.2bn in potential wage bill savings, because
every existing Bord Gais and local authority contract affected has been
incorporated into Irish Water?

Have you not heard about the 29 staff on salaries of over 100,000 in line for
bonuses of 15,000? Or the 7,000 bonus that will go to each of another 299
staff?

Irish Water will start charging us from October - that's in just a couple of
months' time - and ten days ago we had a bundle of figures thrown at us by the
Regulator which led everyone to believe that we had a new "average figure" -
this time it was 278. You might have thought, that doesn't sound too bad, or,
maybe Enda wasn't so far out after all. Well, forget it. It's all nonsense, just
like it has been from the beginning. Like the argument over an allowance for
children.

Enda Kenny told us there would be an allowance of 38,000 litres a year for
each dependant child - about 104 litres a day. Keep in mind that one shower
uses 49 litres and a power shower uses 175 litres - and two-thirds of people
use a power shower. Hardly generous, given that the young people in your
house might also need to flush the toilet occasionally, as well as washing their
hands and teeth, maybe cooking some food and washing up afterwards, or just
mopping the floor.

But Irish Water asked for it to be reduced to 21,000 litres a year or about 57
litres a day, based on research that wasn't definitively representative in terms
of scale or duration, according to the ESRI.
Nevertheless, the Regulator agreed to limit the amount of "free" water for
children. Not that anything is really free. Just like the normal standard
upfront change you won't have to pay, it will be added on to the bill
somewhere else.

That "average figure" you have heard about takes account of holiday homes
which use hardly any water, empty houses which use none, single occupancy
homes which use only a little, and those with septic tanks who will only pay
half. Then there are those who will be legitimately favoured because of illness
or poverty.

Add up all those exceptions and then try to figure out your place in the
panoply. The "average figure" will be nothing more than a mathematical
notion and a lot of you will pay a lot more. How much more, you just do not
know, but if you doubled Enda's original "average figure" of 248, you
probably wouldn't be far out.

The only thing we do know is that Irish Water has a bottom line. It wants to
make 500m a year out of charges (the figure doubles when you add in the
government subvention, which also originally comes from you). But Professor
John FitzGerald of the ESRI tells us Irish Water is only on target to raise 350
million from the water tax, so everything we have been told goes out the
window. Everything will change because the bottom line cannot.

Now you are to be asked your opinion, in a public consultation process, on the
direction Irish Water should take over the next 25 years. Good luck with that.
But if you were thinking of some kind of civil disobedience in the here and
now, think again.

You will be getting a letter from Irish Water shortly making various demands,
the first draft indicates, like wanting to know your PPS number and the PPS
numbers of everyone in the house, including the children. And you will also be
asked to fill in a direct debit form so that the money can be deducted at
source. Fill it up and get it back to Irish Water before the end of October, you
will be told. Or else. Or else what?

Yes, under Social Welfare legislation Irish Water is authorised to use PPS
numbers, but why would they do that? I can understand if you are claiming for
a child, there should be some proof that the child exists, but if you're not,
you'd be inclined to tell them to go to hell. And as for the direct debit, it may
suit some, but others may prefer to get a bill and pay it, like they do for
electricity, or the landline phone. Besides, not everyone has a bank account.

Irish Water has added one more weapon to its arsenal to beat you into total
surrender. Responsibility for the bill-collecting aspect of the business -
practically all of it right now - has been transferred to the Department of
Finance. So, if all else fails, the draconian powers of the Revenue
Commissioners can be used to bring you to heel.

In the real world, when you start up a business, you have targets and
projections, but you have to work to reach them. In Irish Water they start at
the bottom line and work backwards - all the way into your pocket.
http://www.independent.ie/irish-news/politics/the-story-of-irish-water-is-
muddy-and-murky-30495826.html

Varadkar 'very confident'

of no border passport
controls post Brexit

Taoiseach Leo Varadkar.

Taoiseach Leo Varadkar has said he remains very confident there will be no
need for passport controls on the Irish border post Brexit.

Mr Varadkar was responding to concerns raised by former Irish president

Mary McAleese, who questioned how the EU and UK could differentiate
between Irish citizens, who are set to be allowed to travel freely across the
border, and other European nationals.

Mrs McAleese said she did not know how some form of ID checking could be
avoided.

If the almost-century-old Common Travel Area agreement remains in place

post Brexit, UK and Irish citizens will continue to be able to work and travel
freely across the two jurisdictions.

