2000
In Turner v Royal Bank of Scotland,2 the English Court of Appeal has held that there is no implied consent from the customer for the bank to give a “bankers’ opinion”, also known as a “banker’s reference”. The defendant bank had given such a reference without obtaining the plaintiff’s express consent. The information contained in the reference was clearly obtained from information about the plaintiff’s account with the defendant.
This settles, at least in England, a question that originated with Tournier v National Provincial & Union Bank of England, the case which defined the banker’s duty of confidentiality. As part of that definition, the Court identified four categories of “exception” to the duty, exceptions which are well known and which, importantly, included the case where the customer “consents” to the disclosure of the information which would otherwise be subject to the duty of confidentiality.
A “banker’s opinion” usually involves confidential information about the banker’s customer. These opinions are given in response to a request from another banker, but the request is invariably prompted by an inquiry from a customer of the requesting banker who wishes to do business with the customer who is the subject of the enquiry.
The court in Tournier was aware of the problem of bankers’ opinions and considered their legal foundation. It was clear that the “consent” category was the favoured basis, but expressed no final opinion as to whether that consent could be implied merely from the banker-customer relationship. Bankes LJ seemed to contemplate express consent when he referred to the common instance of the “consent” exception as “where the customer authorises a reference to his banker.” (at 473). Lord Atkin clearly considered the question of implied consent at 486:
I do not desire to express any final opinion on the practice of bankers to give information as to the affairs of their respective customers, except to say that if it is justified it must be upon the basis of an implied consent of the customer.
It is easy to find an implied consent where the customer has given the name of his or her banker in the course of business dealings. Where the customer has not supplied this information, then the question arises if merely entering into the relationship gives consent. Bankers generally argue that they are entitled to give these references since “everybody knows” that bankers do it.
Unfortunately, it is not really obvious that “everybody” knows of the practice. Weaver and Craigie argue that the position is similar to the charging of interest on an overdrawn account, a right of the banker which is undoubted.3 Similarly, the customer is taken to consent to delays inherent in the clearing system when depositing a cheque for collection even though it is unlikely that the customer is aware of the details of the clearing system: see Dimond (HH) (Rotorua 1966) v Australia and New Zealand Banking Group Ltd [1979] 2 NZLR 739
Kitto J referred to ‘the multitudinous inquiries of this kind that everyone knows are constantly made of bankers’ : Mutual Life and Citizens’ Assurance Co v Evatt (1968) 112 CLR 556. Similarly, in Commercial Banking Co of Sydney Ltd v R H Brown, the High Court expressed its view that it is banking usage in Australia to supply bankers’ opinions. However, there is still room to doubt that the facts known to a High Court judge and to lawyers generally are necessarily known to “everyone”. Again, however, it seems fair to observe that things known to commercial lawyers and High Court judges are not necessarily known to “everyone”.
Indeed, this observation was relevant in the Turner case. The Court found as a fact that Turner himself did not know of the practice and that the bank had done nothing to call it to his attention. Even worse, perhaps, documents of the bank showed that it was bank policy to conceal from its customers the fact that it was giving references about their creditworthiness.
A principal argument of the bank was that the giving of bankers’ references is established banking practice. The Court noted that to be binding, usage must be “notorious, certain and reasonable and not contrary to law”.4 It was not “notorious” since it was secret. On banking practice generally, Thorpe LJ, who delivered the leading judgment, said:
The proposition that banks can agree among themselves upon a banking practice and put the practice into effect without the knowledge of their customers and then claim that, because the practice is common to all banks, it is binding upon their customers is…unacceptable.
In England, the report of the Jack committee recommended that banks should give customers clear explanations of how the system of bankers’ opinions work. Further, it was recommended that the bank ask its customers to give or withhold a general express consent. These recommendations have been acted upon in the Banking Code. Adopted in 1994, the Code stipulates:
We will tell you if we provide a banker’s reference. If a banker’s reference about you is requested we will required your written consent before it is given.
The Australian Code of Banking Practice does not address the matter directly, but does contain a clause to the effect that the bank will follow the requirements of the Credit Reporting Code where that code applies to the account. Where the Credit Reporting Code applies, the bank is obliged to obtain written consent.
Current Australian practice appears to be to obtain a “consent” on a standard form contract when the account is opened. This practice has always been of dubious value for the simple and obvious reason that the customer is either totally unaware of what he or she is consenting to or, even worse, is being coerced into granting consent.
The question of the validity of these “consents” has been a sleepy little area of the law, but it is likely that we will see the question assume considerable importance in the next few years. The proposed Privacy Act amendments will impose “privacy principles” on the handling of personal information by most “organisations”. Serious constraints are placed on the mode of collection and the disclosure of such information. However, almost anything is possible if the person to whom the information refers “consents”.
The drafting of wide ranging “consent” forms is already exercising privacy lawyers, the aim usually being to produce a clause which will allow the organisation to continue business as usual with as few changes as possible. The extent to which such clauses are effective is coextensive with the degree to which the data subject has no real protection at all under the Act. The “perfect” clause in this effort would leave the organisation and its customers in the same position as if the Act had never been amended.
There are likely to be two aggressive lines of attack against consent clauses. The first will follow the now-familiar approach of imposing an obligation on the organisation to ensure that the “consentor” is fully aware of the consequences of what he or she is consenting to. This is the approach that has been so successful in challenging guarantees and foreign currency loans.
The second approach is to argue that it is “unconscionable” within the meaning of the Trade Practices Act 1974 to require the customer to “consent” to disclosure of personal details as a pre-condition to the supply of goods and services. Under this argument, requiring consent would only be acceptable if the consent was to the disclosure of information where the disclosure was a necessary incident of supplying the goods or services. Consent in such circumstances is technically redundant since the Act will (probably) permit disclosure in such a circumstance. Further, it is easy to find implied consent where the disclosure is necessary to provide the goods or services that the customer desires.
Further, if the courts are unable or unwilling to curtail the effect of consent clauses, then it will be necessary for the legislature to do it. The reason is the same as the reason that the government finally acted to amend the Privacy Act, namely, that Australia must provide effective privacy protection in order to receive personal information from EEC countries. The basic rule is that data may not be exported to countries which have data protection laws weaker than those of the EEC. Since the effectiveness of privacy protection is directly related to the effectiveness of consent clauses we can expect to see significant challenges to these clauses.