A parking campaigner has questioned whether it is lawful for the DVLA to electronically release vehicle keeper data without first checking if there is “reasonable cause” for the request.
Edward Williams says the DVLA is releasing keeper details without first checking if there is reasonable cause for requesting the data under Regulation 27(1)(e) of Road Vehicles (Registration and Licensing) Regulations 2002.
Data is currently released electronically “under contract without intervention by a specific DVLA employee”, the DVLA has confirmed. “Companies are only able to request information electronically under clearly defined terms and conditions in their contract and companies are audited by both DVLA and the Government Internal Audit Agency to ensure that information is only requested and used appropriately,” a DVLA spokesman told Parking Review.
Parking firms wishing to submit requests electronically must first serve a mandatory six-month probation period making manual requests only, “during which time their behaviour in the use of DVLA data is monitored”, said the spokesman.
He pointed out that all parking companies requesting vehicle keeper information must be members of an Accredited Trade Association (ATA), either the British Parking Association (BPA) or the International Parking Community (IPC). Membership of an ATA ensures that parking companies requesting vehicle keeper data operate within a code of practice that promotes fair treatment of the motorist, with a clear set of standards, said the spokesman.
Parking companies must be members of either the BPA or IPC approved operator schemes to gain electronic access to vehicle keeper data via the DVLA KADOE (keeper on date of event). “Where an organisation makes a large number of standardised requests, with identical circumstances, we consider it reasonable to have electronic processes in place to deal with these requests efficiently,” said the DVLA spokesman.
“Companies are only able to request information electronically under clearly defined terms and conditions in their contract and companies are audited by both DVLA and the Government Internal Audit Agency to ensure that information is only requested and used appropriately. Where any compliance issues are identified, the DVLA will undertake the appropriate action to ensure the matter is rectified.”
Following a request from campaigner Edward Williams, the Information Commissioner’s Office (ICO) has said it will consider “the broader issues” raised in relation to the sharing of keeper data by the DVLA and how that processing complies with the GDPR (General Data Protection Regulation).
The ICO said: “The DVLA has advised us that there are safeguards in place in relation to the automated route. The data sharing agreements within the KADOE contracts detail the specific security requirements an organisation must have in place to have access to keeper data.
“The DVLA has a number of measures that it employs before and after organisations are approved to receive personal data via the KADOE route. The measures employed by the DVLA in relation to the KADOE access route were considered by the ICO in the data protection audit of 2016.”
Edward Williams told Parking Review: “This could be the next PPI [payment protection insurance] scandal. The DVLA has given private parking firms (that can pay) the same data access privileges as local government authorities that carry out civil traffic enforcement.”
He believes the practice does not comply with GDPR, which was introduced in May 2018 to protect the personal information of individuals. “The DVLA faces the possibility of literally millions of small claims in the county court for money damages running into billions of pounds.
“Until there is a Data Protection Act damages claim against the DVLA decided in the High Court, we won’t know for sure if the DVLA’s practice of releasing vehicle keeper details to private parking firms, without human intervention, is unlawful or not.
“But it is clear that this practice has given the ICO enough cause for concern to open a full scale investigation. What is even more alarming is that the DVLA was subject to an ICO data protection audit in 2016 and passed, so the ICO knew what was happening but did nothing until the public started to complain.”
TransportXtra is part of Landor LINKS
© 2020 TransportXtra | Landor LINKS Ltd | All Rights Reserved
Subscriptions, Magazines & Online Access Enquires
[Frequently Asked Questions]
Email: firstname.lastname@example.org | Tel: +44 (0) 20 7091 7959
Shop & Accounts Enquires
Email: email@example.com | Tel: +44 (0) 20 7091 7855
Advertising Sales & Recruitment Enquires
Email: firstname.lastname@example.org | Tel: +44 (0) 20 7091 7861
Events & Conference Enquires
Email: email@example.com | Tel: +44 (0) 20 7091 7865
Press Releases & Editorial Enquires
Email: firstname.lastname@example.org | Tel: +44 (0) 20 7091 7875
Website design by Brainiac Media 2020