Parking charges: DVLA breached law over sharing drivers' details


Staff Member
4 Jun 2021
4,860 (4.45/day)
First off, parking tickets from private parking companies are not "fines" as the article keeps on saying, they're parking charges, ie invoices, a very different legal beast.

That out of the way, why am I not surprised that the DVLA have made this "technical" error? The ICO said that it made no difference to the experience of motorists hounded by private parking companies for payment, but I wonder if that's really true, or people wouldn't be allowed to seek compensation for it. Could the DVLA perhaps charge more for the information? I think this needs to be investigated more deeply. Something like this doesn't happen and then go on for so long by accident. There's usually some racket behind it.

Have a read and see what you think.

Nerd level: not enough.

The parking expert and author Scott Dixon said: “By using the wrong lawful basis, it cannot be disputed that the DVLA has breached the UK GDPR Data Protection Act 2018.

“Motorists have suffered a serious detriment by the DVLA’s unlawful actions … This is not a technical infringement. This ruling contradicts what the ICO says within their own guidelines for organisations to adhere to.

“I believe motorists are entitled to compensation from the DVLA, as they have suffered detriment as a result of the DVLA using the wrong lawful basis and wrongly using their powers within the scope of the UK GDPR Data Protection Act 2018.”



Well-known member
24 May 2022
968 (1.32/day)
The statement from the ICO is very, very carefully worded indeed.

The issue comes back to the GDPR (and more specifically our implementation as the DPA 2018) and what rights people have to data. There are all kinds of caveats in it around public services and more importantly the basis for holding and transferring data.

People talk a lot about consent as the basis for data holding but it’s not the only basis, this falls squarely into the cracks between legitimate interest and public duty on behalf of both the DVLA and also the parking harassment firms. And truthfully, yes, the ICO is right that the correct course of action is an amendment to the law itself because this is what you get when two completely separate pieces of law for completely different purposes collide.

Scott Dixon may be a parking expert but he’s not a data expert, and he is I think not entirely correct. If it were *only* the DPA 2018 in play, he would be right and the ICO’s verdict would be different. But the issue comes down to a misunderstanding about their legal requirements to provide data owing to the parking enforcement legislation and that what the DVLA has historically interpreted as a “must be satisfied” request process rather than a “should be provided” or even a “can be provided” process which in legal terms is very different. The exact legal specifics are extremely dry and dull and require cross-referencing parking enforcement regulations which haven’t been revised properly since before the GDPR, which makes it unsurprising that the DVLA has gotten it wrong.

Mind you I would also ban the harassment firms outright and make them a function of local councils in a way that can’t be outsourced to private firms. And I’m not even a motorist.
Top Bottom