ICO View on S10 DPA 1998 and CCA 1974

[Monty2007]

Thanks Analyst

 

Have you seen this thread:

 

http://www.consumeractiongroup.co.uk/forum/debt-collectors-debt-collection/111151-cca-defaults.html

 

It seems to suggest that if the default occurred at a previous time/address then they cannot serve it subsequently? Not sure myself, I think you may be correct, if I alert them to their mistake I will end up with it now.

 

I am in the process of negotiating a settlement, this was always my goal. I was put under tremendous pressure by NCO Europe who were the DCA and they hounded me, so there really is no love lost.

[patrickq1]

I have complained to the Information Commissioners Office regarding various creditors that have admitted they do not hold credit agreements which resulted in myself sending a section 10 request under the Data Protection Act 1998 to cease processing my data as it was inaccurate and furthemore not had my permission to process it in the first place, this is the Information Commissioners Office's response (with the boring bits left out):-

 

 

CCA 1974, request for credit agreement.

 

It may be helpful to explain that sections 77 and 78 of the CCA state that a creditor must give a Consumer a copy of their executed agreement within 12 working days of receiving a request in writing and the appropriate fee. Regulation 3(2) of the CNCD Regulations allows the following to be omitted from any copy:

 

a) Information in the original which relates to the debtor, hirer or surety or is included for the use of the creditor or owner only and which is not required to be included in the original agreement by the Act or by any regulations as to form and content. Therefore it is not necessary for the copy to repoduce, for example, details of the business or occupation of the debtor, the name and address of the employer or bank details of his income etc,

 

b) Any signature box, signature or date of signature.

 

Therefore there is no requirement for an organisation to send you a copy of the original agreement. They may simply send you a copy of the Terms and Conditions of the agreement.

 

Although i appreciate that you do appear to be disputing the existence of these debts, it may be helpful to explain that the failure of a creditor to produce a copy of the signed credit agreement is not, on its own, evidence that the debt does not exist and should therefore not appear on your credit file. If the credit grantor can supply some other evidence of the agreement and you have no evidence to contradict this then it

is likely to be proper for the debt to continue to be recorded on your credit reference file.

 

 

Section 10 notice and consent to share your information

 

You have complained that the companies are passing information to the credit reference agencies. Your argument is based on the assumption that the credit reference agencies need consent to process account information.

This is not the case.

 

As you may be aware the first data protection principle states that

 

"Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:

 

• At least one the conditions in Schedule 2 is met: and
  
• in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met"

One of the conditions for processing in Schedule 2 is that the individual has given his consent to the processing. It is our view that consent is not easy to achieve and that organisations should consider other conditions for processing before looking at consent. No one condition carries greater weight than any other. All the conditions provide an equally valid basis for processing. Merely because consent is the first condition to appear in both Schedules 2 and 3 does not mean that organisations should consider it first.

 

Consent is not defined in the Act and so it is helpful to look back at Directive 95/46/EC which defines "the data subjects consent" as:

 

"....any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed"

 

In the context of applying for credit, consent to share information with the credit reference agencies cannot be freely given. This is becuase if you dont agree to your data being shared then your application will simply be rejected. In other words you have no choice.

 

It is our view that the condition for processing below covers the sharing of account data with the credit reference agencies for the duration of a contract and six years beyond.

 

"The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case because of prejudice to the rights and freedoms or legitimate interests of the data subject"

 

We take a wide view of the legitimate interests and we consider that it is in the interests of other creditors to make informed lending decisions. It is important to note here that the fact that the processing may be seen by some to prejudice a particular individual (for example, someone with an adverse entry on his credit reference file may not be able to obtain credit facilities) does not necessarily render the whole processing operation prejudicial to all individuals.

 

The Act does not prescribe the period for which information is retained by credit reference agencies. However we understand that the Crowther Report on Consumer Credit 1971 expressed support for the view that a statutory time limit should be considered and suggested a period of six years should be adopted. At the time this was already the practice common to some of the major credit reference agencies. The Younger Committee on Privacy considered that as the prevailing practices of the agencies were cooridinated, there was no immediate necessity for statutory recommendations to be made but prepared the ground for the Data Protection Act 1984 by recommending that periods should be specified beyond which the information should not be retained.

 

Finally i hope the above information helps to clarify why we do not intend to undertake any further action in this instance. Your cases will now be closed.

 

 

Well that is a bit long winded but in the short of it all....'No credit agreement, tough, they still have a right to process your data'

 

Nearly all of my creditors have failed to produce agreements, so therefore in my eyes not having permission to process my data but the Information Commissioners Office clearly feels differently.

 

I am sad to say i will NOT be contacting the Information Commissioners Office again as it seems clear they are a huge waste of time.

