Information Commissioner’s Office considers action against Labour Party over handling of Subject Access Requests
More than seven months — 253 days, to be precise — after I submitted a Subject Access Request (SAR) to the Labour Party, I can reveal the Information Commissioner’s Office (ICO) has disclosed it has “concerns about Labour’s handling of SARs generally” and is “considering what further action may be necessary in order to improve Labour’s practices”.
In the letter dated August 23, in response to my complaint that the Labour Party has (still) not responded to my SAR — submitted on December 8 2017! — within the 40-calendar-day deadline required by the Data Protection Act 1998, Phillip Marsh, the ICO’s lead case officer, added:
“At this stage, I am unable to advise whether we will decide to take regulatory action in regard to your specific SAR; however I will update you should this be the case.
“In the meantime, I can advise that the Data Protection Act 1998 affords you with the right to enforce your right of access through the courts. Section 7(9) states that where a court determines a data controller has failed to comply with a subject access request, it can compel it to do so. You may therefore wish to seek independent legal advice in this regard. The ICO is unable to assist with taking such matters to court.”
A quick summary of the background:
I made my third “Subject Access Request” (SAR) to the Labour Party on December 8 last year.
My goal was to try — again — to discover why I was suspended by the Labour Party on October 26 2016.
In 22 months, I have never had the opportunity to rebute and refute a still-unspecified allegation by a still-unnamed complainant. Repeated requests for a progress report from Sam Matthews, head of disputes in the Labour Party’s Governance and Legal Unit, have been ignored: not a single word of response has been given to numerous emails and telephone calls.
Not least because repeated email reminders to Jordan Hall, the Labour art’s Data Protection Officer, had met only with the laughably-worded auto-reponse: “Thank you for your email. We aim to respond to all queries within 10 working days. Please note that it is not always possible and there may be instance where further time is required. If your query is urgent, please call 02077831498 otherwise we will respond in due course. Alternatively, please contact your Regional office.”
Telephone calls to Mr Hall’s office were never returned.
Last week, Andrew Whyte, the Labour Party’s head of external governance, apologised for the “lengthy delay” in responding to my SAR and explained that Mr Hall “is currently out of the office on sick leave”. I am now hopeful that Mr Whyte will ensure I get a response to my latest SAR.
More importantly, the ICO seems ready to take action against the Labour Party for its flagrant and chronic abuse of the Data Protection Act 1998.
I have already highlighted how a Freedom of Information request was made to the ICO on February 13 2018, by a campaigner who supports Labour Party members who have been unjustly suspended or expelled for political reasons.
It contains a total of 44 complaints: one in 2015–2016; 22 in 2016–2017; 21 in 2017–[March 13] 2018.
I was particularly interested in the 32 complaints relating specifically to SARs that had not been fulfilled within the 40-calendar-day deadline. Of which 18 complaints led to the ICO requiring action from the Labour Party’s data-controller (one in January-March 13 2018; 12 in 2017; and five in 2016).
Today (Saturday, August 25), I was interviewed by The Sunday Times with a view to an article in this weekend’s newspaper. This is what I said:
“I’m a longstanding member of the Labour Party, who was suspended on October 26 2016 — after a still-unspecified allegation from a still-unnamed complainant, without a chance of a hearing to rebut and refute any charge.
“Like many hundreds and possibly thousands of party members, I made a Subject Access Request (SAR) to the Labour Party (on December 8 2017) to get some clues about why I was suspended. It should have responded to my request within 40 days. But I have had no communication whatsoever.
“I am pleased the Information Commissioner’s Officer (ICO) is now investigating the party’s flagrant and chronic abuse of the Data Protection Act 1998. If this fails to provide a satisfactory result, I will take the commissioner’s advice and take legal action.”