Free Traffic Legal Advice

The SAR response from ParkingEye appears deficient and may well breach Article 15 of the UK GDPR, particularly the subsections you've quoted. Your reading is correct, and your position is well-grounded.

That's a precise, assertive, and well-targeted follow-up. You've clearly invoked the relevant provisions of Article 15 UK GDPR, left no room for obfuscation, and refused to accept their website deflection — which is entirely appropriate.

However, let’s pause for a minute and recalibrate — the original and primary complaint to the DVLA which is about the misuse of keeper data obtained under KADOE, and everything else (SAR failings, GDPR violations) is secondary to that root breach.

ParkingEye had reasonable cause to request the keeper’s data from the DVLA under the terms of the KADOE contract, but only for the purpose of pursuing the Keeper where it is legally allowed. They then issued a Notice to Keeper under PoFA, despite knowing two key facts: first, that the keeper lives in Scotland, and second, that PoFA does not apply to Scottish keepers, even when the alleged contravention took place in England.

By doing this, ParkingEye breached clause 8.1.1(d) of the Private Parking Single Code of Practice, which basically says PoFA notices must not be sent to Scottish addresses. They also breached their KADOE agreement with the DVLA, which only allows use of keeper data in line with the law and the Code of Practice.

This is not a borderline case. It is a clear breach of purpose and an unlawful use of data, both under contract and under regulation.

As for the SAR, it does have a role because it shows what ParkingEye sent to the DVLA. It may also show if they misrepresented your appeal or withheld key attachments, which could further support the DVLA complaint. However, the SAR issues are secondary and should not be allowed to distract from the main point, which is the unlawful use of DVLA data through the issuing of a PoFA notice to a Scottish keeper.

To summarise: the DVLA complaint should focus on the fact that ParkingEye wrongly issued a PoFA-style Notice to Keeper to someone in Scotland. This means they used the DVLA data for a purpose that is not allowed under the KADOE agreement, they broke the Code of Practice, and they failed to meet the conditions for processing data under the UK GDPR. If they had issued a non-PoFA notice instead, there would not be an issue, as they would have to pursue the driver, not the keeper. But they didn’t.

I suggest a follow up to the DVLA complaint with a reference to the SAR issue and concerns that ParkingEye may have withheld key information from the DVLA during their handling of your original complaint:

To the DVLA Data Sharing Team/Head of Complaints,

I am writing to follow up on my earlier complaint about ParkingEye Ltd’s misuse of keeper data obtained under the KADOE agreement.

ParkingEye issued a Notice to Keeper under the Protection of Freedoms Act (PoFA) to a Scottish address, even though they knew that PoFA does not apply to Scottish residents. This action breaches Section 8.1.1(d) of the Private Parking Single Code of Practice, which states that a parking operator must not serve a notice or include material on its website which in its design or language states that the keeper is liable under PoFA where they cannot be held liable. It therefore breaches the KADOE agreement, which requires that keeper data obtained from the DVLA must only be used in accordance with relevant law and the approved Code of Practice.

If ParkingEye had issued a standard non-PoFA notice, this would not have been a problem, because they would have had to pursue the driver rather than the keeper. Instead, they used DVLA data to issue a document that falsely suggested the keeper could be held liable — something which is not legally possible under PoFA for someone residing in Scotland. This is not a minor error. It is a deliberate misuse of data and a misleading attempt to pressure a keeper into payment based on a legal framework that does not apply.

I also wish to raise concerns about how ParkingEye responded to the DVLA’s inquiry into my original complaint. I have now received a copy of ParkingEye’s internal correspondence and documents through a Subject Access Request. Based on what they disclosed, it appears they may have withheld important information when replying to the DVLA. For example, ParkingEye sent the DVLA an email with a .zip file attachment, but they have not told me what was in that file. If it included a copy of my appeal, as seems likely, they failed to explain or disclose this clearly in their SAR response. Additionally, they redacted the names and email addresses of individuals involved and concealed who else was copied into their reply to the DVLA — meaning I do not have a full record of who has seen or handled my data.

