The Data Protection Society has placed a formal complaint with the European Commission that, ‘Regulation 27’, is incompatible with the European Directive on Data Protection (95/46/EC). The response from DVLA was an extensive Legal Opinion which attempted to show that DVLA complies with the Directive. In fact, in the most part, the Opinion showed what DVLA should do but not, of course, what it actually does in practice. However, DVLA did manage to hoodwink the European Commission into thinking that this somehow resolved the issue. It didn’t. The issue we placed before the Commission was to ask them to rule on whether, ‘Regulation 27’, was compatible with the Directive NOT whether DVLA complied with the Directive. This is completely irrelevant because no UK data controller has to comply with the Directive. The Directive gave life to the Data Protection Act and data controllers have to comply with that. If the Act is not compatible with the Directive, then this is a matter for the Commission to consider.

We have asked the Commission to address the issue we placed before it (that Regulation 27 is incompatible with the Directive) and the Commission has accepted that the Complaint is valid – in other words that it has merit and is worthy of consideration.

Furthermore, we have asked the Commission if all member States disclose personal data for the same reasons, as the Directive must apply equally across the EU. So far, the Commission has failed to respond. If most or all member States refuse to disclose personal data for the reasons given by DVLA, then there is no harmony and the Commission has a duty to ensure all Member States act in the same way.

The Office of the Information Commissioner holds that, ‘Regulation 27’, is law and that DVLA can disclose personal data for any cause which DVLA considers to be reasonable. In practice, this means that personal data will be disclosed for almost any reason such as DVLA generating revenue.