The former Irish president queried how the UK authorities would be able to
establish whether a person crossing the border was a beneficiary of the CTA or
not.

"My view is that sooner or later pressure will come on to make it an ID card
phenomenon," she said.

The Taoiseach, who like Mrs McAleese was interviewed on the border issue by
RTE, said he was sure passport controls would not be needed.

He highlighted that the UK government would seek to control immigration

not by physical checks on borders, but by imposing limits on rights to work
and claim benefits.

"In life and politics nothing is 100% certain, but I am very confident that there
won't be passport controls between Northern Ireland and Ireland," he said.

"We want to stay in the Common Travel Area, which allows people to travel
freely between north and south and Britain and Ireland.

"The British government wants that too and so do our European partners.
"So while there will be a big debate and difficult negotiations around issues
such as trade, around issues such as the financial settlement, the fact that
Dublin, Belfast, London and Brussels want to continue passport-free travel
between Northern Ireland and Ireland gives me absolute assurance that that
won't be the case.

"I understand former president McAleese's concerns but it is one area that I
am very sure about and that's that there won't be a requirement to produce a
passport to travel to Northern Ireland."

He added: "The reason why I can be confident that there won't be passport
controls between Northern Ireland and Ireland is the fact that nobody is
looking for them."

In a position paper published earlier this month setting out its stance on the
Irish border in Brexit talks, the UK government argued against any new
technological or physical monitoring.

Confounding speculation it would advocate CCTV cameras or number plate

recognition systems, the Whitehall document effectively recommended no
change to the current arrangements.
The UK's vision of frictionless borders has been met with scepticism in the
EU.

The European Parliament's chief negotiator Guy Verhofstadt has claimed

invisible borders are a "fantasy".

http://www.independent.ie/irish-news/politics/varadkar-very-confident-of-no-
border-passport-controls-post-brexit-36073729.html

Creed refuses to rule out

need for ID cards for
farmers
All farmers will be forced to apply for EU
funds online from next year

1
Minister Michael Creed.
Cormac McQuinn
August 29 2017
Agriculture Minister Michael Creed has refused to rule out the prospect that
controversial Public Services Cards (PSCs) will be required for more than a
hundred thousand farmers to apply for EU payments.

It comes as the Irish Independent has learned that the Department of

Agriculture has committed to allowing access to apply for the Common
Agriculture Policy (CAP) payments through the Government's MyGovID
website by September 2018.

Users of this website are already required to have the card to set up a verified
account which allows them secure access to online public services.

Last night, Mr Creed's officials didn't rule out the prospect that holding a PSC
will be a requirement for farmers to access EU payments in the future.

Instead a statement said "no decision" had been taken to change the existing
application process.

The Government set out its plans to roll out the use of PSCs and the MyGovID
website in its eGovernment Strategy published in June.

The document stated: "The widespread adoption of the PSC infrastructure,

including its online counterpart MyGovID, to underpin access to public
services is critical to the successful delivery of the eGovernment Strategy."

The strategy lists September 2018 as the date that the Department of
Agriculture has committed to allowing access to the services provided by its
existing Agfood.ie website via MyGovID.

This year more than 114,000 farmers made applications for EU funds under
the Basic Payment Scheme (BPS) through the Agfood.ie website.

The numbers applying online is set to increase as all BPS applications are to
be made online by 2018.

The Irish Independent asked the department if farmers will ultimately be

required to hold a PSC to make applications under the BPS.

The department's statement said: "Access to the Basic Payment Scheme (BPS)
online services is through the department's Agfood.ie web portal where there
is detailed information on how to apply for these and other services.

"No decision has been taken to change this process," it added. The statement
also outlined how EU regulations require all member states to move to a
system of 100pc online applications for BPS by 2018.

"As was the case in 2017, a range of supports will be provided to farmers by
the Department in relation to online application," the department added.

Controversy has arisen over the introduction of PSCs after it emerged that a
woman in her 70s who refused to register for the card had her pension cut off.
There was confusion when Social Protection Minister Regina Doherty last
week said the card is "not compulsory" but it is "mandatory" to access all of
the services - such as pension payments - provided by her department.

The Irish Council of Civil Liberties has expressed concern that the
introduction of the PSC is effectively bringing in a national ID card. Fianna
Fil TD Willie O'Dea accused the Government of trying to introduce a
mandatory card "through the back door".

The Department of Public Expenditure last night responded to such

criticisms.

