Hundreds of EU drivers have found themselves on the receiving end of Transport for London (TfL) fines, following the illegal collection of their personal data. According to Jurist’s news report, these fines relate to TfL’s regulations regarding London’s Ultra Low Emissions Zone (Ulez). The fines, some amounting to £2,000 per day, were issued despite the post-Brexit data protection rules maintaining that personal data need not be shared for non-criminal offenses.
Belgian MP Michael Freilich was instrumental in discovering this breach; his freedom of information request revealed that Euro Parking – a Ulez partner – had accessed the personal information and data of Belgian drivers over 26000 times through a local court bailiff, despite being denied direct access. According to Freilich, this illegal data obtainment extends beyond yielding fines for Ulez non-compliance; even family car drivers, instead of just large, commercial vehicles, were heavily penalized.
Belgium wasn’t the only EU country affected; the report discloses ongoing lawsuits in France where drivers claim their details were fraudulently procured. Accusations of data breaches have been made against TfL by five EU countries in total.
Although TfL argued that local laws permitted them to share vehicle owner information for traffic regulation enforcement, EU states countered that this applied only to criminal offenses, whereas non-registration under Ulez is a civil offense.
This revelation of TfL’s alleged data breach underscores the need to monitor the post-Brexit data protection rules. These events not only have ramifications for the individual drivers impacted but also possess broader implications on the regulation of data management in a post-Brexit world.