08/04/2026 to Essex police:
I write further to my previous correspondence, including my letter of 3rd September 2025 (attached) and my follow-up of 16 February 2026 (below), to which I have not received a substantive response.
I appreciate that the ICO has been considering this matter. However, in light of my further submission to the ICO today, I consider it important to briefly identify the outstanding matters arising from your position and why they remain pertinent.
Absence of Legal Basis for “Impartiality” Requirement
You asserted that CMA cannot act due to a lack of independence or impartiality.
As previously set out, I have been unable to identify any provision within the UK GDPR or Data Protection Act 2018 that requires a third-party representative to be impartial.
This point remains directly relevant, as it appears to have informed the position adopted in the ICO’s revised decision.
Consent – “Freely Given” in an Insurance Context
You suggested that consent is invalid where provided in connection with an insurance claim.
As set out in my earlier correspondence, and now raised with the ICO, I have been unable to identify any legal basis for the proposition that:
• a contractual or financial context, or
• the progression of an insurance claim
renders consent not “freely given”.
Clarification of the legal basis for this position remains outstanding and directly material to the ICO’s consideration.
Third-Party SAR – Origin of Request
You placed weight on the fact that the SAR was initiated by CMA rather than the data subject.
As previously noted, a request made via an authorised representative remains, in law, a request exercised by the data subject.
This distinction appears to have been relied upon but has not been substantiated.
“More Appropriate Route” / Civil Disclosure
You have repeatedly referred to an alternative route for disclosure.
As set out in my correspondence and now raised with the ICO, I have been unable to identify any statutory provision which permits refusal of a subject access request on the basis that another disclosure route exists.
This remains a central and unresolved issue.
Section 184 Data Protection Act 2018
You relied upon Section 184 Data Protection Act 2018 in circumstances where:
• the request explicitly excluded relevant records, and
• the ICO had already indicated that the request did not meet the statutory test
(see my letter, including ICO reference IC-220316-G1X1).
The continued absence of any explanation for reliance on Section 184 remains concerning.
You were to send me the relevant section of the DPA supporting your position, contradicting mine. You have yet to do so
Representations Regarding External Engagement
You indicated that this issue had arisen with multiple parties and that exchanges had taken place with organisations including the ICO and NPCC.
However, subsequent enquiries (including FOIA requests) appear to indicate that no such exchanges were recorded or held.
This remains unexplained and is directly relevant to understanding the basis upon which your position was formed.
Closing
These matters are not raised to restate earlier arguments, but because they remain unresolved and appear to underpin the position now adopted in the ICO’s revised decision.
Without clarification from Essex Police as to the legal basis for these points, it remains difficult to fully understand the foundation of that position.
I would therefore be grateful if you could confirm whether Essex Police intend to provide a substantive response to these outstanding matters.
If these matters have already been addressed within Essex Police’s submissions to the ICO, I would be grateful if those submissions could be shared.
I have copied this correspondence to the ICO for completeness.