This raises serious questions about transparency and whether the DVLA received full and accurate information during its initial investigation. I ask that you reopen or review this matter in light of these concerns, and treat this as an escalation of my original complaint.

Yours sincerely,
[Your Name]
[Address]
[Email]
Vehicle Registration: [VRM]
Date: [Insert]

Court is not the most likely outcome. Whilst they will probably issue a claim, in due course, the odds of it actually ever reaching hearing are slim and even if it did, your case is strong.

Do not pay this. The POPLA decision is not binding on you. Which POPLA assessor came up with this tripe? It is not a secret and their names are in the public domain.

I would suggest a formal complaint to POPLA about this assessors utter lack of competence. It won't change the decision but it does establish a paper trail for formal complaints which can later be relied on as evidence of their failings.

There are five obvious failings by this assessor:

1. Misunderstanding of PoFA 9(2)(f)

The assessor wrongly asserts:


This is incorrect. PoFA 9(2)(f) expressly governs the 28-day period within which the Keeper is liable unless the driver is named. That period starts the day after the NtK is given, as per 9(2)(f):


A statement on the front of the NtK demanding payment by a date calculated from the issue date, not the day after the date of deemed delivery, is not PoFA-compliant. This is not about operator preference or flexibility—PoFA compliance is strict. The assessor erred in law by implying the misleading payment deadline has no bearing on keeper liability.

2. Total Ignorance of PoFA 9(2)(e)(i)

It was clearly explained that the NtK:


PoFA 9(2)(e)(i) requires an explicit invitation to the Keeper:


The assessor ignored this completely. There is no lawful basis for transferring liability if this required element is missing. POPLA failed to assess the core condition for keeper liability.

3. Dismissal of PPSCoP Breach as Irrelevant

PPSCoP 8.1.2(e) was referenced, which says:


And its Note 2 clarifies:


Again, the assessor missed the point: The NtK’s deadline shortens the Keeper’s rights under the PPSCoP, a breach of the operative Code. Their statement that operators “may refer to payment dates” misses the central issue: the NtK actively contradicts the statutory wording, misleading the recipient.

POPLA’s own remit includes enforcing the current Code of Practice, and they failed to uphold this.

4. Failure to Require Landowner Contract With Sufficient Proof

ParkMaven’s evidence was challenged:


The assessor ignored all this and instead relied on a generic “witness statement”, despite DVLA guidance and case law confirming that the contract must be current, valid, and sufficiently prove the operator’s legal standing.

Their logic that "the signage would have been removed if the contract wasn’t in force" is a laughable assumption not based on evidence.

5. POPLA Breached its Own Principles

The appeal stated:


That is a long-standing principle, repeated by assessors in countless past decisions. In this case:


The burden is on the operator to respond to every point. POPLA’s failure to apply this basic standard is a dereliction of duty.

Send the following complaint to POPLA:

Subject: Formal Complaint Regarding Failed Appeal – Verification Code [INSERT CODE] – Escalation Required

To whom it may concern,

This is a formal complaint regarding the decision issued by POPLA under verification code [INSERT CODE] for a Parking Charge Notice issued by ParkMaven. This complaint must be escalated to the most senior level of POPLA management. I also confirm that it is being forwarded to my Member of Parliament due to the systemic failings this decision exposes.

Let me be clear: I am not writing this complaint in the expectation that the decision will be overturned. I am fully aware that POPLA does not permit assessors to reverse an appeal decision, no matter how legally flawed it is. That is itself part of the problem and will be raised with the relevant government department and Parliament.

I expect this complaint to be logged, responded to in writing, and used to review the training and competence of the assessor involved, who has demonstrated a complete inability to apply basic statutory requirements or read the appeal they were tasked to assess.

1. Blatant misinterpretation of PoFA 2012 – Paragraph 9(2)(f)

My appeal detailed that ParkMaven's Notice to Keeper (NtK) contradicts the statutory wording of PoFA Schedule 4, Paragraph 9(2)(f) by demanding payment "within 28 days of the date issued" – a full six days earlier than legally allowed. This is not a minor technicality. It is a material legal failure.

