DPC announces conclusion of investigation into use of facial matching technology in connection with the Public Services Card by the Department of Social Protection
Data Protection Commission, Ireland
Ref: SRC-004-IRL-001
Accessed: 3/30/2026
Summary
DPC fined DSP EUR 550,000 on 12 June 2025 for GDPR violations. Found no valid lawful basis for biometric data collection. Biometric templates held for 70% of Ireland's population. Four categories of infringement: lawful basis deficiency (Articles 5(1)(a), 6(1), 9(1)), retention issues (Article 5(1)(e)), transparency failures (Articles 13(1)(c), 13(2)(a)), and DPIA gaps (Article 35(7)(b),(c)). DSP given 9-month deadline to cease processing or identify valid legal basis.
View Harvard reference
Data Protection Commission (2025) 'DPC announces conclusion of investigation into use of facial matching technology in connection with the Public Services Card by the Department of Social Protection', Data Protection Commission, Ireland, 12 June. Available at: https://www.dataprotection.ie/en/news-media/press-releases/dpc-announces-conclusion-investigation-use-facial-matching-technology-connection-public-services (Accessed: 30 March 2026).