Departement of Social Security – €550,000 Fine (Ireland, 2025)

€550,000Data Protection Commission12 June 2025Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Irish Data Protection Commission fined the Department of Social Security €550,000 for mishandling personal data during the Public Services Card registration process. They processed biometric data without proper legal grounds and failed to inform people about how their data was used. This case serves as a warning for organizations to ensure they have a valid reason for processing sensitive data and to communicate clearly with users.

What happened

The Department of Social Security was fined for processing biometric data without a sufficient legal basis and not informing users properly.

Who was affected

Individuals applying for a Public Services Card whose biometric data was processed without adequate legal justification.

What the authority found

The Data Protection Commission found that the Department violated multiple GDPR rules regarding data processing and transparency.

Why this matters

This fine highlights the importance of having a valid legal basis for processing sensitive data. Organizations must prioritize compliance with data protection laws to avoid significant penalties.

GDPR Articles Cited

AI-verified

Art. 35(VII)(b) GDPR
Art. 5(1)(a) GDPR
Art. 6(1) GDPR
Art. 9(1) GDPR
Art. 13(1)(c) GDPR
Art. 13(2)(a) GDPR
View original scraped data
Art. 5(1)(a) GDPR
e) GDPR
Art. 6(1) GDPR
Art. 9(1) GDPR
Art. 13(1)(c) GDPR
Art. 13(2)(a) GDPR
Art. 35(VII)(b) GDPR
c) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
Ireland enforcementData Protection Commission actionsAll Departement of Social Security actions
Full Legal Summary
Detailed

The Irish DPA imposed a fine of EUR 550,000 on the Departement of Social Security. The controller uses the so called SAFE 2 registration process for anyone applying for a Public Services Card. The SAFE 2 registration, which is mandatory, processes biometric data without a sufficient legal basis. The controller also failed to adequately inform data subjects in regards to the processing and to conduct a data protection impact assessment.

Related Enforcement Actions (0)

No other enforcement actions found for Departement of Social Security in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

12 June 2025

Authority

Data Protection Commission

Fine Amount

€550,000

Enforcement Tracker ID

ETid-2657

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Departement of Social Security - Ireland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: