Free Traffic Legal Advice

Hi, looking for advice on this PCN on behalf of my partner who is the registered keeper.


Upon entering the car park for the Bluebell restaurant at 9:31, the driver waited for the business to open (Sundays 10am), as they required the rest room they left the car park after 17 minutes (9:48) to use a toilet elsewhere. As the business had not opened yet they where unable to use the tablet to register for parking and have been issued a Notice to Keeper - Parking charge (issued 30/01/2025).


My partner (the registered keeper) also moved address shortly before this was issued (end of December), however they updated their address DVLA/V5C on 28th Feb 2025; this lead to the charge being handed over to Debt Recovery Plus (who have sent all of their correspondence the old address also (and have not used the registered DVLA address).


Here is the timeline from the letters recovered from the old address:

- 15/12/2024, Moved House

- 19/01/2025, Date of 'Contravention'

- 30/01/2025, Date Issued (£100), Smart Parking (Old Address)

- 28/02/2025, Updated DVLA Address and V5C

- 05/03/2025, Debt Recovery Plus (DRP) initial letter (Old address)

- 23/03/2025, DRP follow up letter (Old address) (05A, paid for indufficient time)

- 09/04/2025, DRP follow up letter (Old address)

- 01/05/2025, DRP follow up letter (Old address)

- 23/05/2025, DRP follow up letter (Old address)

- 31/05/2025, Recovered letters from old address.



For reference the parking charge is listed as '£1' for 3 hours at this business, and the charge for PCN is £100.
The Debt recovery Plus are asking for £170.


We are unsure how to proceed with this as it has been passed over to DebtRecoveryPlus however they have been sending the letters to the old address, and we have only recovered one letter from Smart Parking sent to the old address.


Here is the letter we received from SMART PARKING.

You also need to send a data rectification notice to Smart informing them of the correct address.

Oh, and ignore DRP completely.

Ensure that you have that in writing. Correcting your data would still be wise.

Welcome. I hope the Keeper has not tried to get in touch with (not so) Smart Parking. If the dates you provided for the alleged contravention and the issue date of the Notice to Keeper (NtK), there can be no Keeper liability because it was not given within the relevant period for them to be able to transfer liability from the unknown driver to the known Keeper.

However, there is a problem in that (not so) Smart hold an invalid address for the Keeper. A data rectification notice needs to be sent to (not so) (Smarts DPO, instructing them to update their record with the Keepers current address for service and to erase the old address. The highlighted words are there for a reason, so use them.

Under no circumstances must the Keeper identify the driver, inadvertently or otherwise. The Keeper only refers to the driver in the third person. There is no legal obligation on the Keeper to identify the driver to an unregulated private parking company.

As it is far too late to try and appeal this, the Keeper is going to have to weather the useless and powerless debt collector letters that will continue for a while. Eventually, a Letter of Claim (LoC) will be sent and you should show that to us when it arrives. We will provide a suitable response.

However, you can and should make a formal complaint to the DVLA as (not so) Smart have breached the PPSCoP section 8.1.1(d) which states:

The parking operator must not serve a notice which in its design and/or language: state the keeper is liable under the Protection of Freedoms Act 2012 where they cannot be held liable.

Because of this, they are in breach of their KADOE contract with the DVLA and are using the Keepers data unlawfully. Here’s how to make a DVLA complaint:


The DVLA is required to record, investigate and respond to every complaint about a private parking company. If everyone who encounters a breach took the time to submit a complaint, we might finally see the DVLA take meaningful action—whether that means curtailing or removing KADOE access altogether.

For the text part of the complaint the webform could use the following:

I am submitting a formal complaint against Smart Parking Ltd, a BPA AOS member (at the time but now an IPC member) with DVLA KADOE access, for breaching the BPA/IPC Private Parking Single Code of Practice (PPSCoP) after obtaining my personal data.

While the Operator may have had reasonable cause at the time of their KADOE request, their subsequent misuse of my data—through conduct that contravenes the PPSCoP—renders that use unlawful. The PPSCoP forms an integral part of the DVLA’s governance framework for data access by private parking firms. Continued access is conditional on compliance.

The DVLA, as data controller, is obliged under UK GDPR and the Data Protection Act 2018 to investigate and take enforcement action when data is misused following release. This complaint is not about whether the data was obtained lawfully at the outset, but whether its subsequent use breached the terms under which it was provided.

I have prepared a supporting statement setting out the nature of the breach and the Operator’s actions, and I request a full investigation into this matter. I have attached the supporting document.

Please acknowledge receipt and confirm the reference number for this complaint.

Then you could upload the following as a PDF file for the formal complaint itself:

SUPPORTING STATEMENT

Complaint to DVLA – Breach of KADOE Contract and PPSCoP

Operator name: Smart Parking Ltd 
Date of PCN issue: 30/01/2025 
Vehicle registration: [INSERT VRM]

I am submitting this complaint to report a misuse of my personal data by Smart Parking Ltd, who obtained my keeper details from the DVLA under the KADOE (Keeper At Date Of Event) contract.

Although the parking company may have had reasonable cause to request my data initially, the way they have used that data afterwards amounts to unlawful processing. This is because they have acted in breach of the BPA/IPC Private Parking Single Code of Practice (PPSCoP), which is a mandatory requirement for access to DVLA keeper data. The PPSCoP forms part of the framework that regulates how parking companies must behave once they have received keeper data from the DVLA.

