The Data Protection Commission (DPC) last month imposed an administrative fine of €550,000 on the Department following the conclusion of an inquiry which began in July 2021.

The inquiry examined the Department’s processing of biometric facial templates, and usage of associated facial matching technologies, as part of the “SAFE 2 registration” that forms part of the PSC application process.

SAFE 2 registration is mandatory for anyone who wishes to apply for a public services card. Persons who do not submit to such processing cannot access services including welfare payments.

The DPC concluded that the Department had failed to identify a valid lawful basis for the collection of biometric data in connection with SAFE 2 registration at the time of the inquiry.

The Department was ordered to cease processing of biometric data in connection with SAFE 2 registration within nine months of the decision if it cannot identify a valid lawful basis.

A spokesperson for the Department of Social Protection told Irish Legal News: “The Department believes that its processing of biometric data is compliant with data protection law.

“Having carefully considered the decision of the DPC and following consultation with the office of the Attorney General, it appealed the decision in accordance with the provisions of, and within the timeline set out in, the Data Protection Act 2018 on 7th July 2025.

“As the matter is before the courts, the Department will not be making any further comment.”

The DPC declined to comment as the matter is now before the courts.