At the center of the dispute is the app’s reliance on MyGovID as its anchor credential. To obtain a MyGovID account, users must possess a Public Services Card (PSC), which requires enrollment in a facial biometric database. Campaigners point out that the Data Protection Commission (DPC) previously ruled this biometric collection unlawful. That decision is currently being appealed by the Department of Social Protection in the High Court, leading groups to argue that the digital wallet is being built on “very shaky legal grounds.”
In a formal letter to the department, the ICCL and DRI described MyGovID’s security protections as “weak” and its governance as “opaque.” They have called for the immediate publication of the wallet’s Data Protection Impact Assessment (DPIA), any reviews conducted by the Data Protection Commissioner, and the application’s source code. The groups argue that without such transparency, the government cannot establish the public trust necessary for widespread adoption.
Under European Union law, Ireland is required to implement a digital wallet for public services by the end of this year. While the government emphasizes that the app is voluntary and that traditional forms of identification will remain valid, concerns persist regarding future mandates. Earlier this year, government ministers suggested the wallet could be utilized to enforce age-verification requirements for social media users under 16, though no formal policy has yet advanced.
The Department of Public Expenditure maintains that the pilot scheme is a collaborative effort to “co-design” the final product and demonstrate its safety features. A prior public consultation saw participants express anxiety over data usage and the potential for government surveillance. As the pilot begins, the legal status of the underlying biometric database remains the primary obstacle to the project’s institutional legitimacy.

