Experian Ltd want ID to comply SAR - court Claim Issued - - Breach of the Data Protection Act 2018

[Intrepid]

Experian Limited filed a defence (attached below) in respect of the claim issued against them for failing to comply with their data protection obligations.

 

At paragraph 10 of their defence they state the following:

"Entirely without prejudice to the Defendant's position according to paragraphs 6 to 8 above, on 14 June 2022 the Defendant took the practical view that, with further investigation, it could satisfy itself as to the Claimant's identity."

My understanding is that the without prejudice rule is reserved for parties to enter into genuine settlement negotiations without later prejudicing their position in court.

Am I missing something here? I cannot see how the use of "without prejudice" in a defence filed directly to court can expect to benefit from the privileges outlined above.

A defence does not form part of genuine settlement negotiations, and one would expect if what was written was not intended to be considered by a judge then they would not submit it to them as evidence.

It appears to me as if they have inserted an admission directly into their defence.

EX - Defence - Redacted.pdf

[Ethel Street]

'Without prejudice' can have different meanings in different contexts.

 

In my view they aren't saying it's a 'without prejudice' settlement negotiation. They aren't making a settlement proposal or making an admission, they are asking for your claim to be struck out. I can't see how a strike out application could ever be a settlement negotiation.

 

They are saying that although they decided that, on the specific facts of your case, they could satisfy themselves of your identity and sent you a passkey they nevertheless maintain their legal position stated in paragraphs 6 to 8 is correct and they were not required to send you a passkey because you had not provided sufficient ID to meet their requirements. 

 

"Notwithstanding the Defendant's position according to paragraphs 6 to 8 above, ...." would have been a clearer way of putting it, but lawyers can't resist jargon.

 

Do you agree with their statement in paragraph 10 that on or about 14 June 2022 they sent you a letter with a passkey you could use to access your data?  If it isn't true then of course you can challenege it.

 

 

[Intrepid]

Thanks Ethel.

I agree with paragraph 10 save for the fact that it does not prejudice their position, it supports my position that they could and should have fulfilled the request inline with their statutory obligations.

I disagree that they had any reasonable doubt as to my identity as they were quite happy to correspond with me extensively prior to the request and discuss personal data pertaining to my account. The time to request any further verification as to my identity was before entering into those discussion if they had any doubt as to my identity.

 

It is my view they later manufactured that doubt to bring about exactly the events that took place, in order not to immediately respond to the request despite having the means to do so. These manufactured doubts evaporate when they receive a letter before claim and/or a complaint from the ICO.

They either had a genuine but incorrect belief that they were not required to fulfil the request, or in my view more likely used their bogus process to unduly influence me into believing I had no further right to access my data without jumping through their unnecessary hoops.

They were disabused of this by my letter of claim as well as the complaint they received from the ICO.

[Andyorch]

Topic open

[Intrepid]

In response to the complaint they received the ICO provided their view that Experian Limited have not complied with their data protection obligations.

I provided Experian a copy of the ICO's letter along with an offer to settle.

Experian ignored the offer I made but have now written to me saying that payment is on the way for the value of the claim £400 and the issue fee £50.

Their legal team also provided a half hearted apology for the delay in responding to my DSAR.

The delay was in total 7 months and 4 days beyond the statutory timeline to respond and no one would put their name to the email.

I have reverted back to Experian regarding my costs.

Edited April 14, 2023 by Intrepid

[Intrepid]

Payment accepted and claim discontinued.

 

On balance I think it was best to unburden the court and not pursue my claim purely on the basis of costs for a claim allocated to the small claims track.