Ireland’s Data Protection Commission (DPC) has fined the Department of Social Protection (DSP) €550,000 for breaches of privacy rules relating to the use of facial recognition technology in the registration process for the Public Services Card. A DPC investigation found breaches of the General Data Protection Regulation (GDPR) relating to failures to identify a valid lawful basis for the collection of biometric data, the retention of biometric data collected, and failures to put in place suitably transparent information to data subjects.