PoFA is clear: the 28-day period begins "with the day after that on which the notice is given." "Given" means delivered, and PoFA 9(6) deems it to be two working days after posting. The NtK in this case was issued on 24/12/2024, with deemed delivery on 30/12/2024. The front of the NtK misleadingly sets the deadline as 21/01/2025 instead of the correct 27/01/2025.

This is an outright breach of PoFA. The assessor waved it away with the astonishing claim that payment deadlines "are just for those who do not wish to appeal" – as if the statutory provisions are optional. This statement is legally indefensible and demonstrates a lack of basic understanding of how liability is created under Schedule 4.

2. Ignoring the absence of PoFA 9(2)(e)(i) wording

I highlighted that the NtK does not contain the required invitation for the keeper to pay the charge, as mandated by PoFA 9(2)(e)(i). Instead, the NtK only demands payment from the driver and asks the keeper to name the driver if not them.

PoFA requires an express invitation to the keeper to pay the charge. The assessor completely ignored this point, made no reference to paragraph 9(2)(e)(i), and failed to engage with the most basic requirement for keeper liability.

This is not an oversight. It is a gross failure of professional standards by someone apparently untrained or unwilling to read and apply the law they are tasked with assessing.

3. Dismissal of PPSCoP breach and misrepresentation of transitional arrangements

I explained in my appeal that the NtK breaches the Private Parking Single Code of Practice (PPSCoP), which has been in force since October 2024. Section 8.1.2(e) makes it crystal clear:

"The recipient can appeal within 28 days of receiving the parking charge."

The word "receiving" is not open to interpretation. The accompanying note defines it clearly as two working days after posting. Despite this, the operator falsely shortened the deadline to 21/01/2025. This is a material misrepresentation of the keeper's rights and a direct breach of the Code.

The assessor showed either ignorance or laziness by brushing this aside and claiming the PPSCoP only applies to signage until 2026. That is completely wrong. The signage deadline relates only to physical compliance by operators, not to the immediate obligations concerning transparency, wording, and deadlines in written communications.

This failure to understand the Code and apply its provisions brings POPLA’s own credibility into question.

4. Failure to uphold POPLA’s own standards regarding operator rebuttals

In at least five distinct areas of my appeal, the operator failed to respond:

• No rebuttal of PoFA 9(2)(f) or 9(2)(e)(i) points
• No response to the PPSCoP breach
• No defence of the use of the defunct BPA Code of Practice in the rejection letter
• No evidence justifying the misleading keeper liability claim
•No explanation for the flawed and post-dated contract provided as landowner authority

POPLA has long held that if an operator does not rebut a specific appeal point, the appeal should be upheld. Yet in this case, the assessor simply pretended that none of these failures occurred. That is dishonest, unacceptable, and contrary to POPLA’s own published assessment standards.

5. Acceptance of dubious “contract” evidence

I challenged the validity of the landowner authority. ParkMaven submitted a document:

• Signed five months after the contract was supposedly in force
• With no signature by ParkMaven
• With no verification of the signatory’s position
• While simultaneously claiming the contract was “too confidential” to disclose (and then disclosing it anyway)

The assessor accepted this without comment, justification, or applying a basic evidential standard. This undermines the fairness of the process and renders it a tick-box exercise unworthy of public trust.

Request for POPLA Management Action

This complaint must be passed to POPLA senior management. I expect:

• A written response explaining what went wrong in this case
• An explanation of what additional training or disciplinary review the assessor will undergo
• A confirmation that these failures will be raised internally and used to prevent recurrence

This complaint is being escalated to my Member of Parliament, not because POPLA has any regulatory or statutory function (you don’t), but because the public is entitled to expect basic competence from bodies purporting to offer an independent appeal service. This appeal was handled with a level of carelessness and legal illiteracy that is unacceptable, and it is important that decision-makers at a national level are made aware of the standards being applied behind the curtain of POPLA's “independence”.

