Free Traffic Legal Advice

I have sent it and will update when I receive a response from them. Many thanks for your help.

Is that the sum total of their response to the letter I drafted for you?

The formal complaint requires a response to each of the points raised. The complaint also states what steps to take if the response does not adequately answer the questions or offer a suitable solution.

So, please go through the letter that was sent and their response and highlight the points that they have or have not complied with. Before you respond to any offer they suggest to contact the operator on your behalf, show us your understanding of their response to thee formal complaint.

The BPA’s reply is inadequate, fails to address the specific points directly, and is evasive on key compliance issues raised. Their response either deflects or ignores important points regarding PoFA compliance and their own enforcement responsibilities. They shift responsibility back to ParkingEye rather than proactively enforcing compliance.

Respond with the following:

Subject: Inadequate Response to Formal Complaint – Request for Immediate Clarification

Dear BPA Compliance Team,

Thank you for your response dated [insert date]. I grant permission for the BPA to forward my correspondence to ParkingEye, with the explicit expectation that ParkingEye provides documentary evidence (e.g., Royal Mail Certificates of Posting) confirming the precise dates on which the letters were issued. I expect the BPA to independently review and verify this evidence to ensure compliance with both PoFA and the PPSCoP.

However, your reply is incomplete and has failed to fully address several critical aspects of my original complaint. To avoid ambiguity, please respond clearly and directly to each of the following points:

1. Omission of PPSCoP 8.1.2(e) Note 2 (Second Half)

Your previous response merely stated:

"Our quote of the single-sector Code of Practice was not done to mislead. I apologise if you believe it appeared like that."

This does not explain why the second half of PPSCoP 8.1.2(e) Note 2—which explicitly addresses the operator's obligation to provide evidence of posting—was omitted from your original reply. Please confirm clearly:

• The specific reason for omitting this highly relevant part of PPSCoP from your previous response.

2. Proof of Posting and BPA’s Regulatory Responsibility

You previously stated:

"We have not been provided with evidence to show that the letters were not posted when Parkingeye have stated so, we would be unable to advise on this."

This response sidesteps the BPA’s responsibility. The burden of proof rests with ParkingEye to demonstrate actual compliance, not on me to prove non-delivery. Therefore, please confirm explicitly:

• Whether ParkingEye has provided the BPA with tangible proof of posting (e.g., Royal Mail Certificate of Posting).
• If ParkingEye cannot or has not provided such evidence, clarify precisely what regulatory action the BPA intends to take against ParkingEye for this non-compliance.

3. BPA’s Position on PoFA Compliance Enforcement

Your response did not address the following critical point at all:

Please clearly clarify:

• The BPA’s official position on compliance enforcement relating specifically to PoFA, particularly regarding whether the statutory presumption of delivery can lawfully apply only after the parking operator has first provided documentary proof of the actual posting date.

This clarification is critical, as failure to enforce compliance on this point undermines the entire legislative framework upon which private parking enforcement relies.

4. Steps to Prevent Future Misleading or Selective Responses

Your previous response completely ignored this point:

The selective quoting of PPSCoP by the BPA severely undermines trust in the BPA’s integrity as an oversight body. Please explicitly confirm:

• What measures the BPA will implement to prevent similar misleading or selective quoting of your own Code of Practice in responses to future complaints.

Conclusion

Given the serious implications of these unanswered points, please respond comprehensively and transparently to each item above. A prompt and specific reply is expected, as these matters relate directly to BPA’s obligations to ensure fairness, transparency, and accountability from accredited operators.

I look forward to your swift and comprehensive response.

Yours sincerely,

[Your Name]
[Your Reference/PCN Number]

Hello. This is the response I received from the BPA today……

They appear to have forwarded to Euro Car Parks rather than ParkingEye!


“Dear ,
 
Thank you for your response.
 
I have forwarded your query to Euro Car Parks who will contact you directly shortly.
 
Please be advised we deem it acceptable to allow 14 days for the operator to make contact with you.
 
We did not include the sentences to mislead as I previously advised – further to this, the Notes within the Code of Practice are considered “best practice”
 
“Where “NOTES” within the Code purport to impose a standard on an operator they are not mandatory. They are an indication of best practice which should be aspired to by those managing land. It is recognised, that for an operator, complying with the “NOTE” is not always possible and there will be circumstances where compliance is unachievable and sometimes unhelpful. Not complying with a “NOTE” is not a breach of the Code. Parking operators and motorists are reminded of the spirit of the Code which is accountability and compliance”
 
Operators are not obliged to send letters via recordered delivery, the Code of Practice does not cover this. When an operator can provide a copy of the Parking Charge, we deem this compliant with the Code of Practice.
 
 
Kind regards


Compliance Team
British Parking Association

Write to your MP and show him/her this line of correspondence and the BPAs shirking of their responsibilities. They try to pass themselves of as a pseudo-regulator but manage only to prove that their only interest is in actually protecting their members when it can clearly be shown that they are abusing the process.

Where has anyone mentioned “recorded delivery”. All that is required to prove posting is a free certificate of posting from any post office. Yet more obfuscation. The burden of proof is still on the operator to prove it was posted, not on the recipient to prove it wasn’t posted.

The BPA forwarding your personal complaint—including details of your dispute with ParkingEye—to Euro Car Parks (ECP), a completely unrelated entity, constitutes a clear breach of GDPR under Article 5(1)(f) and Article 6 of the UK GDPR.

Why this is a GDPR Breach:

Unlawful Processing of Personal Data – Your complaint contained personal data (name, case reference, PCN details, etc.), and ECP has no lawful basis to receive this information because they are not involved in your case.

Failure to Ensure Data Security – The BPA, as a data controller for complaints, must take appropriate steps to ensure personal data is only processed by the correct recipients. This careless mishandling suggests a systemic failure in their complaint-handling process.

Breach of Confidentiality – The fact that the BPA is incorrectly sharing personal complaint data with third parties calls into question whether other complaints have also been misdirected, exposing a serious data governance issue.

Consequences of a GDPR Breach:

The BPA is obliged to report a personal data breach to the ICO (Information Commissioner's Office) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of the individual. Given that your personal data was sent to the wrong company without lawful justification, this is a reportable incident.

Send the following response to the BPA:

Subject: BPA’s Failure to Handle My Complaint Properly – GDPR Breach & Continued Non-Compliance

Dear BPA Compliance Team,

I am writing to express my extreme concern over your handling of my formal complaint regarding ParkingEye. Your response is not only entirely inadequate in addressing the core issue but has now escalated into a serious data protection breach under UK GDPR.

1. Serious GDPR Breach – Unlawful Sharing of My Personal Data

It has come to my attention that you have forwarded my complaint to Euro Car Parks (ECP) instead of ParkingEye.This constitutes a clear breach of UK GDPR under:

- Article 5(1)(f) – Failure to ensure security and confidentiality of personal data
- Article 6 – Unlawful processing of personal data without a valid legal basis
Euro Car Parks has no involvement in this case, and there is no lawful basis for you to have transferred my personal data to them. This failure to handle personal data securely calls into question the BPA’s entire complaint-handling process and whether other complainants’ personal data has also been mishandled.

Under UK GDPR, you are now legally required to:

- Inform me of the full extent of the breach – What personal data was sent to ECP? Was this only my complaint, or did it include additional information?
- Confirm whether you have reported this breach to the ICO – Given that my data was shared with an unauthorised third party, this is a reportable incident under GDPR rules.
- Provide me with an immediate Data Breach Notification – You must confirm in writing what steps you are taking to contain the breach and prevent recurrence.

Failure to act transparently on this matter will result in an immediate escalation to the Information Commissioner’s Office (ICO).

As for the rest of your response, it remains wholly inadequate, both in content and in addressing the fundamental regulatory obligations of the BPA as an Accredited Trade Association (ATA). Additionally, the fact that you have incorrectly forwarded my complaint to Euro Car Parks instead of ParkingEye, raises further concerns about the care and accuracy with which complaints are handled.

1. Misrepresentation of “Recorded Delivery” vs. “Proof of Posting”

Your response references "Recorded Delivery", which is entirely irrelevant to this matter. At no point was "Recorded Delivery" suggested or required. This is a service that requires a signature upon receipt and incurs a cost.

