Energy Bills: How to Protest & Avoid Legal Trouble

Avoiding Immediate Payment Cessation

Gradual Disengagement from Payments: Instead of stopping payments abruptly, it’s advisable to first cancel any direct debit arrangements or standing orders with the energy provider. This strategic move allows you to manage your finances without directly defaulting on payments, which could lead to immediate repercussions.

Lodging a Formal Grievance: As an initial step, file a formal grievance with your energy provider. This not only signals your dissatisfaction but also initiates a formal dispute process that could delay any potential debt recovery actions, as evidenced by the delays in legal processes observed in Reynolds v Times Newspapers Ltd [2001] 2 AC 127.

Strategic Use of Complaints to Challenge Energy Providers

Economic and Operational Impact of Formal Grievances: Each formal grievance lodged against an energy provider can exert financial and operational pressure on the company. Reports suggest that handling complaints can cost the provider significant resources, potentially leading to regulatory penalties or even the risk of license suspension if complaint volumes rise, a situation mirrored in British Gas Trading Ltd v The Gas and Electricity Markets Authority [2015] EWHC 1643.

Extending Resolution Timelines: By prolonging the complaint resolution timeline, particularly if done en masse by multiple consumers, you can strain the provider’s administrative capacity, creating delays that may ultimately benefit the consumer. The case of Cocking v Eacott [2016] EWCA Civ 140 explored the effects of procedural delays in regulatory contexts.

Asserting Your Data Rights through Comprehensive Subject Access Requests (SARs)

Drafting a Detailed SAR: Send a Subject Access Request (SAR) to your energy provider, requesting comprehensive details about how your personal data is being processed. The importance of this right is highlighted in R (on the application of NT1 and NT2) v Google LLC [2018] EWHC 799 (QB), which explored the boundaries of data access rights under the GDPR.

Key Elements of a SAR: Your SAR should cover:

• Confirmation that your personal data is being processed.
• Access to a full copy of all personal data held by the company.
• Clarification on the purposes of data processing, the recipients of your data, the data retention periods, and any automated decision-making that affects you.
• Information on the source of the data, particularly if it was not collected directly from you.
• Explanation of the safeguards in place for any international transfers of your data.
• A request to delete any data that lacks a legal basis for retention.

Expanding the Request Scope: In addition, request details on how the company manages data, including their internal processes, regulatory compliance efforts, and any third-party access to your data. The case of Nowak v Data Protection Commissioner [2017] C-434/16 clarified the scope of data processing under GDPR, reinforcing the need for transparency in data management.

Requesting Physical Documentation: Ask for all responses to be provided in physical form, which imposes an additional administrative burden on the company and provides you with a tangible record of their compliance.

Ensuring Corporate Accountability

Reporting Non-Compliance to Authorities: If the energy provider fails to respond to your SAR within the statutory period, you should escalate the matter to the Information Commissioner’s Office (ICO). The failure to comply with such requests can lead to substantial penalties, as demonstrated in the enforcement actions discussed in Information Commissioner’s Office v CRB Contractors Ltd [2021] UKICO.

Challenging the Legitimacy of Data Processing: Demand that the company provide the legitimate interest assessment that justifies their processing of your data, especially for actions like unsolicited visits. The judgement in Vidal-Hall v Google Inc [2015] EWCA Civ 311 offers a critical analysis of the balance between legitimate interests and the rights of data subjects under GDPR.

Expanding Data Accountability to All Involved Parties

Extensive SAR Submission: Send SARs not only to the energy provider but also to any third-party entities involved in the handling of your data, such as debt collection agencies or contractors engaged in “door-to-door” visits. This ensures that all entities involved in processing your data are held to account, as reinforced by the findings in Richard Lloyd v Google LLC [2021] UKSC 50.

Verification of Legal Compliance: Investigate whether these third parties are correctly registered with the ICO as data controllers or processors. If you discover any lapses in compliance, report these entities to the ICO for further investigation, as established in the principles from Johnson v Medical Defence Union [2007] EWCA Civ 262, which discusses the responsibilities of data handlers under UK law.

Example Complaint Notice:

“Add Your Name”
“Add Your Address”
“Add Your Postcode”

“Add Their Address”
“Add Their Postcode”

“Add the Date”

Your reference: “Add Their Reference Numbers”

Subject: Formal Complaint and Request for Data Access

Dear Sir/Madam, “best to add a directors or managers name if you have one handy”

I am writing to formally address several concerns regarding the service provided by your company. Recently, I have observed an unexpected increase in charges, which was implemented without any prior notice. This abrupt change raises serious concerns about a potential breach of the contractual terms governing the services provided to my address. To clarify the situation, I request that you promptly provide a copy of the contract that outlines the terms under which these services are being rendered.

