The California Supreme Court has agreed to hear arguments over
whether a state law barring merchants from collecting personal
information from consumers in connection with credit card purchases
applies to online retailers. The state high court granted the
individual petitions of Ticketmaster LLC, Apple Inc. and dating
site eHarmony Inc. All three are facing separate proposed class
actions, filed by the same plaintiff's firm, alleging that they
violated California's Song-Beverly Credit Card Act of 1971
(Civil Code ยง 1747 et. seq.). The lawsuits alleged that the
companies collected addresses and phone numbers from consumers
during online credit card transactions involving purchases that did
not need to be shipped, and therefore, plaintiffs argue, did not
require the collection of this information.
In 2011, the trial court denied the defendants' requests for
demurrers in all three cases, holding that the Song-Beverly Act
applied to online retailers. The California Court of Appeals denied
defendants' petitions to review the lower court's
decisions.
The Song-Beverly Act prohibits retailers from requiring credit card
holders to give personal identification information to complete
credit card transactions. In Feb. 2011, the California Supreme
Court held that the statute prohibits merchants from requesting and
storing consumers' zip codes in the
course of completing card transactions. Read our alert on the
Pineda v. Williams-Sonoma Stores, Inc., case
here. The Pineda decision, which opened the flood
gates for hundreds of putative consumer class actions, did not
consider whether the law applies to prohibit the collection of
personal information in online transactions, however.
The law contains an exception when the information is required for
certain "special purposes." Defendants reportedly will
argue that the distinction between a face-to-face transaction with
an employee in a store (as was the case in Pineda) and an
online transaction, in which the online retailer cannot see the
consumer or assess the potential for credit card fraud or identity
theft, creates the need to collect personal information during
online transactions.
In 2009, a California federal court considered the purposes of the
Song-Beverly Act and ruled in Saulic v. Symantec Corp.
that the legislature never intended for the prohibition to apply to
online transactions. As recently as March 14, 2012, a Los Angeles
Superior Court judge ruled that the statute does not apply to the
collection of purchasers' zip codes at the gas pump because the
practice was implemented to prevent fraud, rather than for
marketing purposes. Repeatedly calling plaintiff's arguments
that the statute should prohibit the collection of zip codes for
fraud prevention "absurd," the court concluded that the
defendants' fraud prevention efforts were a "special
purpose" covered by the exception, and granted summary
judgment in favor of the oil companies, dismissing the case.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.