Royal Dutch Shell Plc  .com Rotating Header Image

Shell trickery over Data Protection Act compliance

By John Donovan

Shell and its lawyers have had advance sight of what you are about to read and therefore the opportunity to seek an injunction to prevent publication, but have not done so. Our most recent email to Shell on this matter is published at the foot of the article.

Royal Dutch Shell trickery over UK Data Protection Act (DPA)

As long term prominent critics of Shell management, my father (Alfred) and I have found some of the information supplied to us by Shell under the Data Protection Act law to be very revealing. Some would say astonishing.

For example, revelations about Shell:

Revelations will follow shortly about Shell’s behind the scenes machinations in relation to Wikipedia articles focused on Royal Dutch Shell.

In reaction to the damage done to Shell’s reputation from DPA information supplied to us in 2007, the oil giant has used every underhand trick imaginable to limit damage from new information supplied a few weeks ago. Some of the relevant evasive tactics adopted by Shell are covered in the correspondence links provided.

In order to locate/retrieve electronically stored information relating to us, Shell would logically run an automated search on our surname. This means that if Shell systematically used some formulation of code/abbreviation to identity us, instead of using our surname, such information would not be found.

On 23 August 2007, during correspondence regarding DPA issues relating to Shell internal emails and documents supplied to us at that time, I made the following request to David Sanger of Shell International Limited legal department:

“Please also supply any information which refers to either or both of us by any code name(s) now used by Shell.”

I raised this issue after receiving a tip off from a Shell insider that certain people at Shell were deliberately avoiding the use of our surname in documents and emails.

As can be seen in the detailed chain of events set out below, while the correspondence on this issue was still in progress, with denials on behalf of Shell that any such ploy was being used, Shell emails were sent in which the use of our surname was systematically and deliberately avoided.

This was achieved by the use of multiple abbreviations of our surname and the deliberate deletion of our surname from an extract of an article. By a lucky fluke, someone blundered by adding a separate file reference at the foot of the relevant stored emails (probably at a later date). The file reference, not the emails,  contained our surname. Otherwise we would know nothing about the existence of the relevant emails about us. This means that there may be a large volume of information produced on the same devious basis, which has not been disclosed to us by Shell.

Looking at what has recently been supplied, it would also explain a greatly reduced volume of salient Shell documents and emails after the time we received the tip off in 2007. Much of the latter information supplied seems to have been generated in the U.S. where Shell Oil lawyers and media folk had not been briefed on the ploy being used to avoid Shell complying with the DPA.

Although Shell might argue that the use of multiple abbreviations of our surname is not the same as using code names, this would be disingenuous. The basic tactic – the use of a form of identification signifying our surname, without actually using our surname, has the same result. As indicated, a search of electronically stored information using our surname would not retrieve documents prepared on that devious basis.

We believe that the relevant communications involve senior people at Shell. One of these individuals may have a self-serving motive in keeping secret a twisting of facts about our past history with Shell, evident in many Shell internal documents we have seen.


When I raised the code names issue with Shell on 23 August 2007, I was surprised to receive a response from a law firm Simmons & Simmons suddenly retained by the company. While their response letter dated 5 September 2007 dealt with some DPA issues, it neglected to deal with the question of Shell’s use of code names.

Some related extracts from my email response to Simmons & Simmons dated 8 September 2007:

We will also inform the Commissioner that we have reason to believe Shell are using a codename strategy to try to evade its statutory duty of releasing more information; it is our understanding from the IC’s office that we are entitled to any information that refers to us or by which we can be identified, even if it is not by name. We further understand that it is an offence under that act to knowingly take steps to withhold information.

The codename issue is serious; we understand that if the Commissioner thinks your client has tried to evade the relevant provisions of the Act, he will write to Shell and require them to release all that information to the Information Commissioner and to us.

We raised the codename issue in our last communication to your client. Instead of an answer, we received your letter which completely ignores the question..

On 10 September 2007, my father sent an email to RDS Plc Company Secretary Michiel Brandjes, containing a draft of an email being sent to over 600 UK MP’s. The draft email contained the following passage:

Following a tip-off, we also asked if Shell has attempted to evade its DPA obligations by subsequently using codenames instead of our surnames: another serious matter if true.

An email from my father to Shell EP General Counsel Keith Ruddock contained the following comments relating to the use of code names:

Like Mr Sanger, Mr Allen and Mr Brandjes, you have chosen not to provide an answer to the codenames issue. Three lawyers have all ducked a simple question. That makes us more than suspicious.