It insisted that the PSC doesn't have any of the key characteristics of a
national identity card and individuals aren't compelled to carry it or produce
to a garda on demand.

It says there are "no plans" to expand it beyond public service transactions
and any proposals to do so would require public consultation and
consideration in the Oireachtas.

Q&A: What is a Public Services Card?

The Public Services Card (PSC) has been introduced to help people access a
range of services such as benefits payments from the Department of Social
Protection and, in the future, for passport and driving licence applications.
Why is it controversial?

The Irish Council of Civil Liberties has expressed concern that its introduction
will essentially bring in a national ID card "by stealth".

The card came in for criticism last week after it emerged the pension of a
woman in her 70s was cut off because she refused to register for the card.
What does the Government say?

There was confusion when Social Protection Minister Regina Doherty said the
card was "not compulsory", but it was mandatory for accessing services - such
as pensions - provided by her department.

The Department of Public Expenditure oversees the eGovernment Strategy

that includes the rollout of the cards.

It insists the PSC doesn't have any of the key characteristics of a national
identity card. Individuals aren't compelled to carry it or produce to a garda on
demand.

It says there's no plan to expand it beyond public service transactions.

What is it currently used for and what will it be used for in future?

Accessing all social protection services such as child benefit and pensions, as
well as to sit the driver theory test and new first-time passport applications by
adults. In future it will be required for all passport applications and renewals,
getting a driving licence and accessing student grants among other plans.

Who has the cards and how can I get one if I don't have it yet?

The Department of Social Protection has issued 2.8 million cards, so far
mostly for people who access the department's services.

Those who don't have a Public Services Card yet and would like one can apply
for the card by making an appointment on the department's website or
visiting one of its offices around the country.

The opposition and advocacy groups have expressed concern after a minister
claimed that the new public services card is now mandatory for those who
wish to receive social welfare payments.

Social Protection Minister Regina Doherty was accused of causing confusion

last night after she claimed that the card is "mandatory" but "not compulsory".

She was speaking after a report emerged of welfare recipients being turned
down for public services because they do not hold the card in their possession.

"Let's be very clear. Nobody is required by law to have a card. So therefore it

isn't compulsory," Ms Doherty told Newstalk.

"But for my department it's mandatory and I know people might say I'm
splitting hairs, but actually because of the high value of the public services that
the department [provides], we give out over 20bn every year, and actually it
wasn't brought in by this Government, the legislation was brought in in 2005 -
so 12 years this has been in the process," she added.

In one case highlighted in the media, a pensioner is reported to be owed

thousands of euro but has refused to register for the card.

Age Action Ireland yesterday expressed concern about the Government's

approach.

"We would be very concerned if this new requirement for the card leads to
more older people losing their entitlements and we would urge the
department to ensure no one is penalised because they do not have a public
services card."

Fianna Fil's Social Protection spokesperson Willie O'Dea accused the

Government of trying to introduce a mandatory card "through the back door".

http://www.independent.ie/business/farming/eu/creed-refuses-to-rule-out-
need-for-id-cards-for-farmers-36079222.html
GSOC judge must be given full powers
Thursday, February 20, 2014
By Mark Kelly

GSOC-gate judge must be granted the legal powers to do the job, writes Mark Kelly

SINCE the GSOC bugging allegations first emerged, 10 days of claims and counterclaims have
impaired the credibility of our police accountability structures. The damage is profound but need
not be irreparable if decisive action is taken by the Government now.

The decision to appoint a retired High Court judge to review matters is a welcome first step
towards restoring public trust, but there is no guarantee that the Government will grant him the
legal powers necessary to do the job.

The Commissions of Investigation Act 2004 provides a tailor-made legal framework for speedy
and cost-effective investigations. If the investigating judge is appointed under the 2004 Act, he
will have statutory powers to compel witnesses, request and preserve documentation, conduct
inspections, and report findings of fact. If the inquiry is to have real teeth, some or all of these
powers may well be required.

The alternative suggested by the Government a review of papers is unlikely to be

remotely sufficient to establish the truth. Even if one accepts that civil servants and members of
An Garda Sochna will enthusiastically volunteer to speak, the judge must be granted the
authority to require people to appear before him. Any rogue elements that may have been
involved are unlikely to be drafting their voluntary statements for the judges consideration.

There should also be a physical dimension to this inquiry. The Garda Commissioner has said that
given the tight internal controls governing the use of the surveillance equipment used by An
Garda Sochna he is completely satisfied that there was no unauthorised access to this
equipment.

