What Made News?

Walmart recently argued that the US District Court for the Eastern District of California should not grant class certification in a suit alleging that Walmart’s data collection practices violate California’s Song-Beverly Credit Card Act of 1971 (Song-Beverly Act).

Details of the Case

Under the Song-Beverly Act, retailers are prohibited from collecting “personal identification information” (PII) in connection with a credit card purchase. Following a California Supreme Court decision, ZIP codes fall within the definition of PII. The plaintiffs in this case argued that Walmart requested and recorded the plaintiffs’ ZIP codes when they made purchases by credit card, thereby violating the Song-Beverly Act. The plaintiffs then went on to ask that the Court approve a class consisting of all persons in California required by Walmart to provide any type of PII during a credit card transaction, not just ZIP codes.

Walmart argued that the proposed class was too broad and class treatment inappropriate. The crux of Walmart’s argument was that a class could not be certified because individual questions in the case predominate over common issues. The Song-Beverly Act contains exemptions that allow retailers to collect PII in certain circumstances — for instance, if the information is needed for shipping or installation, or if the retailer is contractually obligated to provide PII in order to complete the credit card transaction. Given the varied exemptions to the Act, Walmart argued that determining whether any exemption applies to each particular class member’s claim would require individualized fact-finding. Similarly, Walmart claimed its defenses may vary as to each member of the class, depending on the specific circumstances of each transaction. For example, Walmart noted that its contract with American Express — a credit card used by both plaintiffs — requires Walmart to transmit the customer’s billing ZIP code to American Express during the authorization process. Given the above, Walmart contended that the case could not meet the requirements for class certification and requested that the Court deny the plaintiffs’ motion.

What is the Takeaway?

This case highlights the complexities of point-of-sale data collection laws and emphasizes the need for retailers to be cognizant of the laws in every state in which they have stores. In addition, retailers should be careful how and when they collect information from their customers, collecting only that information which is necessary during the transaction. Retailers requesting and recording information for marketing purposes should do so only after a purchase by credit card is consummated and the customer’s payment card and the receipt have been returned, while making clear that providing information for marketing purposes is purely voluntary.