Any of you could have simply stated

Your information about the use of codenames is incorrect. No codenames have been used in relation to you or your father.

but were self-evidently unable or unwilling to do so.

Under the circumstances I believe it is reasonable for us to conclude that the insider information on the subject of code names is correct.

Nonetheless, I will ask one last time for a straight-forward answer to a straight-forward question.

Has Shell ever substituted a codename(s) for the Donovan surname for either my son or I, or for both of us?

We are delaying the email to MP’s while we give Shell this last opportunity to answer this question.

We received a response letter from Simmons & Simmons dated 12 September 2007 from which the following salient extracts are taken:

You also intend to write to the Information Commissioner stating your belief that our client is employing code names in order to avoid its obligations under the Act. As stated in our letter of 05 September 2007, our client has complied fully and in good faith with its obligations under the Act. For the avoidance of doubt, we are instructed that our client has not used code names for the purposes you allege or at all in relation to you or Mr Alfred Donovan.

We confirm that our client has not relied on the exemption of self-incrimination in responding to your SAR. We request that you inform any third parties with whom you have communicated, or intend to communicate, on this issue of this fact and of those set out above in relation to code names and the identity of third persons.

On 13 September 2007 my father confirmed to Mr Ruddock that in the light of the letter from Simmons & Simmons, the reference to Shell using code names to avoid its obligations under the Data Protection Act would be removed from the email to MP’s and that the issue would not be raised with the Information Commissioner.

However, as a result of documents Shell supplied in response to my 2009 SAR application, it has become apparent that the denials by Shell were disingenuous.

Shell internal emails sent on 31 August 2007 just a few days after we first raised the matter, provide evidence that Shell lawyers were indeed deliberately following a strategy to avoid the use of our surname.  The code names were less than sophisticated, amounting to various abbreviations of our surname, but with the same objective. This was done systemically over twenty times in the relevant emails, including the use of “D’S”, “D’s”, “Alfred D”, “Ds”, “John D” and “Mr D”.

The clincher that it was a deliberate strategy to avoid DPA law was the removal of the Donovan name from an extract from an article quoted in the email sent at 15.13 on 31 August.

“A 90 year old war veteran, Alfred D——-, created a gripe website focused on Shell which, in an extraordinary alliance with the so-called “Kremlin attack dog” Oleg Mitvol, has cost the oil giant billions of dollars and as a by-product, changed the course of history.

We would never have known about these Shell emails except for the fact that some one blundered by adding a file reference code, probably at a later date, at the foot of the page:

« File: 2006 – 01 – Alfred Donovan.doc» «File: 2007 – 02 – Donovan Campaign Against Shell.doc »

Consequentially, there may well be a large volume of emails and documents on which the same strategy was used, on which a file reference was not added.

I note that a number of “Focal Point” documents produced by Shell contain an assurance to Shell management in relation to these matters, as as per the example dated 16 October 2007:

Did you avoid disclosing certain information to the Donovans in response to their Data Protection Act requests?

We complied fully with the Data Protection Act request while making legitimate use of the ability under the Act to withhold information in certain limited circumstances, for example where it is legally privileged or to protect the identities of third parties. We also informed the RDSplc website that we do not use codewords in internal documents relating to their activities.

The Shell internal emails on 31 August 2007 prove otherwise.

Under the circumstances, we have asked Shell to carry out a search using all of the multiple code/abbreviations which we now know for certain have been used instead of our surname.


From: John Donovan <[email protected]>
Date: 24 January 2010 20:31:24 GMT
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Royal Dutch Shell trickery over UK Data Protection Act (DPA)

Dear Mr White

Printed below is a revised draft article we plan to publish on Tuesday morning, 26 January 2010.

The text will be amended in the light of any development before then.

If you wish to supply comment for unedited publication as part of the article, please let us have your comments by Tuesday am.

Please also let me know if you will be carrying out a search using the various Shell code/abbreviations used as a substitute for our surname, which has confirmed the tip off we received from a Shell insider.

If you need more time to consider this matter, you only have to say so.

If I receive nothing from you by Tuesday am, the article will be published and a formal complaint filed with The Information Commissioners Office covering this and all other DPA related issues previously raised with Shell.

Best Regards

John Donovan

NO RESPONSE THUS FAR FROM SHELL and its sister non-profit websites,,,,,, and are owned by John Donovan. There is also a Wikipedia feature.

0 Comments on “Shell trickery over Data Protection Act compliance”

Leave a Comment

Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each blog member is allowed limited comments, as displayed above the comment box.
  • Comments must be limited to the number of words displayed above the comment box.
  • Please limit one comment after any comment posted per post.

%d bloggers like this: