DVLA, disability and personal data

Is the DVLA’s online vehicle-checker risking the exposure of sensitive personal data of registered keepers of vehicles?

The concept of “personal data”, in the Data Protection Act 1998 (DPA) (and, beyond, in the European Data Protection Directive EC/95/46) can be a slippery one. In some cases, as the Court of Appeal recognised in Edem v The Information Commissioner & Anor [2014] EWCA Civ 92 where it had to untangle a mess that the First-tier tribunal had unnecessarily got itself into, it is straightforward: someone’s name is their personal data. In other cases, especially those which engage the second limb of the definition in section 1(1) of the DPA (“[can be identified] from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller” it can be profoundly complex (see the House of Lords in Common Services Agency v Scottish Information Commissioner (Scotland) [2008] UKHL 47, a judgment which, six years on, still makes data protection practitioners wake up in the night screaming).

When I first looked at the reports that the DVLA’s Vehicle Tax Check service enabled people to see whether the registered owner of a car was disabled, I thought this might fall into the complex category of data protection issues. On reflection, I think it’s relatively straightforward.

I adopt the excellent analysis by the benefitsandwork.co.uk site

A new vehicle check service on the DVLA website allows visitors to find out whether their neighbours are receiving the higher rate of the mobility component of disability living allowance (DLA) or either rate of the mobility component of personal independence payment (PIP)…The information that DVLA are making available is not about the vehicle itself. Instead they are publishing personal information about the benefits received by the individual who currently owns the car or for whom the car is solely used.

It’s difficult to argue against this, although it appears the DVLA are trying, because they responded to the initial post by saying

The Vehicle Enquiry Service does not include any personal data. It allows people to check online what information DVLA holds about a vehicle, including details of the vehicle’s tax class to make sure that local authorities and parking companies do not inadvertently issue parking penalties where parking concessions apply. There is no data breach – the information on a vehicle’s tax class that is displayed on the Vehicle Enquiry Service does not constitute personal data. It is merely a descriptive word for a tax class

but, as benefitsandwork say, that is only true insofar as the DVLA are publishing the tax band of the car, but when they are publishing that the car belongs to a tax-exempt category for reasons of the owner’s disability, they are publishing something about the registered keeper (or someone they care for, or regularly drive), and that is sensitive personal data.

What DVLA is doing is not publishing the car’s tax class – that remains the same whoever the owner is – they are publishing details of the exempt status of the individual who currently owns it. That is personal data about the individual, not data about the vehicle

As the Information Commissioner’s guidance (commended by Moses LJ in Edem) says

Is the data being processed, or could it easily be processed, to: learn; record; or decide something about an identifiable individual, or; as an incidental consequence of the processing, either: could you learn or record something about an identifiable individual; or could the processing have an impact on, or affect, an identifiable individual

Ultimately benefitsandwork’s example (where someone was identified from this information) unavoidably shows that the information can be personal data: if someone can search the registration number of a neighbour’s car, and find out that the registered keeper is exempt from paying the road fund licence for reasons of disability, that information will be the neighbour’s personal data, and it will have been disclosed to them unfairly, and in breach of the DPA (because no condition for the disclosure in Schedule 3 exists).

I hope the DVLA will rethink.

 

Advertisements

11 Comments

Filed under Confidentiality, Data Protection, Directive 95/46/EC, disability, Information Commissioner, Privacy

11 responses to “DVLA, disability and personal data

  1. Mike Walden

    This is an interesting one.

    Yes, as a neighbour I can check online to see if the registered keeper is exempt because of a disability, but I can also check by popping outside and looking at the physical disc in the windscreen. The disc shows the same information, and presumably has for quite a while.

    • The original piece I link to deals with this: the current tax disc would simply show £0.00, and there are other exemptions, but in any case from 1 October tax discs will no longer need to be displayed.

      • Michael Walden

        Actually, I don’t think that is true. My neighbour has “DISABLED” written in the ‘Tax Class’ field on the physical disc. See this image as an example: http://i48.tinypic.com/358p85z.jpg

      • Thanks Michael – you’re right. I guess I’d make two points – first, as mentioned before, tax discs are going later this year. Second, and more important, online checking is much quicker, more secretive and open to use on a greater scale. But your points are well made.

      • Michael Walden

        For the record, I agree. I’m just trying to point out that it isn’t as clear cut as suggested by the original piece.

        This issue seems like a lose-lose to me.

        Some people clearly benefit from having it displayed on the physical disc (see Bournemouth council disabled parking rules as an example) and I imagine they are going to be pretty upset come October when the disc goes away along with the associated benefits. The DVLA statement seems to suggest they have included the tax class on online service so councils can continue to offer those benefits.

        At the same time, people are clearly upset that the information is displayed at all.

        I’d be interested to know what a sensible solution would be to appease both sides.

  2. Michael Walden

    And here is a Local Authority expecting the word “DISABLED” to appear on the tax disc. See first bullet point: http://www.bournemouth.gov.uk/StreetsTransport/Parking/DisabledParking.aspx

  3. Pingback: Data Protection Expert Agrees DVLA Is Breaching Rights Of Disabled Claimants | Same Difference

  4. Ratbag

    I’ve seen several people arguing that as the DVLA currently publish these personal details on the tax disc it’s therefore ok to publish them on-line. I have no idea whether the same data protection rules apply (i.e. to paper discs as well as to internet accessible databases) but to argue that currently doing something wrong justifies continuing to do something wrong seems a bit, well, stupid! If that were a good argument we’d still be sending small children up chimneys and locking up unmarried pregnant women in mental institutions.

    • evo102

      So where was the campaign to remove the word DISABLED from the paper tax disc, I’ve searched but I can’t anything about it. There is of course a solution for those who don’t want the exempt status of their vehicle to be known – contact DVLA apply for the exemption to be removed.

  5. Pingback: Data protection expert agrees DVLA is breaching rights of disabled claimants | UNEMPLOYED IN TYNE & WEAR

  6. Pingback: How far can we trust open data? | Open Data Aha!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s