Collecting Customer Information Online
California Supreme Court Rules Song-Beverly Credit Card Act Inapplicable to Digital Downloads
In an opinion issued on February 4, 2013, the California Supreme Court (by a narrow 4-3 majority) resolved one of the burning questions in the Song-Beverly Credit Card Act, California Civil Code § 1747 et seq. (the “Act”) in holding that the Act does not apply to online purchases where the product is downloaded electronically. See Apple Inc. v. S.C. (Krescent), Cal. No. S199384.
As previously discussed in our January 2009, March 2009, February 2011 and September 2011 client alerts, the Act is intended to protect consumer privacy rights by restricting the type of information which retailers can request from consumers in connection with credit card transactions. At the same time, these restrictions have made it difficult for retailers to collect information from their customers that could help them provide services and goods on a competitive basis and reduce occurrences of fraud.
Background. The Act provides, in part, that retailers shall not do any of the following:
- Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
- Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
- Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder. See Cal. Civ. Code § 1747.08(a).
Under the Act, “personal identification information” is “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” Id. at § 1747.08(b).
Background and Court Decisions. State courts have addressed a number of aspects of the Act, but have not conclusively addressed strictly on-line transactions. However, in January 2009, the U.S. District Court for the Central District held in Saulic v. Symantec Corp. that the Act does not apply to online transactions due to the plain-language of the Act, and the merchant’s reasonable need for personal information to prevent fraud.
This has resulted in a gap between the state and federal court rulings and led to a number of lawsuits against online national retail chains operating in California, raising questions as to whether the Symantec decision would be upheld in state court. On August 24, 2011, the California Superior Court for San Francisco County held in Gonor v. craigslist Inc. that the provisions of the Act prohibiting retailers from collecting a consumer’s personal information as a condition to completing a credit card transaction did not apply to online transactions. This was the first time a California state court had ruled on the application of the Act to online merchants.
While the Apple decision provides some comfort to on-line retailers, it should be noted that the Court in Apple took a more limited approach by expressly limiting its ruling to transactions involving digital downloads (i.e., the ruling does not apply to other online transactions, like purchases of physical goods). The fact that the Court chose to exclude online transactions that do not involve downloadable products may raise concerns with online businesses that adopted policies of collecting personal information in anticipation that all online transactions would be exempted.
In addition, the Court also noted that the California Legislature may desire to revisit consumer privacy and fraud prevention in online credit card transactions (just as it did in the wake of the Court’s 2011 decision in Pineda in order to permit the collection of ZIP codes at fuel pumps). Consequently, in light of the Legislature’s demonstrated support for consumer privacy, there is a possibility that the Apple ruling may result in additional consumer privacy legislature that may impact e-commerce in California.
Suggested Actions. Businesses should continue to monitor developments in this space. JMBM represents many retailers, and we strongly recommend that our clients implement written policies and procedures that comply with the aforementioned requirements of the Act. We would be happy to assist you if you require additional information on these recent developments, the Act or preparing policies and procedures.
Please contact Robert E. Braun at 310-785-5331 or rbraun@jmbm.com with any questions regarding this information.