Download

Data Protection and the ability to pass customer information to trading partners

The Court of Appeal has given a useful judgment on the ability of one business to pass personal information about its customers to another.

The Data Protection Act 1998 prohibits data controllers from processing data (which includes transferring it to someone else) unless that processing meets one of the conditions contained in Schedule 2 of the Act. Schedule 2 contains such conditions as:

* the individual having given consent to the processing, and

* the processing being necessary for the purposes of the legitimate interests of the data controller or the recipient, provided that the processing does not cause unwarranted prejudice to the individual’s interests.

In the case, Grow With Us Ltd v Green Thumb (UK) Ltd, 27 July 2006, Lord Justice Buxton said that it may very well be in a franchisor’s legitimate interests to receive information about its franchisee’s customers, for example to enable the franchisor to monitor customer turnover and provide assistance to the franchisee, and for accounting. He could not see that the disclosure of name and address information would cause unwarranted harm to customers’ interests. The Court found that the franchisee could not hide behind the Data Protection Act to refuse to fulfil a contractual obligation to provide the franchisor with customer information.

This part of the decision is obiter (not binding), but it is persuasive, and may apply not just in the context of the franchisor/franchisee relationship. It could also be applied, for example, to allow the transfer of customer information in a joint venture situation, but any such transfer would have to be structured carefully to ensure data protection compliance.