Data Protection Complaints – Template Letters

[firemanstan]

Yes I did mean PCN, my typo error there.

 

I have read many posts on here however I have a friend who has a PCN issued by excel and they have resorted to calling here by phone (saying they are a solicitor acting on behalf of Excel) and demanding payment there and then. I always replied and they eventually got the message, however I guess it's up to the individual as to how they feel about ignoring these letters.

[Data Protection Society]

Many people are unhappy about DVLA selling our personal data to, amongst others, parking companies. The position at present is this:

 

1. DVLA does not need your permission to disclose your personal data.

2. You have no right to demand from a parking company that they delete, erase or otherwise remove your personal data unless the data are inaccurate. If you feel that the parking company is processing (holding, storing etc.) your data for too long or not for the right reasons, then all you can do is plead with the Information Commissioner (best of luck with that).

3. DVLA hold the view that parking companies have a right to ask the registered keeper who the driver was whom they claim was in breach of contract and that is 'reasonable'. The Information Commissioner has confirmed this.

 

We don't like this position any more than most other people. This is why we are pleased to tell you:

 

1. There is no law (currently) which requires the registered keeper to tell the parking company who the driver was. So, all you have to do is bin the ticket. You could write back and say that you are unable to say who the driver was. The parking company can't take you to court because they don't know who to take! Any action would fail and is why they don't take people to court.

2. The Protection of Freedoms Bill currently passing through Parliament will ban clamping but make the registered keeper responsible for the actions of the driver. This would be the first tiime that a person completely unconnected with a contract will be legally responsible for its breach.

3. We have submitted a formal Complaint to the European Commission (which has been accepted) which amongst other things, questions the legality of 'Regulation 27' upon which DVLA relies. The remit of the Information Commissioner does not extend to considering European legislation and its compatibility with the Data Protection Act.

4. Even if a parking company knows who the driver is, they can only claim, 'damages' which represent their loss of business or costs, so huge sums will not be enforceable in court.

 

Interested parties may like to check out our Web Site which we set up purely to help the data subject - the ordinary person - not the data controller - the people who obtain and store our data. Should the Complaint be upheld, the details will be found on our Web Site - dataprotectionsociety.co.uk. It's completely free.

 

Right now - don't sue DVLA - you will lose. Keep your powder dry but you can bin all those tickets.

 

We are not lawyers (so cannot accept legal responsibility for our views or any action people take as a result of them) but we have been in correspondence about this issue and other related issues with DVLA and the Information Commissioner for more than 10 years. We have also written recently to the Transport Minister, Norman Baker.

[lamma]

Well done. The EU already has big issues (i..e. disagrees with the UK Government) with the DPA as I am sure you are aware.

[Data Protection Society]

Thanks lamma.

 

At least some of the issues which we raised form the basis for the infringement action the EU are taking against the UK Government. This DVLA is a separate issue. There are many parts of the Directive which have not been implemented. For example, data subjects should be able to take legal action for any infringement of the Directive whereas UK data subjects are strictly limited.

 

When we have a firm legal basis, we will be advising all those who have been wronged by DVLA and many other Government bodies and maybe some commercial organisations as well. Government is the biggest culprit though. Could be interesting if DVLA have tens of thousands of actions against them.......

 

DPS

[lamma]

In my view the UK limitations are there to protect revenue AND to prevent losses. It will take a big ruling to overcome that.

[Data Protection Society]

lamma,

 

The limitations are there to prevent us knowing what the authorities are up to - how they misuse our data. But the EU wouldn't bring infringement proceedings unless they felt they had a good case. Check out Article 12(b) of the Directive and compare with section 14 of the DPA for example. Check out Article 13(g) against Regulation 27 for example.

 

DPS.

[lamma]

I agree. A lot of the misuse is sale of the data !

[Nev Met]

Well done to the Data Protection Society, I've been to your website and it's very good, particularly for us little people. Nice to know that there's some good people out there fighting on our behalf.

 

As regards "reasonable cause" I believe that the decision by he DVLA (for ACA electronic access to RK data) that Membership of the BPA AOS + Compliance with the Code of Practice = 'reasonable cause' is illegal.

 

However, as the DVLA are quite content to allow this to continue (a low guesstimate of no less than 3000 RK data releases to PPCs per day = £7,500 per day to the DVLA just from PPCs) then the best way for the moment is roll with the punches. As soon as it can be shown that a PPC (using ACA electronic access) has breached the CoP then the 'reasonable cause' it relied on to get the RK data vanishes and the RK data release by the DVLA was unlawful.......Complain! complain! complain!.......TSD have always said that it's the sheer volume of complaints that activate action ("it's the squeaky wheel that gets the oil").

 

Finally, in 2005 Dr Stephen Ladyman, the then Minister for Transport (when answering questions in Parliament about 'reasonable cause') said

 

In some states in America, if an individual requests information about the owner of a vehicle on the basis of a registration number, the information is provided if reasonable cause is established, but the owner of the vehicle is contacted and told that that information has been provided, why it was provided and to whom it was provided. Both the owner of the vehicle and the person requesting the information know that a request has been made for information. I would like the review to consider whether that should be built into the system as an additional protection.

 

The BPA is a very rich and powerful and influential organisation, realistically I don't think we shall ever bring a halt to RK data release to private companies, and making the DVLA notify the RK of a data release (along these lines) is a perfectly reasonable and practical safeguard, particularly if the wording of the notification was drawn up by a consumer organisation (and not the DVLA/BPA) and sent out in advance of any correspondence from the private company. This would also then have a system in place to enable the RK to appeal and challenge the 'reasonable grounds' submitted by the private company and an independent body (the 'data protection society'??) would then weigh up both arguments before making a decision on whether to allow the DVLA to release the data or not.

 

What could be fairer and safer than that (and also realistically achievable)

[Gick]

 

The BPA is a very rich and powerful and influential organisation, realistically I don't think we shall ever bring a halt to RK data release to private companies, and making the DVLA notify the RK of a data release (along these lines) is a perfectly reasonable and practical safeguard, particularly if the wording of the notification was drawn up by a consumer organisation (and not the DVLA/BPA) and sent out in advance of any correspondence from the private company. This would also then have a system in place to enable the RK to appeal and challenge the 'reasonable grounds' submitted by the private company and an independent body (the 'data protection society'??) would then weigh up both arguments before making a decision on whether to allow the DVLA to release the data or not.

 

What could be fairer and safer than that (and also realistically achievable)

 

Then charge £25 for the extra work involved. This would still be paid by those having ligitimate reasons for the application, as in the main it would be reclaimable from the person that they were pursuing (insurance claim etc). It would, however, make speculative invoicing less profitable due to the number of successful 'cons' needed to recoup the outlay.

[instrumentsofjoy]

Then charge £25 for the extra work involved. This would still be paid by those having ligitimate reasons for the application, as in the main it would be reclaimable from the person that they were pursuing (insurance claim etc). It would, however, make speculative invoicing less profitable due to the number of successful 'cons' needed to recoup the outlay.

 

Agree wholeheartedly. The current charge is far too low!

[lamma]

DVLA charges £2.50 per request to PPCs - which according to the DVLA only covers costs. DVLA charges to Local Authorities using electronic link is about 5p per request. Aren't all PPC requests done by electronic link.