A California federal court recently narrowed further the scope of California’s Song-Beverly Credit Card Act (Cal. Civ. Code § 1747.08), which limits the information retailers can collect during credit card transactions, by holding that the Act does not apply to on-line credit card sales of shipped goods. In its April 30, 2013, opinion in Ambers v. Buy.com, the U.S. District Court for the Central District of California extended the rationale of the California Supreme Court’s holding earlier this year that the Song-Beverly Act does not apply to on-line credit card sales of downloaded goods. While potentially providing on-line retailers some guidance regarding the information they can permissibly collect from California residents to aid in fraud prevention and other efforts, the holding is subject to appeal and does not apply to brick-and-mortar sales nor outside of California.

The Ambers action was brought in February 2013, when Michael Ambers filed suit against Buy.com on behalf of himself and a putative class of Buy.com’s customers in the Central District of California alleging that the company violated the Song-Beverly Act by requiring him to provide a telephone number when he purchased, and had shipped, a set of DVDs online using a credit card. Buy.com filed a motion to dismiss Ambers’ complaint, arguing that the Song-Beverly Act does not apply to online transactions, based on the California Supreme Court’s Apple, Inc. v. Superior Court of Los Angeles County, 56 Cal. 4th 128 (Feb. 4, 2013) decision. The district court agreed, dismissing the case.

In Apple, the California Supreme Court held that the Song-Beverly Act does not apply to online purchases of downloadable files from Apple’s iTunes store. It based this decision heavily on what it identified as the California legislature’s primary intent when drafting the statute: to protect consumer privacy and prevent fraud. Applying the statute to online purchases of downloadable products would undermine the legislature’s fraud prevention goals, the court reasoned, because, unlike “brick-and-mortar” retailers, online retailers could not avail themselves of certain anti-fraud precautions expressly authorized by Section 1747.08(d) of the Act, such as requiring the customer to present an identification card. The court was also influenced by the existence of California law that, unlike Song-Beverly, expressly addressed online transactions. According to the court, this law, the California Online Privacy Protection Act of 2003, showed that when the legislature sought to regulate online transactions, it did so unambiguously. The Apple court expressly declined to address whether the Song-Beverly Act applied to online transactions involving the sale and shipping of physical goods.

Turning to the question that the Apple court left open, the California federal district court in Ambers held that Song-Beverly does not apply to the online sales of shipped goods. The district court reasoned that a shipping address – the only information an online retailer would be allowed to collect, if the statute applied – was not “equivalent to the ‘brick and mortar’ retailer’s ability to ask for a photo identification card or another ‘reasonable form of positive identification’ as ‘a condition to accepting the credit card’ under Section 1747.08(d).” The court noted that goods ordered online could be shipped to innumerable addresses unconnected with the billing address, and so concluded that a shipping address, alone, “falls short of fulfilling the legislative intent of providing an anti-fraud safeguard for retailers.” Accordingly, the court held that California’s Song-Beverly Act does not apply to online retail purchases of shipped goods.

The implications of this holding may extend well beyond the Ambers case. As a federal district court opinion, Ambers does not bind future court decisions under the Song-Beverly Act. However, its reasoning may persuade other federal courts and the ultimate arbiter of California law, the California Supreme Court, to adopt its holding. Ambers’ effect may also be felt in other states, including Massachusetts and New York, which have statutes that contain language similar to California’s Song-Beverly Act and that were adopted at a similar time. Without binding precedent settling these issues, however, all merchants that collect zip codes, phone numbers or other information concerning their customers at the point of sale should fully assess the legal risks involved.