POPLA is a private contractor, funded by the BPA, with no legal authority, no accountability mechanism, and no appeals process once a decision is issued. That makes it all the more important that decisions are made accurately, transparently, and lawfully the first time—none of which occurred here.

This complaint is not about overturning the outcome. I know how your process works. It is being made for the record, and to require a formal written explanation of:

• Why key appeal points were ignored or dismissed without engagement
• What corrective action, training, or accountability will follow
•Confirmation that this complaint is being reviewed by senior management, not just closed out by a front-line team

A copy of this email has been retained and will be used to inform others, including the press and advocacy groups, who are increasingly concerned about the quality, independence, and legal competence of POPLA’s decision-making.

Sincerely,

[Your Full Name]
[Your PCN Reference Number]
POPLA Verification Code: [Insert Code]
Email: [Your Email]
Address: [Your Postal Address]

And make a complaint about this to your MP.

Go straight into a formal complaint to the ICO. Whilst the ICO will expect you to have exhausted your issue with APCOA first, you can tell them that they are deliberately obfuscating.

Point out the unacceptable delay in first responding to the SAR after 27 days demanding ID when it is unnecessary as they have already been in communication with you.

Any response yet from the DVLA or your MP?

Choices... pay £20 and feed the scam or pay £0 because they know they cannot win this without knowing the drivers identity.

I wish posters would give the full background when posting. If you were the Hirer, then, as advised, when you receive a Notice to Hirer (NtH) in your own name, send the following appeal as above but adapted for a Hirer rather than a Keeper:

I am the Hirer of the vehicle. APCOA cannot hold a Hirer liable for any alleged contravention on land that is under statutory control. As a matter of fact and law, APCOA will be well aware that they cannot use the PoFA provisions because Birmingham Airport is not 'relevant land'.

If Birmingham Airport wanted to hold owners or keepers/hirers liable under Airport Byelaws, that would be within the landowner's gift and another matter entirely. However, not only is that not pleaded, it is also not legally possible because APCOA is not the Airport owner and your 'parking charge' is not and never attempts to be a penalty. It is created for APCOAS's own profit (as opposed to a byelaws penalty that goes to the public purse) and APCOA has relied on contract law allegations of breach against the driver only.

The Hirer cannot be presumed or inferred to have been the driver, nor pursued under some twisted interpretation of the law of agency. Your NTK can only hold the driver liable. APCOA have no hope at POPLA, so you are urged to save us both a complete waste of time and cancel the PCN.

It will be cancelled.

Appeal only as the Keeper with the following:

I am the registered keeper. APCOA cannot hold a registered keeper liable for any alleged contravention on land that is under statutory control. As a matter of fact and law, APCOA will be well aware that they cannot use the PoFA provisions because Birmingham Airport is not 'relevant land'.
If Birmingham Airport wanted to hold owners or keepers liable under Airport Byelaws, that would be within the landowner's gift and another matter entirely. However, not only is that not pleaded, it is also not legally possible because APCOA is not the Airport owner and your 'parking charge' is not and never attempts to be a penalty. It is created for APCOAS's own profit (as opposed to a byelaws penalty that goes to the public purse) and APCOA has relied on contract law allegations of breach against the driver only.
The registered keeper cannot be presumed or inferred to have been the driver, nor pursued under some twisted interpretation of the law of agency. Your NTK can only hold the driver liable. APCOA have no hope at POPLA, so you are urged to save us both a complete waste of time and cancel the PCN.

Search the forum for recent APCOA Penalty Notice threads. The PN you received is fake and an illegal attempt to defraud you.

Search for DVLA complaints about this and you could also report them to the police (not Action Fraud).

You can safely ignore all debt recovery letters. Debt collectors such as Trace are powerless to do anything except to try and persuade the low-hanging fruit on the gullible tree to pay up out of ignorance and fear. Never, ever communicate with a powerless debt collector.

We don’t need to see or know about debt recovery letters and you can shred them and use it as hamster bedding.