This is something that the judge may wish to verify by visiting, without restriction, areas on Garda
Sochna premises where surveillance equipment is kept and examining the safeguards that apply.

The judges mandate should extend to reviewing the use of authorised/unauthorised surveillance
by two other agencies, the Intelligence Branch (G2) of the Defence Forces and the Revenue
Commissioners, both of which have snooping powers under legislation from 1993 and 2009. He
may well need some or all of the powers of entry and inspection set out in section 28 of the 2004
Act properly to explore this relatively uncharted territory.

There is not the slightest suggestion that a retired High Court judge will take on this task in
anything less than an entirely diligent and independent fashion; however, without the full legal
authority of the 2004 Act his investigation could easily be hamstrung.

The technological aspects of the inquiry will be challenging and the judge will certainly require
the expert assistance of a technologist with specialist knowledge of information security. If a
commission of inquiry is appointed under the 2004 Act, the technologist could be appointed as an
authorised person with legal authority to recover all available technical threat advice and the
contemporaneous log entries of successive surveillance sweeps.

A thorough judicial inquiry should also put an end to speculation regarding authorised interception
of the telephone calls of anyone else associated with the GSOC bugging story. Under the
Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993, it is the
Minister for Justice who has the power to authorise such interceptions, based on requests by the
Garda Commissioner. Intercepts authorised under the 1993 Act are already subject to a form of
light touch judicial review after the fact, but far more profound judicial scrutiny may be
required.

One of the great advantages of judge-led investigations is that they can formulate
recommendations of a systemic nature that transcend the specific facts under investigation. Based
on his findings, the judge may decide to reflect on shortcomings in the oversight of intelligence
activities in this jurisdiction.

Unlike in the United Kingdom, where reports of the Interception of Communications

Commissioner and the Office of Surveillance Commissioners are presented to parliament, there is
no parliamentary oversight of intelligence activities in Ireland. Intelligence functions vested in the
Garda Commissioner cannot be reviewed by the GSOC and it is unclear if there is any effective
oversight of the work of the Defence Forces Intelligence Branch.

The Morris Tribunal not only highlighted appalling historic policing abuses in Donegal, it laid the
groundwork for a new system of policing accountability which, for all its acknowledged
shortcomings, represents a significant advance on previous practice.

A properly constituted judicial inquiry could shed light on whether the GSOC has been bugged
and prepare the way for better scrutiny of the work of our intelligence services.

Mark Kelly is the director of the Irish Council for Civil Liberties (ICCL).

http://www.irishexaminer.com/viewpoints/analysis/gsoc-judge-must-be-
given-full-powers-259316.html

GSOC feared bug

after garda slip up
The Sunday Tiimes
February 16 2014, 12:01am,
The Sunday Times

GSOC chairman Simon OBrien, above, was told analysts would be

used to establish the source
The Garda Siochana Ombudsman Commission
(GSOC) organised a counter-surveillance sweep of
its headquarters after a senior garda inadvertently
revealed he was in possession of information about
a secret report it was working on last summer.
The level of detail known to the officer caused
disquiet in GSOC, and this was one reason it hired
Verrimus, a British firm, to advise on internal
security.
During the meeting with GSOC, a garda appeared
to have specific information about a section of text
that had previously been discussed at a meeting in
the commissions Abbey Street offices, but which
did not appear in the final report.
In an earlier incident, a senior garda officer had told
Simon OBrien, the GSOC chairman, he would use
analysts to establish the

English airport staff demand to see

Irish passengers passports
Ellen Coyne, Senior Ireland Reporter
August 25 2017, 12:01am,
The Times

Darragh O'Brien, of Fiannail Fil, is asking Britain for an explanation

LEAH FARRELL/ROLLINGNEWS.IE

Staff at an English airport asked people travelling

from Dublin to produce their passports and said that
the common travel area isnt how we do things
here, according to two passengers.
John Gallagher, an Irish lecturer in early modern
history at the University of Leeds, was travelling
with Felicity Williams, a PhD candidate and British
passport holder, when they had their passports
checked.
They had been on the 4.05pm Ryanair flight from
Dublin to Leeds Bradford on Monday. Airport staff
checked the passports of passengers getting off the
flight even though there are no customs controls
between Ireland and the UK.
Since the 1920s Ireland and the UK have used the
common travel area (CTA), an open borders
agreement between the two countries.
Ms Williams

https://www.thetimes.co.uk/article/e
nglish-airport-staff-demand-to-see-
irish-passengers-passports-
2nzqw5rvr

Dublin social welfare fraudster caught by facial

recognition software
Friday, December 02, 2016
A repeat social welfare fraudster who was caught after his picture was
run through facial recognition software by Department of Social
Protection investigators has been sentenced to three years in jail with
the final two years suspended.

