Last month, the California Court of Appeals issued long-awaited guidance for retailers concerned that the collection of personal information from their in-store customers subjects them to liability under the Song-Beverly Act.

The Song-Beverly Act prohibits businesses from requesting or requiring that cardholders provide personal identifying information (“PII”) during credit card transactions.  The precise language and application of the Song-Beverly Act has been much analyzed by courts and commentators alike.  The Act provides that “[N]o person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall . . . request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.”  Cal. Civ. Proc. Code § 1747.08 (emphasis added). 

In recent years, the California Supreme Court has clarified the application of the Song-Beverly Act to information collected during online purchases (a description of some of those opinions can be found here).  Despite this guidance, retailers wishing to request personal information such as email addresses from in-store customers have been left with little binding precedence regarding the circumstances (if any) under which such a program is permitted.

Levi’s Email Collection Policy Challenged Under Song-Beverly Act

Plaintiff Stacie Harrold sued Levi Strauss & Co. in California state court, alleging that Levi’s practice of requesting customers’ email addresses during in-store credit card transactions violated the Song-Beverly Act.

In July 2014, the trial court denied Harrold’s motion for class certification.  Harrold argued that Levi violated the Song-Beverly Act’s prohibition on the collection of PII because Levi’s “Email Capture Policy” required Levi’s employees to solicit customers’ email addresses for mailing lists only after customers had purchased merchandise and been presented with their receipt.  Levi responded, and the trial court agreed, that the solicitation of email addresses after the credit card transaction concluded did not constitute a request for PII “in conjunction with a credit card purchase transaction.”

The trial court further found that Harrold’s claims were not typical of those of other class members because she alleged that she was asked for her email address during the credit card transaction, notafter it as the email Capture Policy provides.  The trial court noted that “[w]hether the request came during the credit card transaction or after the credit card transaction is a key issue in terms of the claims and defenses that will arise in interpreting the application of [the Song-Beverly Act].”  Harrold appealed.

California Court of Appeals Adopts the Reasonable Customer Test

On May 19, 2015, the California Court of Appeals (First District) affirmed the trial court’s denial of class certification.  The Court of Appeals agreed with Harrold that the Song-Beverly Act’s prohibition on collecting PII applies “at all times during and prior to the completion of a credit card transaction.”  The court disagreed, however, that the prohibition extends “beyond that point.”

The court began by assessing Levi’s email collection policy, which only permitted the sales clerk to ask a customer to join its email program after the customer received their transaction receipt and the merchandise had been delivered to the customer.  The court found that at this point, the transaction was over and “such a request [for PII] cannot reasonably be considered—by the customer or by anyone else—as a condition of acceptance of the credit card as a form of payment.”

Next, the court considered Harrold’s argument that the phrase “as a condition to accepting the credit card as payment in full or in part for goods or services” in the Song-Beverly Act qualifies only the prohibition on “requiring” the submission of PII, not on “requesting” such information from credit card customers.  Under this interpretation, retailers would never be permitted to request PII from in-store credit card customers.  Harrold argued that this interpretation is proper under the “last antecedent rule” due to the placement of the comma in the phrase “request, or require.”  The court rejected this statutory interpretation for two reasons. 

First, the court analyzed the legislative history of the Song-Beverly Act.  Prior to the amendment of the Act in 1991, the statute only forbade retailers from “require[ing]” the provision of PII to complete a credit card transaction.  Based on concern that retailers could circumvent this prohibition by simply contending that they were requesting the information, the Act was amended to prohibit “requests” for PII.  The court thus found that the clause “as a condition to” was intended to apply equally to both a retailer “request[ing]” or “require[ing]” PII.

Second, the court evaluated the purpose of the Song-Beverly Act, which was intended to protect consumer privacy and “to prohibit merchants from obtaining personal identification information under the mistaken impression the information is required to process a credit card transaction[.]”  Where the customer understands that the requested information is not required to complete the credit card transaction, the court found that the Act does not prohibit merchants from requesting the information.

In conclusion, the court held that Harrold failed to meet the requirements to maintain a class action “since the Act is violated only if the request is made under circumstances in which the customer could reasonably understand that the email address was required to process the credit card transaction, and since such an understanding could not reasonably be conveyed by a request made after the transaction has been concluded[.]”

Harrold Provides Much Needed Clarity for Retailers

The Harrold opinion provides much needed guidance for retailers and others interested in collecting personal information from their customers while those customers are physically present in their stores.  The opinion signals that retailers may escape the Song-Beverly Act’s prohibition by establishing a written policy (and providing training consistent with such policies) that permits the collection of customer information only under circumstances in which a reasonable customer would know that the information is not required to process the credit card transaction.  This is clearly the case where, as in Harrold, the information is requested after the customer’s credit card is returned, and the transaction receipt and bagged purchases have been handed over.  Whether these elements establish a definitive bright-line rule for when a reasonable person would deem a transaction completed remains to be seen.

The timing of the California Court of Appeals’ opinion is particularly noteworthy in light of the Ninth Circuit’s recent order in Davis v. Devanlay Retail Group.  In Davis, the plaintiff alleged that she was asked to provide her zip code after her credit card was returned to her (although she did not recall whether she had already received her receipt at that time).  Earlier this month, the Ninth Circuit certified to the California Supreme Court the question of whether a retailer is prohibited under the Song-Beverly Act from “requesting a customer’s personal identification information at the point of sale, after a customer has paid with a credit card and after the cashier has returned the credit card to the customer, if it would not be objectively reasonable for the customer to interpret the request to mean that providing such information is a condition to payment by credit card[.]”  The Ninth Circuit noted that, although there are a number of federal district court opinions applying an objective consumer test, it found “no controlling precedent in the decisions of the California Supreme Court or Courts of Appeal . . . and [found] the statute’s language and legislative history ambiguous.”

The California Court of Appeal’s adoption of the reasonable consumer test in Harrold provides much of the clarity that the Ninth Circuit seeks in Davis.  Where an objectively reasonable person under the circumstances would not believe that the requested PII is necessary to complete their credit card transaction, retailers are permitted to request such information.  Given this guidance, the California Supreme Court may no longer feel compelled to take on the question certified by the Ninth Circuit.  If, however, the California Supreme Court determines that additional clarification of the scope of the Song-Beverly Act is needed, and assuming Harrold is appealed, it will have two potential avenues for clarifying the scope and application of the Song-Beverly Act.