Can't sleep, damn insomnia. Thoughts running so I'll share. Tomorrow marks 17 days since the DPC told me that my complaint about the PSC travel pass being used as a tool of mass surveillance, was valid.

It's 2 weeks since I emailed the DPC and said I didn't want it included in

with the current DPC case re the PSC as it had nothing to do with it. A travel pass is one of those functions which the Social Welfare is allowed use the PSC.

The 2 weeks is important because that's the time limit to act once the complaint is deemed valid, there's a precedent

somewhere.

Anywho, I'm mulling over the individual number of data protection/GDPR breaches involved. So, you have a travel pass and you get on public transport. The PSC travel pass is supplied by dept SW. It has your name, a biometric photo and on the magnetic strip is a

unique identifier. The unique identifier is a number, not the same number on the public services card travel pass. The dept. SW issues this unique identifying number. You get on the bus, luas, dart and you scan to get on and in many cases 'off' too, depends on the mode of public

transport you take. The public transport provider collects data every time you scan the travel pass. The date, time & journey are recorded and also the unique identifying number. So far so good. Most of the transport providers think this is anonymised data. They majority send the