Can't sleep, damn insomnia. Thoughts running so I'll share. Tomorrow marks 17 days since the DPC told me that my complaint about the PSC travel pass being used as a tool of mass surveillance, was valid.

It's 2 weeks since I emailed the DPC and said I didn't want it included in

with the current DPC case re the PSC as it had nothing to do with it. A travel pass is one of those functions which the Social Welfare is allowed use the PSC.

The 2 weeks is important because that's the time limit to act once the complaint is deemed valid, there's a precedent

somewhere.

Anywho, I'm mulling over the individual number of data protection/GDPR breaches involved. So, you have a travel pass and you get on public transport. The PSC travel pass is supplied by dept SW. It has your name, a biometric photo and on the magnetic strip is a

unique identifier. The unique identifier is a number, not the same number on the public services card travel pass. The dept. SW issues this unique identifying number. You get on the bus, luas, dart and you scan to get on and in many cases 'off' too, depends on the mode of public

transport you take. The public transport provider collects data every time you scan the travel pass. The date, time & journey are recorded and also the unique identifying number. So far so good. Most of the transport providers think this is anonymised data. They majority send the

data back to the NTA, the do so because payment is dependent on the data. Some, like Irish Rail, may send the data directly back to the department, that's not 100% clear, but all the data eventually ends up back with the department because the Dept has an agreement with the NTA

to access their data, INCLUDING the unique identifier originally issued by the dept for each individual PSC travel pass user. Ya getting the picture now?

So the dept of SW has access to all of this data and under EU data precedents, you can't just hang onto a huge volume of

data like this on the off chance that you might need it to catch a public transport fare evader. And the dept SW does access it, they admitted to it last year in the PAC, that's why my complaint is valid. Ok, back to the question in point, how many individual breaches of data

protection/gdpr?

Every public transport provider thinks they're collecting anonymised data, but because it ends up back in Dept SW where they can and do match the unique identifier with individual psc travel pass user, THEY'RE NOT!

They are legally obliged to know where your

data ends up and for what purpose it's gong to be used and for how long. Ignorance is not an excuse. In 2018, there were 4.1 million psc travel pass journeys. The data collected by public transport providers was sent back to the NTA or the dept directly so that's another 4.1

million breaches. The majority of the data sent back to SW was sent back by the NTA, so we round that down to 3 million on yet another set of breaches. That's 11 million breaches in 2018 and another 4 million on top of that from the sw dept for processing the data. 15 million, in

2018 alone. I don't know how long it took to roll out the psc travel pass to all or at what rate it was used in other years, so I'll half the yearly rate to 7 million over, we say, 5 years, that's conservative enough.

Crazy shit, innit.