Free Traffic Legal Advice

I am submitting a formal complaint against APCOA Parking (UK) Ltd, a BPA AOS member with DVLA KADOE access, for breaching the Private Parking Sector Single Code of Practice (PPSCoP) and misusing personal data obtained in reliance upon DVLA-supplied keeper information.

While APCOA did not obtain my data directly from the DVLA, the entire enforcement process was initiated using DVLA data provided under the KADOE contract to the registered keeper — a lease company. That keeper then passed on my details to APCOA. From that point forward, APCOA used my personal data to pursue what they described as a statutory “Penalty Notice” under railway byelaws, implying criminal liability.

However, in response to a formal complaint, APCOA have now admitted that their “Penalty Notices” are not statutory penalties, but civil claims based on private contract law. They also confirmed that funds collected are retained by themselves or the landowner, not paid to the public purse — proving these are not fines issued by or on behalf of a prosecuting authority.

This is a damning admission. APCOA instigated the process using DVLA data under the false pretence of statutory enforcement, only to later reframe the charge as a civil contractual matter once challenged. This constitutes a clear breach of the KADOE contract and PPSCoP, both of which prohibit misleading representations and require that DVLA data be used for a lawful, clearly defined, and Code-compliant purpose.

The DVLA, as data controller, remains responsible for ensuring that personal data released under KADOE is not subsequently misused — including by downstream parties acting on the back of that disclosure. This complaint concerns not just the initial release of data, but its subsequent use in a manner that may amount to unlawful processing and potentially criminal misrepresentation.

I have attached a supporting statement with evidence and request a full investigation into this matter. Please confirm receipt and provide a reference number for this complaint.

SUPPORTING STATEMENT

Complaint to DVLA – Breach of KADOE Contract and PPSCoP

Operator name: APCOA Parking (UK) Ltd 
Date of Penalty Notice issue: [INSERT DATE] 
Vehicle registration: [INSERT VRM]

I am submitting this complaint to report a misuse of my personal data by APCOA Parking (UK) Ltd, who obtained my keeper details from the DVLA under the KADOE (Keeper At Date Of Event) contract.

Although my own personal data was not supplied directly by the DVLA, APCOA initiated enforcement based on DVLA data they received for the registered keeper — a lease company. That keeper then passed my details to APCOA, who processed my data in reliance upon the DVLA-supplied information. All subsequent action taken by APCOA, including the issue of a “Penalty Notice” and the pursuit of payment, was conducted under the authority they derive from the KADOE framework. As such, they remain fully bound by the terms of that contract and the Private Parking Sector Single Code of Practice (PPSCoP).

While APCOA may have had reasonable cause to request my data initially, they subsequently used it to issue a document styled as a “Penalty Notice” for an alleged breach of Railway Byelaws. The notice mimicked the form and language of a statutory penalty, implied criminal liability, and threatened escalation under Byelaw 14(1).

However, in a formal written complaint response dated [INSERT DATE], APCOA made the following admissions:

• The “Penalty Notice” is not a statutory enforcement measure, but a civil matter based on private contract law.
• Enforcement is pursued under contract law and not through the railway byelaw criminal framework.
• Revenue from the notice is retained by APCOA or the landowner—not remitted to the public purse—confirming it is not a fine issued by a prosecuting authority.

These admissions expose a clear deception: keeper data obtained under the pretext of enforcing statutory railway offences was instead used to pursue what APCOA now claims is a private contractual matter. This amounts to a misuse of personal data, a breach of the Private Parking Sector Single Code of Practice (PPSCoP), and a violation of the terms of the KADOE contract.

More seriously, this conduct raises significant concerns under the Fraud Act 2006, specifically Section 2 – false representation. APCOA knowingly represented a private civil charge as a statutory “Penalty Notice” in order to induce payment from a motorist under threat of criminal consequences. This is not a minor procedural failing or mere miscommunication; it is arguably a criminal offence, and it must be treated as such.

As the Data Controller, the DVLA bears direct responsibility for ensuring that personal data it supplies under KADOE is:

• Used lawfully and fairly
• Not processed for misleading or deceptive purposes
• Not used in ways that facilitate or support criminal conduct

These responsibilities cannot be delegated or brushed aside. Where there is evidence that a KADOE recipient has used personal data in a manner that may constitute a criminal offence, the DVLA must act—whether by initiating proceedings under the KADOE contract, reporting the matter to enforcement agencies, or revoking access to its data systems.

I request that the DVLA take the following actions:

• Investigate APCOA’s conduct in this case
• Determine whether a breach of the KADOE contract and PPSCoP has occurred
• Refer the matter to the appropriate enforcement authority or police, given the potential criminality under the Fraud Act
• Suspend or terminate APCOA’s KADOE access if warranted

The attached correspondence from APCOA constitutes direct evidence of misrepresentation and unlawful processing. I trust the DVLA will treat this complaint with the seriousness and urgency that such conduct demands.

Name: [INSERT YOUR NAME] 
Date: [INSERT DATE]

Subject: Urgent Update: Written Admission by APCOA Confirms Misuse of DVLA Data and Possible Criminal Offence

Dear [MP's Name],

I am writing to follow up on my previous correspondence sent on [insert date], regarding APCOA Parking (UK) Ltd and their misuse of personal data obtained in reliance upon DVLA keeper records. Since that time, APCOA have issued a written response to a formal complaint which makes an admission that is nothing short of damning.

They have confirmed in writing that their so-called “Penalty Notices”, issued under the guise of Railway Byelaws, are in fact civil demands pursued under private contract law, not statutory penalties. Despite this, they continue to design and issue notices that falsely imply criminal liability, threaten prosecution under byelaw 14, and reference statutory offences. Payments are retained by APCOA or the landowner—not the public purse—proving these are not lawful fines.

This is not just misleading; it arguably engages criminal liability under Section 2 of the Fraud Act 2006 – false representation made dishonestly and with intent to cause a gain or loss. It also raises profound concerns about the DVLA’s ongoing role in facilitating these schemes by releasing keeper data under the KADOE contract, with no apparent oversight or sanction when that data is subsequently misused.

The evidence now includes:

• APCOA’s own written admission that the notices are civil, not statutory.
• The use of the term “Penalty Notice” to falsely imply criminal liability.
• Threats of prosecution despite no intention or legal mechanism to prosecute.
• Processing of personal data in a manner contrary to the purpose under which it was obtained from the DVLA.

This is a serious matter of public interest, and I respectfully request that you raise it directly with the Secretary of State for Transport or the Minister responsible for DVLA oversight. The issue is not isolated, and unless Parliament intervenes, it will continue to affect thousands of motorists.

I am happy to provide a copy of APCOA’s written admission upon request. Please confirm that this matter will now be taken forward.

Yours sincerely,

[Your Full Name]
[Your Address + Postcode]
[Your Contact Email]