The California Supreme Court has agreed to hear arguments over whether a state law barring merchants from collecting personal information from consumers in connection with credit card purchases applies to online retailers. The state high court granted the individual petitions of Ticketmaster LLC, Apple Inc. and dating site eHarmony Inc. All three are facing separate proposed class actions, filed by the same plaintiff's firm, alleging that they violated California's Song-Beverly Credit Card Act of 1971 (Civil Code § 1747 et. seq.). The lawsuits alleged that the companies collected addresses and phone numbers from consumers during online credit card transactions involving purchases that did not need to be shipped, and therefore, plaintiffs argue, did not require the collection of this information.
In 2011, the trial court denied the defendants' requests for demurrers in all three cases, holding that the Song-Beverly Act applied to online retailers. The California Court of Appeals denied defendants' petitions to review the lower court's decisions.
The Song-Beverly Act prohibits retailers from requiring credit card holders to give personal identification information to complete credit card transactions. In Feb. 2011, the California Supreme Court held that the statute prohibits merchants from requesting and storing consumers' zip codes in the course of completing card transactions. Read our alert on the Pineda v. Williams-Sonoma Stores, Inc., case here. The Pineda decision, which opened the flood gates for hundreds of putative consumer class actions, did not consider whether the law applies to prohibit the collection of personal information in online transactions, however.
The law contains an exception when the information is required for certain "special purposes." Defendants reportedly will argue that the distinction between a face-to-face transaction with an employee in a store (as was the case in Pineda) and an online transaction, in which the online retailer cannot see the consumer or assess the potential for credit card fraud or identity theft, creates the need to collect personal information during online transactions.
In 2009, a California federal court considered the purposes of the Song-Beverly Act and ruled in Saulic v. Symantec Corp. that the legislature never intended for the prohibition to apply to online transactions. As recently as March 14, 2012, a Los Angeles Superior Court judge ruled that the statute does not apply to the collection of purchasers' zip codes at the gas pump because the practice was implemented to prevent fraud, rather than for marketing purposes. Repeatedly calling plaintiff's arguments that the statute should prohibit the collection of zip codes for fraud prevention "absurd," the court concluded that the defendants' fraud prevention efforts were a "special purpose" covered by the exception, and granted summary judgment in favor of the oil companies, dismissing the case.