For All Vehicle Claims

Police Information Disclosure s170 RTA

Security Classification

Documents cannot be accepted or ratified without a security classification in compliance with the Government Security Classification (GSC) Policy

(Protective Marking has no relevance to FOI): OFFICIAL-SENSITIVE

Author CC Jo Shiner
Coordination Committee Operations
Date created 30th May 2023
Freedom of Information (FOI)

For external Public Authorities in receipt of an FOI, please consult with

30/05/2023 – to: All Chief Constables

Dear colleague,

Re: Police Disclosure of Information in relation to Section 170 Road Traffic Act 1988 (exchange of personal details)

I am writing to you in my capacity as NPCC Lead for Roads Policing. Section 170 of the Road Traffic Act 1988 places a legal obligation on drivers involved in collisions to exchange their personal details, i.e. name, address and vehicle registration mark.

It appears there is accepted practice in some police forces that when a collision has taken place and reported to the police, the force shares relevant personal information to both parties, where this has not already happened, so those parties can undertake civil proceedings where appropriate or desired. The disclosure of this information in this way has been undertaken in the belief that police are fulfilling the legal obligations of Section 170 Road Traffic Act 1988.

The Information Commissioners Office have subsequently advised that data cannot be shared this way under Part 3 Data Protection Act 2018, because it is not shared for law enforcement purposes, it is shared to support civil claims or proceedings. This view is also shared by the NPCC Data Protection Officer and is also supported by separate legal advice which gives rise to significant doubts about the lawfulness of such disclosures under Part 3.

Law enforcement purposes are defined in Part 3 Chapter 1 section 31 of DPA 18 as: “…the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.” This does not include civil enforcement processing, which falls under UK GDPR.

I raise this with you so that you can satisfy yourselves that this practice is not continuing in your force and in the knowledge that you may want to take your own legal advice. My portfolio is working with the NPCC Data Protection Officer to create and issue new guidance on this matter as soon as possible.

With kind regards.

Chief Constable Jo Shiner
Sussex Police
NPCC Lead for Roads Policing