IP, Technology & Data

A recent case before the Court of Session has held that a company was in material breach of contract as a result of a failure to comply with data protection laws. The case also provided further guidance on when the courts will consider a aspirational pre-contractual sales statement to be a misrepresentation.

The case involved a company called Soccer Savings (Scotland) Ltd (SSSL). In 2010, SSSL entered into a contract with the Scottish Building Society (SBS) to run an affinity savings scheme targeted at football fans. Basically it allowed fans to get a savings account branded with their football club’s brand.

The scheme wasn’t very successful and SBS terminated the contract in June 2011. SSSL challenged the grounds of termination but accepted the termination as a repudiation of contract and sued for damages. The case came to proof before Lord Hodge.

The defence

When SBS terminated the agreement it relied on pre-contractual mis-representation and material breach of contract. At proof before Lord Hodge, SBS departed from some of the allegations on record and restricted their defence to mis-representation and three separate contractual breaches.


Lord Hodge found that statements of aspiration or optimism about what was achievable did not amount to an undertaking or warranty. SBS had the clear impression that the proposed venture was likely to succeed but:

It is clear that the venture failed very badly. But that does not make the statements of aspiration by the promoters of SSSL into misrepresentations of fact. Other things may have been said that strengthened [SBS’ Chief Executive] Mr Kay’s conviction that he had been given representations on which he had relied to recommend the deal to his board, but absent evidence of specific statements of fact, I am satisfied that the defence of misrepresentation fails.

So SBS were left with the three breaches of contract to justify their termination of the contract.

Breach of contract

The first breach relied upon was SSL’s failure to get a signed written agreement with a football club by the stipulated contractual deadline of 1st July 2010 thus delaying promotion of the venture.

In an earlier decision Lord Hodge had already held that this was a breach of contract but he now held that although it was a breach it was not a material breach. It did not go “to the heart of the contract” and did not contribute to the eventual failure of the scheme. Accordingly it could not be used to justify termination.

SBS argued that SSSL had breached regulations 3 and 5 of the Consumer protection from Unfair Trading Regulations 2008 by issuing letters on football club notepaper. Lord Hodge disagreed. The clubs had agreed to the issuing of the letters and had signed them. There was no breach.

Breach of data protection laws

And so to the final alleged breach – a failure to comply with data protection rules.

The data protection clause obliged SSSL to use reasonable endeavours to to comply with the statutory rules and to take appropriate measures against unauthorised or unlawful processing of personal data.

SSSL had used the database of a related company (Soccer Savings Ltd or SSL) to send out letters in its own name and in the name of two clubs to account holders in a similar scheme which another building society, the Dunfermline Building Society (DBS), already ran with the SSL. The deal with the SBS came about after the value of deposits under the SSL/DBS scheme fell significantly after DBS encountered difficulties and was put into special administration in 2009. The DBS was subsequently taken over by the Nationwide Building Society (NBS).

Lord Hodge found that SSSL was a data controller under the Data Protection Act, but was not registered as a data controller with the Information Commissioner when it processed data. It had committed an offence. In addition it did not have the necessary consent from the account holders to use their data to promote the new scheme:

While a failure to register may not of itself have been a material breach of contract, I am satisfied that SSSL’s use of the data obtained by SSL under the soccer saver scheme was. SSL did not have the consent of the data subjects (i) to make their data available to the football clubs with which it contracted or (ii) to use their data to promote SBS. Yet SSL had contracted with the football clubs to give them access to the names and addresses of account holders. And SSSL’s directors procured SSL to use the data for the latter purpose. It used the football clubs’ unauthorised possession of the soccer saver data in an attempt to circumvent the restrictions on SSL’s activities in its contract with DBS.

What takes the breaches to the heart of the contract is that SSSL was offering SBS a business proposal, a major component of which involved achieving the transfer of account holders from DBS to SBS. SSSL proposed to use SSL’s data to market SBS’s products and to obtain the transfer of accounts from DBS by targeted marketing. That is what it sought to do in SSL’s letter to the Rangers account holders [one of the clubs involved]. But that provoked NBS correctly to assert both a breach of contract by SSL and also breach of the data protection legislation. NBS carried out the threat in its letter of 10 November 2010 and complained to the Data Commissioner.

I conclude that an important component of SSSL’s performance of its obligations under the contract involved it in the breach of the statutory data protection rules and that that illegality materially impaired that performance. That amounted to a material breach of contract.

The result was that SSSL had indeed been in material breach of contract and so SBS had been entitled to terminate the contract –even if, perhaps, their reasons for doing so were originally quite different.

Ownership of customers

More importantly, however, the case emphasises the importance of ensuring that ownership of customers under affinity arrangements is clearly defined, and the importance of thinking up front about the privacy consents that may be required from customers.

Had the original privacy notices issued to customers clearly stated that SSL and its related companies could use customer details for marketing purposes, then many of these issues could have been avoided. However, I suspect that the course of events that subsequently unfolded were not in anyone’s contemplation when the original deal was conceived.

Follow me