What was actually requested—and what is relevant to both PoFA and the PPSCoP—is "Proof of Posting", which is a free service provided by Royal Mail in the form of a Certificate of Posting.

The Interpretation Act 1978 states that where a document is required to be "given" or "served," it is considered delivered two working days after posting if using first class service, but this presumption only applies if proof of posting exists. Without such proof, an operator cannot rely on the presumption of delivery under the Interpretation Act or PoFA.

2. BPA's Failure to Enforce a Fundamental Evidential Requirement

The BPA’s stance that operators are not required to provide Proof of Posting when challenged is deeply flawed. Your response states:

“Operators are not obliged to send letters via recorded delivery. The Code of Practice does not cover this. When an operator can provide a copy of the Parking Charge, we deem this compliant with the Code of Practice.”

This statement is highly concerning for several reasons:

- It misrepresents the actual complaint by falsely framing it as a demand for "Recorded Delivery."
- It fails to acknowledge that providing a copy of a letter is NOT proof that it was ever posted. Anyone can generate a digital or paper copy of a letter—this does not demonstrate it was sent.
- It contradicts the purpose of the PPSCoP 8.1.2(e) Note 2, which explicitly refers to the evidential requirement of proof of posting when questioned.

3. BPA's Position on Enforcing PoFA Compliance

Your response fails to clarify whether the BPA accepts that PoFA compliance requires operators to prove they have issued a Notice to Keeper within the statutory timeframe.

As an ATA, the BPA has an obligation to ensure its members comply with both PoFA and the PPSCoP. Your refusal to require operators to provide proof of posting when challenged undermines the entire legal framework on which private parking enforcement is based.

To clarify: the burden of proof is on the operator to show compliance, not on the motorist to disprove it.

4. BPA’s Selective Quoting of the PPSCoP

Your attempt to justify omitting key parts of PPSCoP 8.1.2(e) Note 2 by referring to Section 1 ("Scope") is misleading. While it is true that some Notes are considered "best practice," this does not mean that they are entirely optional when they clarify an evidential requirement.

- The requirement to issue an NtK so that it is “given” to the recipient within 14 days is mandatory if the operator is relying on PoFA.
- The evidential requirement for proving this issuance (proof of posting) directly relates to whether an operator can meet that mandatory requirement.

By dismissing the necessity of Proof of Posting as merely “best practice,” the BPA is allowing operators to claim PoFA compliance without providing any actual proof. This is not just a failure of oversight—it is an active facilitation of non-compliance.

5. BPA’s Regulatory Obligations – Request for Clarification

Given the above, please provide a clear and unambiguous response to the following:

- Does the BPA acknowledge that Proof of Posting (via a Royal Mail Certificate of Posting) is the standard evidential requirement for an operator to rely on the Interpretation Act 1978’s presumption of delivery? If not, what alternative proof does the BPA require?
- If an operator fails to provide Proof of Posting when challenged, does the BPA accept that this means the operator cannot demonstrate compliance with PoFA?
- What specific regulatory action will the BPA take against ParkingEye if they fail to provide tangible evidence of posting?
- Does the BPA accept that merely providing a copy of an NtK is not proof that it was ever sent?

Conclusion

The BPA’s actions so far have been wholly inadequate and now include a serious data protection failure. I expect immediate action and a full response without further delay.

The BPA’s failure to enforce compliance on this matter is unacceptable. Your current stance appears to be that operators can state they posted a letter without ever being required to prove it, and that if challenged, the burden shifts to the recipient to disprove it. This completely undermines both PoFA and the PPSCoP.

I expect a direct, specific, and transparent response to the above points. If the BPA continues to evade its regulatory responsibility, I will escalate this matter to the DVLA and relevant government authorities regarding your failure to ensure accountability among your ATA members.

Yours sincerely,

[Your Name]
[Your Reference/PCN Number]

Yes

I have received another email from the BPA (AOS Investigations Team) confirming that there has been no breach of GDPR.  They consider that aspect of the complaint closed and will be in touch once the other items have been reviewed.

 

You should SAR them anyway, just to confirm they are not telling porkies.