Lawn system franchisee Grow With Us refused to hand its customer details to franchisor Green Thumb. Its pretext was data protection. Green Thumb rejected this, refused renewal of the franchise and the parties ended up in the Court of Appeal.
Who: Grow With Us Ltd and Green Thumb (UK) Ltd
Where: Court of Appeal, London
When: July 2006
What happened:
Grow With Us Ltd (“GWU”), a UK franchisee of a business specialising in treating lawns, refused to supply to its franchisor Green Thumb (UK) Ltd (“GT”) the names and addresses of GWU’s customers. This, despite a clear provision in its contract with GT requiring GWU to do exactly that.
When challenged, GWU denied it was in breach of contract and then promptly sued GT when GT later turned down GWU’s attempted exercise of its contractual right to renew the franchise contract.
In the proceedings, GWU argued that if it had complied with its contractual obligation, it would have been in breach of the Data Protection Act 1998 (“DPA”).
Its reasoning was that its customers had not consented to have their details shared with GT and that GT had failed to provide sufficient information as to the uses it planned to make of the customer data.
This latter failing allegedly meant that if GWU had transferred the data to GT in circumstances where GWU was unclear as to what GT was going to do with the data, GWU would have been failing in its duty under the DPA to process the customer data “fairly and lawfully.”
The only indication by GT of its plans for customer data was on a leaflet circulated by GT to franchisees. This said
“Green Thumb and its franchisees take the issue of protecting your personal information seriously… we will use your personal information to provide and enhance our services to you; deal with enquiries, administration, security and market research.”
GWU said this was not clear enough as to GW’s real plan which was to use customer date to check up on its franchisees’ performance. There was a linked argument that GT’s notification with the Information Commissioner’s Office was similarly deficient.
The dispute ended up in front of the Court of Appeal, which reached the following conclusions on the way to pronouncing in favour of GT:
– the obligation under the DPA to disclose future uses of personal data did not require these uses to be exhaustively described. The requirement was only to disclose uses sufficiently so as to give an understanding of the general nature of the processing intended;
– in any event, if GWU was unhappy with any lack of clarity on the part of GT, GWU could itself have told customers in more detail why the data was to be transferred to GT;
– there was not necessarily any need to obtain customers’ express consent to the transfer of their data to GT. GT might well have a “legitimate interest” in receiving the customer information and the transfer could be fair and lawful on this alternative ground to consent. GT’s legitimate interests could arguably be served (and customers’ interests not prejudiced) by being able to monitor customer turnover and provide assistance to the franchisee and audit turnover and ensure correct returns;
– even if customer consent had been necessary for the transfer of their data to GT, there was nothing stopping GWU from obtaining that consent from its customers.
Why this matters
There is so little in the way of judicial pronouncements on the proper meaning and interpretation of the DPA, that even though the comments on the “legitimate interests” gateway to fair and lawful processing are obiter, these Court of Appeal findings and opinions are like gold dust.
They also echo the Information Commission’s own expressed views that for most honest marketers, “legitimate interests” rather than “consent” is the more viable route to complying with the obligation to process personal data fairly and lawfully.