In Shahin Enterprises Pty Ltd V BP Australia Pty Ltd [2019] SASC 12 the South Australian Supreme Court had to decide whether non-compliance by BP with a clause in its petroleum products supply contract requiring BP to provide to Shahin information about its card customers who visit Shahin’s sites so that Shahin could market goods and services to these customers constituted breach of contract. Shahin owned BP Branded Privately Owned Sites in South Australia.

Shahin’s primary contention was that disclosure and use would not have breached the Privacy Act.

The court decided that BP’s refusal to provide the requested details in respect of its cardholder customers was not in breach of the contract as BP would breach the Privacy Act by disclosing the requested information to Shahin for direct marketing by Shahin and Shahin would breach the Privacy Act by using the requested information for direct marketing.

It concluded that:

  • As the relevant clause contained the initial qualifying words “Subject to relevant privacy legislation” BP is not obliged to provide the requested information to Shahin if so doing would breach the Privacy Act or if any use by Shahin for direct marketing would breach it;
  • BP was not authorised by the Cardholder Terms to disclose the cardholder’s personal information to Shahin for the purpose of direct marketing by Shahin;
  • BP cardholders had not consented to the disclosure of their personal information by BP to Shahin for the purpose of direct marketing by Shahin or the use of personal information by Shahin for that purpose;
  • BP cardholders would not reasonably expect BP to disclose their personal information to Shahin for the purpose of direct marketing by Shahin.

It is clear that contracts need to be reviewed for privacy considerations to ensure that obligations are not prohibited.