Executive Summary
This case study documents a further application of the Data Continuity and Sovereignty Test, conducted against a large UK consumer services organisation. Using a lawful UK GDPR Article 15 Data Subject Access Request (DSAR), the test examined whether a consumer-facing organisation can provide a complete and coherent personal data record when the data subject seeks to understand decisions affecting them over time.
Unlike the Microsoft and ANS cases, this test did not fail due to missing data artefacts. Instead, it revealed a different and equally significant continuity failure mode: formal completeness without explanatory continuity. Although the AA delivered a timely DSAR response, the resulting disclosure demonstrated that the subject's personal data existed only as disconnected records, lacking the metadata required to explain pricing evolution, decision logic, or longitudinal context.
1. Purpose of the Test
The objective was not to challenge the legality of the AA's pricing model or to seek commercial explanations beyond the scope of GDPR. The objective was to test whether data continuity exists for a long-term consumer relationship, such that a data subject can reconstruct their own history without reliance on institutional narrative.
Research questions:
- Does the organisation retain personal data in a form that preserves longitudinal meaning?
- Can the data subject reconstruct change over time from the disclosed record alone?
- Is continuity preserved when the organisation asserts formal DSAR completeness?
1.1 What This Test Is Not
This study is not:
- a pricing dispute
- an allegation of unlawful charging
- a claim of DSAR non-compliance
- a request for commercial justification
It is a continuity test of consumer-scale record keeping.
2. Definition Framework
2.1 Linguistic Baseline (Oxford Languages)
Continuity is defined as "the unbroken and consistent existence or operation of something over time."
2.2 Operational Extension (This Study)
Operational Continuity: The ability of a personal data record to preserve context, relationships, and meaning across time such that a data subject can understand what changed, when, and why, using the disclosed data alone.
Data Sovereignty: The ability of the data subject to independently analyse and reason about their own history without requiring additional explanation from the controller.
3. Methodology
3.1 Instrument
A formal UK GDPR Article 15 DSAR submitted via the AA's online process, requesting all personal data held over a multi-year period relating to:
- membership history
- pricing and renewal records
- communications
- internal notes or flags
3.2 Rationale
Long-running consumer subscriptions are a strong test of continuity because value, risk, and pricing change incrementally over time.
3.3 Evidence Handling
The AA acknowledged the request promptly, confirmed the statutory deadline, and delivered the disclosure via a secure Safedrop mechanism within the required timeframe.
4. Case Background
The data subject held a long-standing AA membership. Over time, membership pricing increased in a manner that was not readily explainable from invoices or renewal notices alone. To understand the historical basis for these changes, the data subject exercised Article 15 rights.
The organisation initially advised that a DSAR would not explain pricing logic and offered redirection to customer services. The data subject confirmed that the DSAR should proceed as submitted.
5. Observed Continuity Characteristics
5.1 Formal Completeness
The AA delivered a DSAR response and stated that it contained all personal data necessary to fulfil its legal obligations.
5.2 Record Fragmentation
The disclosed data consisted of discrete records (transactions, communications, identifiers) without a unifying structure linking them into an interpretable timeline.
5.3 Absence of Longitudinal Metadata
No metadata was provided that would allow the data subject to determine:
- how pricing evolved year-to-year
- which internal factors influenced changes
- whether any personal attributes or classifications affected outcomes
6. Governance Position
The organisation's position—that GDPR does not require explanation of pricing decisions—is legally correct. However, this position exposes a gap between compliance and continuity.
Key point: A DSAR can be legally complete while still failing to provide continuity.
7. Findings
7.1 Containers vs Continuity (Consumer Services Variant)
The AA held and disclosed personal data, but the data was not structured to preserve meaning across time.
7.2 Sovereignty Without Interpretability
Although the data subject possessed a copy of their data, they could not reason about their own history without further institutional explanation.
7.3 The "Odd Position" Effect
By asserting DSAR completeness, the organisation fixed the record. Any subsequent production of additional explanatory data would imply the original disclosure was incomplete.
8. Interpretation
This case demonstrates that continuity failure can occur even where compliance is strong. The issue is not access, but interpretability.
- Disclosure ≠ understanding
- Completeness ≠ continuity
- Possession ≠ sovereignty
9. Implications
9.1 For Consumers
- Personal data copies may be unusable without narrative support
- Long-term relationships become opaque
9.2 For Consumer Service Providers
- Structuring data for continuity reduces disputes
- Interpretability strengthens trust
9.3 For Regulators
- DSAR frameworks do not test interpretability
- Continuity harm can exist without non-compliance
10. Design Response
This case highlights the need for longitudinal continuity structures:
- append-only personal timelines
- user-held continuity copies
- explicit linkage between events over time
11. Conclusion
The AA case completes a four-way validation of the Data Continuity and Sovereignty Test.
Across a hyperscale vendor, a local authority, a compliance consultancy, and a consumer services organisation, the same conclusion holds:
Compliance without continuity produces data that exists, but cannot be lived with.
This is a design gap, not a legal one.
Appendices
Appendix A — Evidence Index
- AA Article 15 SAR correspondence
- DSAR acknowledgement and Safedrop delivery
Appendix B — Reproducibility
This test can be reproduced against any subscription-based consumer service using Article 15 to examine longitudinal continuity.