The KADOE contract makes clear that keeper data may only be used to pursue an unpaid parking charge in line with the Code of Practice. If a parking company fails to comply with the PPSCoP after receiving DVLA data, their use of that data becomes unlawful, as they are no longer using it for a permitted purpose.

In this case, Smart Parking Ltd has breached the PPSCoP in the following way:

They issued a Notice to Keeper (NtK) dated 30/01/2025 for an alleged parking event that occurred on 19/01/2025. The operator is attempting to rely on the Protection of Freedoms Act 2012 (PoFA) to transfer liability to the registered keeper. However, in order to do so lawfully, the operator must comply with Schedule 4, Paragraph 9(4) of PoFA, which sets a strict statutory time limit for delivery of the NtK:

“The notice must be given by—
(a) delivering it to that address; or
(b) sending it by post so that it is delivered,
not later than 14 days after the vehicle was parked.”

This means that the NtK must be ‘given’ — i.e., delivered or deemed delivered — by the fourteenth day after the parking event. For a parking event on 19/01/2025, the final day for the NtK to be deemed ‘given’ would be 02/02/2025 (accounting for PoFA's deemed delivery rules: two working days after posting).

However, the NtK in this case was dated 30/01/2025, which was a Thursday. Assuming it was posted on that date, the earliest deemed date of service would be Monday 03/02/2025, as weekends do not count as working days. That is Day 15, and therefore too late for keeper liability to apply under PoFA. No amount of backdating or delay can lawfully change this.

Therefore, Smart Parking could never have achieved compliance with PoFA, and yet they explicitly stated in the NtK that the keeper is liable under PoFA. This is a clear breach of:

• PoFA Schedule 4, Paragraph 9(4)
• Section 8.1.1(d) of the Private Parking Single Code of Practice, which prohibits operators from stating that keeper liability applies when it does not.

This is not a trivial or technical breach. It is a false representation of legal liability, made using personal data obtained from the DVLA, and constitutes unlawful use of that data. The operator is using DVLA data to pursue a legal position they are statutorily barred from relying on.

The DVLA has a duty, as the data controller, to enforce the terms of the KADOE contract and the PPSCoP and to prevent personal data from being misused in this manner. That section states:

The DVLA remains the Data Controller for the data it releases under KADOE, and is therefore responsible for ensuring that personal data is not misused by third parties. This includes taking action against AOS operators who breach the conditions under which the data was provided. I am therefore asking the DVLA to investigate this breach and to take appropriate action under the terms of the KADOE contract.

This may include:

• Confirming that a breach has occurred 
• Taking enforcement action against the operator 
• Suspending or terminating their KADOE access if warranted

I have attached relevant supporting material with this statement. Please confirm receipt and provide a reference for this complaint. I am also happy to provide further information if required.


Name: [INSERT YOUR NAME]
Date: [INSERT DATE]

The DVLA formal complaint should still be submitted. This provides a pair trail for future FOI requests to show that the DVLA is not doing its job when it comes to sanctioning repeat offender private parking companies who unlawfully use the Keepers data after requesting it.

It takes a few minutes to complete the form and all the text is provided above. It is simply a matter of a copy and paste for the webform and the statement can be saved as a PDF for the upload.

The operator will also have to answer to the DVLA about this and explain themselves as to why they are issuing PoFA NtKs when they are not issued in time for them to comply with the relevant period deadlines. Also, as they are using the Keepers data unlawfully, this is a breach of the Keepers GDPR and warrants a claim for compensation for a breach of the Data Protection Act 2018.

If a private parking company gets the keeper’s details from the DVLA with a lawful application and reasonable cause, that’s not a problem in itself. But if they then misuse that data by falsely claiming the keeper is liable under the Protection of Freedoms Act (PoFA) when they don’t meet the legal requirements—such as issuing the Notice to Keeper too late—then they are using that data unlawfully.

Even if the data was obtained lawfully, it still has to be used lawfully, fairly, and for the correct purpose. Under UK GDPR, several breaches occur in this situation.

Article 5(1)(a) is breached because the company is using personal data in an unlawful and unfair way by claiming keeper liability under PoFA when they are not entitled to. Article 5(1)(b) is breached because the data is being used for a different purpose than the one for which it was obtained, which was to pursue a parking charge where liability can legally be enforced. Article 5(1)(c) is breached if the data continues to be used or passed to others when it is no longer necessary. Article 6(1)(f) is breached because there is no longer a valid lawful basis to justify the ongoing use of the data under the “legitimate interests” condition. Article 14 is breached if the keeper is not properly informed that their data is being used in a misleading way.

The Private Parking Single Code of Practice makes clear in section 8.1.1(d) that an operator must not serve a notice which, in its design or wording, states that the keeper is liable under PoFA if they cannot lawfully be held liable. If an operator sends a Notice to Keeper that wrongly states the keeper is liable under PoFA, they are acting in breach of this rule.

Doing so also breaches the terms of the KADOE contract with the DVLA, which only allows the use of keeper data for pursuing charges where there is a proper legal basis to do so. Using the data in these circumstances is unlawful and can be reported to both the Information Commissioner’s Office and the DVLA.