In its February 4, 2013 opinion, the California Supreme Court continues to shape the scope of California’s Song-Beverly Credit Card Act, a consumer protection statute that prohibits the collection of personal identification information (“PII”) from consumers as part of a credit transaction.  In its decision, the Court held that the Song-Beverly Act does not apply to online purchases in which the product is downloaded electronically.

A class action suit alleged that Apple, Inc. violated the Song-Beverly Act by requiring consumers purchasing media downloads through Apple’s iTunes store provide their telephone number and address to complete the credit card purchase.  Apple argued that the Song-Beverly Act does not apply to online transactions and, among other things, imposing its requirements would undermine the prevention of identity theft and fraud.

In a 4-3 decision, the Court ultimately agreed with Apple.  The Court’s rationale for excluding online transactions from the scope of the Song-Beverly Act included:

  • When examining whether the Act should be applied to technology that was not envisioned by the legislature when drafting the Act, the plain meaning of the Act’s text is not decisive.
  • While the Act was enacted to protect consumer privacy, it was not intended to be without regard to exposing consumers and retailers to undue risk of fraud.  Certain safeguards against fraud available at brick-and-mortar stores are not available to online retailers selling an electronically downloadable product.
  • The enactment of the California Online Privacy Protection Act of 2003 clarified that existing law (including the Song-Beverly Act) did not directly regulate the privacy practices of online businesses.

The decision provides some comfort for businesses that operate online stores for the sale of electronically downloadable products—PII can be collected as part of the transaction.  However, the decision expressly excludes online transactions that do not involve electronically downloadable products.  The Court also notes that the California legislature may wish to revisit consumer privacy and fraud prevention in online credit card transactions.  Businesses will want to continue to monitor developments in this space.

For a more detailed look at Song-Beverly Act litigation, see our recent article here.