 

Thoughts.......

would nt this be an answer to the DATA PROTECTION ACT and put back your rights under this RULE

THE REPUGNACY RULE.

this rule says that the exemtion clause is in direct contradition to another term of the contract,and is therefore repugnant to it.where the repegnancy exists the exheption clause can be struck out,thus to take a case of THE DATA PROTECTION ACT AND HUMAN RIGHTS ACT TO PRIVACY...the rule also applies to the construction of the main contract with a collatreral one

the four corners rule Under this rule exemption clauses only protect a party when he is acting within the four corners of the contract.Thus he is liable for damage which occurs while he is deviating from the contract and would not be protected by any exclusion clause.passing of data to another party who are not party to the origional contract springs to mind

[Laiste]

Hello all,

 

In respect of the IC's position regarding what constitutes fair and lawful processing and a creditor's right to continue processing even, in the absence of a credit agreement, the following info might be useful:

 

A data controller under the 1st principle must ensure that certain information is made "readily available" to a data subject, when the data controller first obtains data. The commonest method used by creditors to comply with this requirement is the "fair collection notice" which invariably appears in an agreement which a debtor signs. The information that is required to appear in this notice is:

 

1.The identity of the data controller

2.The purpose or purposes for which the data are intended to be processed

3.Any other information that is necessary to enable the particular processing to be fair.

 

If a data subject hasn't been provided with the above, which as I say, will almost certainly appear in an agreement (otherwise how could a creditor prove you've received such a notice?) the creditor will be in direct breach of the 1st principle. So, if an agreement has not been furnished, you cannot be said to have been in receipt of the notice, and it would be for the creditor to prove otherwise!

 

I am absolutely incredulous at the IC's stance, particularly in light of this very important requirement of the Act (often referred to as an Article 10 Notice-under the Directive). Given that the fundamental premise of the DPA 1998, is an individual's right to privacy, the obligations placed on a creditor in terms of compliance with the various provisions of the Act are strict. It would not be sufficient for a creditor to say for example, that the fair collection notice was sent by 1st class post to the debtor, which is undoubtedly why it's incorporated into the credit agreement, so that they have a signed acknowledgment from the debtor to prove that they have brought the fair collection notice to a person's attention and to cover the issue of consent. The IC cannot maintain their current position in view of this, as without an agreement, a creditor simply cannot prove that they have firstly, the right to process the data and secondly, it has certainly not been done fairly and lawfully without the FCN!

 

As a further argument which is actionable, such unlawful processing is in breach of Article 8 of the Human Rights Act.

 

An action could also be brought against creditors for breach of confidence under the common law, particularly in view of their fondness of passing confidential information (unlawfully) to 3rd parties, namely DCA's and the

CRA's!

 

I hope this has proved useful!

 

Regards,

 

Laiste.

[car2403]

We shouldn't forget that the Information Commissioners Office is only there to "administer" complaints under the Data Protection Act and to give an "opinion" on the application of the principles. The problem we have here is that their limited remit means they can't "consider" fuller arguments using other law, such as the Consumer Credit Act and the Human Rights Act.

 

Incidentally, I'm discussing this issue further, here; (if you're interested)

 

http://www.consumeractiongroup.co.uk/forum/data-protection-default-issues/111211-defaults-background-removal-methods-post1086715.html#post1086715

 

Ultimately, if you need to argue against continued processing without proper consent (and as long as the Information Commissioners Office continues to hold it's current stance on s.10) you will need to take a claim to Court and pursuade the Judge your argument is right "on the balance of probabilities".

[Laiste]

Hi Chris,

 

With respect, the IC does not exist to "only administer complaints under the DPA 1998" as you have suggested, nor is their function to merely offer an "opinion" on the application of the Act. The IC is a regulatory body which possesses a fundamentally important role conferred by the Act itself, which certainly is by no means insignificant and cannot be minimised to that of offering "opinions," they have a clearly defined legislative role. Whether they exercise that function in accordance with the Act, or to the best of their ability, is another argument entirely!

 

Their remit is by no means as limited as you have suggested, and yes they do have a responsibility to be au fait with how the DPA 1998 impacts on other areas of law, if that wasn't the case, they wouldn't be offering opinions, albeit misinformed opinions on the application of the Act in respect of credit agreements! When it's beyond your scope you say so, you don't pontificate about subjects of which you know less than

nothing!

 

The purpose of informing people about Article 8 of the Human Rights Act and the issue of breach of confidence, is to give individuals all the armoury they need to pursue a case through the Courts, which most people realise will be necessary to get justice in respect of s10, as the IC sure as hell isn't going to defend their position!

 

I would recommend that you take a close look at the Act and the Directive, for a definitive view on things!

 

Regards,

 

Laiste.

[car2403]

Hi Laiste,

 

I was being sarcastic there, stating how the ICO is currently "working" in my experience - I agree they do more than that, but don't appear to "know" this themselves.