Issues with Previous Complaint Handling

In addition, I must express my dissatisfaction with how my previous complaint was handled. The complaint was initially communicated by telephone, and I must highlight that the response I received did not meet the standard one would expect from a reputable energy supplier. The importance of proper complaint management, particularly in service-related contexts, is underscored in the case of Vodafone Ltd v Ofcom [2008] EWCA Civ 44, where the quality of complaint handling was directly linked to service obligations.

Concerns Over Meter Accuracy

Moreover, I am troubled by the reliance on meter readings that appear to be inaccurate, which have been used to determine my energy usage. I urge your company to take immediate action to verify these readings and ensure they comply with the statutory accuracy requirements, such as those set forth in the Measuring Instruments Directive 2004/22/EC.

Additionally, I request information on the procedure and potential costs associated with an independent meter test, which I understand is a right afforded to consumers.

I request that you provide a written acknowledgment of this letter, including a clear timeline for addressing these concerns, ideally within “insert a preferred timeline, e.g., 14 days”. Should these issues remain unresolved, I reserve the right to escalate the matter to Ofgem or other appropriate regulatory authorities.

Formal Subject Access Request (SAR) Under GDPR

I also wish to exercise my rights under the General Data Protection Regulation (GDPR) 2018 by submitting a formal Subject Access Request (SAR). The principles of transparency and accountability in data processing, as reinforced in Lloyd v Google LLC [2021] UKSC 50, require that I am fully informed about how my personal data is being managed.

Please provide the following information as part of my request:

1. Data Processing Confirmation: Confirm whether my personal data is currently being processed by your organisation.
2. Complete Data Access: Supply a full copy of all personal data that you hold pertaining to me.
3. Processing Purposes: Clearly state the purposes for which my personal data is being processed.
4. Categories of Data: Identify the categories of personal data involved in the processing.
5. Data Disclosure: List the recipients or categories of recipients to whom my personal data has been or may be disclosed.
6. Retention Policy: Specify the retention periods for my personal data, or if this is not possible, the criteria used to determine these periods.
7. Rights Overview: Confirm my rights to request rectification, erasure, or restriction of processing, or to object to the processing of my personal data.
8. Right to Complain: Provide information on how I can lodge a complaint with the Information Commissioner’s Office (ICO) or another relevant authority.
9. Data Origin: Disclose the source of my personal data if it was not collected directly from me.
10. Automated Decision-Making Details: Inform me if any automated decision-making, including profiling, has been applied to my data, and explain the logic and consequences of such processing.
11. International Transfers: Detail the safeguards in place if my personal data has been transferred to any third country or international organisation.

Additionally, I request that you provide:

12. Data Handling Processes: Information on the internal processes used to manage and secure my personal data.
13. Compliance Procedures: Details on how your company ensures compliance with relevant data protection regulations, including those applied to third parties with access to my data.
14. Legal Basis for Processing: Clarify the legal grounds for processing my data. If any data is held without a valid legal basis, I request its immediate deletion, along with proof of this action.

Please ensure that this request is processed within the statutory one-month period as required by GDPR. Should your department not handle such requests, I ask that you forward this communication to the appropriate individual or department.

I also request that all future correspondence regarding this matter be conducted in writing to ensure a clear record of our communication.

Thank you for your attention to these matters. I look forward to your prompt response.

Yours sincerely,

“Add Your Name”
Strictly private & confidential

Link to Template: – Link removed due to people sharing with non members.

Leverage GDPR Accountability

First Principle of GDPR: Emphasise the principle of responsibility and accountability under GDPR, which requires that each entity in the data handling process must be accountable for the data processing activities.

Challenge Legitimacy: Question the legitimacy of the energy company’s actions if they cannot provide sufficient evidence of compliance with GDPR, particularly regarding the handover of data between controllers and processors.

Report and Escalate Non-Compliance

File Complaints with the ICO: If any entity fails to provide the requested information or fails to justify their processing activities, report them to the ICO.

Potential Outcomes: The ICO may audit these companies, potentially halting their data processing activities until the investigation is complete.

Conclusion

Strategic Use of SARs and Complaints: By carefully following these steps, you can put significant pressure on energy companies, potentially delaying or preventing adverse actions such as fitting pre-pay meters, while also holding these companies accountable for their handling of your personal data.

Source:

Rights of Entry (Gas and Electricity Boards) Act 1954 (legislation.gov.uk)

Gas Act 1986 (legislation.gov.uk)

Ombudsman Complaints

Human Rights Act 1998

Utilities Act 2000

Equality Act 2010

Consumer Rights Act 2015

Health and Safety at Work etc. Act 1974

Data Protection Act 2018

Protection from Harassment Act 1997