James Maughan (aged 38) was already claiming disability benefit in his
own name when he made a claim for Jobseeker's Allowance in a false
name.
After his picture was taken for his public services card, suspicious staff
ran the image through facial recognition software and discovered his
true identity.

He has 11 previous convictions for social welfare fraud from 2013 in

almost identical circumstances.

He received a six-month sentence from the District Court on that

occasion.

Maughan, of Conyngham Road, Dublin, pleaded guilty at Dublin Circuit

Criminal Court to inducing another to accept an application for job
seekers allowance in a false name and stealing 438 in Jobseeker's
Allowance, the property of the Department of Social Protection, in July
2015.

The court heard sentencing had been adjourned earlier this year to
allow Maughan attend rehabilitation at Cuan Mhuire. He attended there
in August but subsequently left in September.

Judge Melanie Greally issued a bench warrant on that occasion.

He was arrested and remanded in custody since November 1, last.

Maughan's defence counsel, Rebecca Smith BL, told Judge Greally that
her client had managed to stay drug-free and was allowed to work while
on remand in Cloverhill Prison because of his status.

She said there was a cheque in court, which had been provided by a
friend of Maughan's to repay the balance of the money which was owed
to the state.

He had to repay that money and a relative in Leeds contacted him to

say he had a job for him on his fruit and veg stall when he was released
from custody.

Judge Greally noted today that Maughan had since reimbursed the
department and made good efforts to rehabilitate himself in custody.

She handed down a three year sentence but suspended the final two
years.

At the initial hearing in April Garda Ian Abbey told Martine Baxter BL,
prosecuting, that a man claiming to be 'Terence Maughan' attended at
Cork Street Intreo (social welfare) office in July 2015 looking to apply for
Jobseeker's allowance. He was given a form and an appointment for
interview.

The man returned on July 8 for his interview and submitted his
application form. He said he did not have photo ID but handed over a
birth certificate in the name of 'Terence Maughan'.

The man agreed to have his photo taken for a public services card.

Staff who had suspicions about the man ran the picture of 'Terence'
through facial recognition software and discovered a match with a
James Maughan, who was already claiming disability benefit.

The investigation established that James Maughan had fraudulently

claimed 438 that month using the 'Terence' name, as well as claiming
an emergency payment of 100.

Garda were alerted that the man claiming to be 'Terence' was due to
collect a payment at James Street Post Office on July 23.
After James Maughan claimed the payment he was stopped and asked
for his name.

He initially told garda his name was Terence and said that they were
looking for his brother but after he was arrested he admitted his true
name.

Maughan has a total of 55 previous convictions including the 11 social

welfare convictions. The majority of the convictions are theft-related.

http://www.irishexaminer.com/breakingnews/ireland/dublin-social-
welfare-fraudster-caught-by-facial-recognition-software-766852.html

Department of Social
Protection Compliance &
Anti-Fraud Strategy 2014
2018
Annual Report 2015 &
Annual Target Statement 2016
April 2016
https://www.welfare.ie/en/downloads/DSP-Compliance-Anti-Fraud-Strategy-
2014-2018_AnnualReport2015.pdf
Gsoc probes unsound convictions
John Mooney
November 11 2012, 12:01am,
The Sunday Times
Convictions obtained by gardai who allegedly colluded with Kieran
Boylan are being investigated (Courtpix)
The Garda Siochana Ombudsman Commission
(Gsoc) is investigating a number of convictions
obtained by gardai who allegedly colluded with
Kieran Boylan, a convicted drugs trafficker whose
relationship with the force is the subject of a public
interest inquiry.
Among the cases under examination is that of
Andrew Kearns, currently serving a 10-year
sentence in Mountjoy prison. He was arrested in
2005 after collecting cocaine from Boylan in Ardee,
Co Louth. Kearns was charged but no action was
taken against Boylan and his associates, who had
supplied him with drugs from a larger shipment
smuggled into the country.
Kearns has made a full statement to Gsoc
investigators, who visited him in prison. He and
others are understood to be seeking legal advice.
Boylan, who was a