Using the Data Protection Act

Most journalists have heard about the Freedom of Information Act, a useful tool in gaining access to information held by government agencies. The Press Gazettes FOI campaign and the BBC’s Open Secrets Blog are as good places as any to start learning about how journalists and media organisations are using this tool.

But many journalists don’t realise that they have another powerful tool at their disposal – the Data Protection Act 1998.

I first discovered the usefulness of the Data Protection Act a few years ago when I used it to claim back thousands of pounds from an academic institution that, whilst very good at chasing me for tuition fees, hadn’t provided the amount or level of tution I would have hoped to have received.

I argued the case that I’d been mistreated (well, more like not treated at all!) to no avail so I decided to use the UK’s Data Protection Act to force the institution to reveal what, if any, records they held on me. The records revealed a catologue of issues and helped me make a much stronger, and ultimately successful, case for a full refund of tuition fees paid.

Towards the end of last year, I tried to use the Data Protection Act again, this time to get some records from Google after I was kicked out of their AdSense programme without explanation. Two letters later and I’ve still not heard back from them although some readers of this blog who have taken the same steps as I did had almost immediate results. Eventually get around to chasing that up again but, as no money is at stake, it’s kind of fallen on the backburner for now.

This weekend, I decided to take a few minutes to go on another Data Protection Act adventure, this time in an attempt to reclaim bank and credit card charges. Anyone who has ever accidently gone over their overdraft limit, forgot to post a cheque to a credit card company in time, or had a cheque returned uncashed will know that banks charge as much as £75 each time this happens. Now I usually try to be good about keeping payments and such up to date but, over the past years, am sure I’ve paid a few hundred pounds in such fees.

So, inspired by letters in the pages of the Guardian’s excellent Saturday Money supplement and the website of “Money Saving Expert” Martin Lewis, this weekend I sent Data Protection Subject Access requests to my bank and two credit card providers. I’ve asked for a full list of charges made against me, instead of statements per se (which aren’t covered by the DPA), and enclosed a £10 cheque with each to cover the statutory maximum that the bank can charge to supply the information requested.

Once I get the information I’ve requested, I’ll then write to each of the banks, explaining that the charges were disproprotionate to the cost actually incurred in sending them and, as such, they are penalty fees that would not hold up under UK contract law.

I’ll let you know how I get on…


  1. Bugger…last year I also got kicked out the adsense program, with no reason given.
    I kept on mailing google every day, for about one month, no succes … :)

  2. Good luck with that, will be interesting to see how it goes. I have no account of how many hundreds, if not thousands, of pounds I payed in so-called overdraft fees when I lived in the UK. Very convenient for the banks that your balance isn’t real time, so you can withdraw money without actually having money in your account, which in some other countries simply isn’t possible. Or that £30-50 penalty fee for being £2 over your credit limit by some slight oversight, or because the bank has decided to deduct some fee you weren’t expecting. Luckily I’ve managed to put those traumas behind me, or at least I prentend to… I’m not going to start ranting about British banking, so short version: it sucks.

  3. Im still interested to see what happens with the google request, has anyone ever got anything back from them?

Comments are closed.