 

It's threads like this that get everyone thinking about the issues at hand and not just blindly accepting the regulators version of events - they can be wrong too...

[lolly371]

very interesting thread, i hope you dont mind if i barge in with my own little piece of information. i have been trying to get somewhere with my own argument concerning a lack of credit agreement.

LACORS is the representative body of the various Trading Standards offices in the UK. LACORS have written to the Information Commissioner (earlier this year) to say that they dont agree with the stance taken by Information Commissioner on this issue and asking them to reconsider. Information Commissioner current stance is that they are considering the matter and will revert within a few months.

they made a massive impact:rolleyes: : i phoned the information comissioner yesterday, and they told me that it has nothing to do with them, the office of fair trading are the people who deal with that kind of thing. the office of fair trading told me a credit agreement is required, but not for credit cards. i cannot believe that these are the people we rely on to keep the system running smoothly.

[car2403]

i phoned the information comissioner yesterday, and they told me that it has nothing to do with them, the office of fair trading are the people who deal with that kind of thing.

 

A usual story...

 

the office of fair trading told me a credit agreement is required, but not for credit cards. i cannot believe that these are the people we rely on to keep the system running smoothly.

 

Credit Cards are covered by the s.10 CCA,as running account credit though, right?;

 

10 Running-account credit and fixed-sum credit;

(1) For the purposes of this Act—

(a) running-account credit is a facility under a personal [consumer] credit agreement whereby the debtor is enabled to receive from time to time (whether in his own person, or by another person) from the creditor or a third party cash, goods and services (or any of them) to an amount or value such that, taking into account payments made by or to the credit of the debtor, the credit limit (if any) is not at any time exceeded; and

(b) fixed-sum credit is any other facility under a personal [consumer] credit agreement whereby the debtor is enabled to receive credit (whether in one amount or by instalments).

(2) In relation to running-account credit, “credit limit” means, as respects any period, the maximum debit balance which, under the credit agreement, is allowed to stand on the account during that period, disregarding any term of the agreement allowing that maximum to be exceeded merely temporarily.

(3) For the purposes of section 8(2) [paragraph (a) of section 16B(1)], running-account credit shall be taken not to exceed the amount specified in that subsection [paragraph] (“the specified amount”) if—

(a) the credit limit does not exceed the specified amount; or

(b) whether or not there is a credit limit, and if there is, notwithstanding that it exceeds the specified amount,—

(i) the debtor is not enabled to draw at any one time an amount which, so far as (having regard to section 9(4)) it represents credit, exceeds the specified amount, or

(ii) the agreement provides that, if the debit balance rises above a given amount (not exceeding the specified amount), the rate of the total charge for credit increases or any other condition favouring the creditor or his associate comes into operation, or

(iii) at the time the agreement is made it is probable, having regard to the terms of the agreement and any other relevant considerations, that the debit balance will not at any time rise above the specified amount.

[lolly371]

 

Credit Cards are covered by the s.10 CCA,as running account credit though, right?;

 

well funnily enough a couple of days after the office of fair trading told me that credit cards dont have agreements, only terms and conditions, guess what landed on my door mat...... my credit card credit agreement!!

[patrickq1]

ps their is an objection clause written into the e u directive ,in effect a letter to the data controller that he must cease proccessing your data . the data subject has unambiguously given his consent....it is not unambbigious when it is already written into the contract that you waiver your DPA as it is in all contracts..this is why i have stated all along the REPUGNANCY RULE must come into being because this waiver is objecionable and is also a direct contradiction to the DPA....imo

Article 14 The data subject's right to object

i blame the ICO and OFT for allowing this waiver to become part of the contract it should be seperate..i do give my consent freely to all authorities ie goverment police judge but that is it....i have today been to preston uni for my daughter to enrol and we went to an estate agents and when we read the contracts i came acrross the subject waiver my right....i crossed this out and entered my own waiver,that being i freely give my permission for my data to be proccessed by the local authorities the police and the judicial system and to no others without my written consent as and when you wish to contact me i shall consider this request...i signed it they did not object and got a photocopy of the contract signed by them...this is the third contract i have rewritten in as many weeks,we have the right to objecti think this is such a serious subject and our rights have been consistantley abused for the last few years more than ever just lately...just look at the rediculous sitiation with LOANS.CO.UK all their data has been stolen (so they say)but half the data they had was about people who have never had any association with them..now a few of them could be victims of IDENTITY THEFT.i wrote to the ICO and asked what are they doing about this and what are they going to do about them holding information about persons who have no association with them...still awaiting a reply...

i will get of my soapbox because this is such a highly emotive subject to me and also it really gets me so angry when i see this sort of abuse.hope i have nt bored you all

patrickq1