Ireland
Departement of Social Security
550,000 €
GDPR enforcement action by Data Protection Authority of Ireland on 2025-06-12.
Rank · Sector
#13
of 356 in Public Sector and Education
Rank · Ireland
#14
of 36
Rank · All fines
#227
of 3,042
Case details
- Authority
- Data Protection Authority of Ireland
- Date
- 2025-06-12
- Controller / Processor
- Departement of Social Security
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 (1) a), e) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 13 (1) c) GDPR, Art. 13 (2) a) GDPR, Art. 35 (VII) b), c) GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Irish DPA imposed a fine of EUR 550,000 on the Departement of Social Security. The controller uses the so called SAFE 2 registration process for anyone applying for a Public Services Card. The SAFE 2 registration, which is mandatory, processes biometric data without a sufficient legal basis. The controller also failed to adequately inform data subjects in regards to the processing and to conduct a data protection impact assessment.
Open original source
Links to the regulator's original publication or another source.
Related fines
Ireland
2023-05-12
1,200,000,000 €
ETid-1844
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2025-05-02
530,000,000 €
ETid-2584
TikTok Technology Limited
Media, Telecoms and Broadcasting
Ireland
2022-09-05
405,000,000 €
ETid-1373
Meta Platforms, Inc.
Media, Telecoms and Broadcasting
Ireland
2023-01-04
390,000,000 €
ETid-1543
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2023-09-01
345,000,000 €
ETid-2032
TikTok Limited
Media, Telecoms and Broadcasting
Ireland
2024-10-24
310,000,000 €
ETid-2469
LinkedIn
Media, Telecoms and Broadcasting