In a concise, two-paragraph order recently issued by the Superior Court of California, County of San Francisco, the court dismissed a class action complaint against Craigslist, Inc., alleging that the company’s procedures of gathering personal identifying information (PII) in connection with the sale of advertisements violates California Civil Code § 1747.08, commonly known as the Song-Beverly Credit Card Act of 1971 (the Act).1
The Act prohibits businesses from requesting or requiring consumers to provide PII during a credit card transaction. The Act defines PII as including the cardholder’s address and telephone number, and in a recent case, the California Supreme Court held that even ZIP codes constitute personal identification information that cannot be requested during a credit card transaction.2 Class actions against Californian retailers based on alleged violations of the Act have become commonplace, and Nordstrom, Williams Sonoma, Bed Bath & Beyond, Pottery Barn, and many others have been involved in suits alleging violations of the Act.
In Gonor v. Craigslist, the plaintiff contended that Craigslist violated the Act by requiring individuals who post paid advertisements on the site to submit certain personal information – name, home address, telephone number, and email address – when they pay for the ad using a credit card. Such information, the plaintiff alleged, is not collected for free advertisements posted on the site. Particularly troublesome to the plaintiff was that the information collected was contact information, not billing information, which in the plaintiff’s estimation would not have been necessary to process the credit card transaction. The plaintiff further noted in the complaint that a transaction would not proceed until a personal home address and contact telephone number were entered. He further alleged that Craigslist keeps records of the personal information it gathers and claimed damages in excess of $5,000,000.
Although the Act makes no specific reference to online credit card transactions, the California courts have previously determined that the Act does not apply to retail transactions made over the Internet. In Saulic v. Symantec Corp., 596 F. Supp. 2d 1323, 1333 (CD Cal. 2009), the US District Court for the Central District of California ruled that online consumer transactions are not encompassed within the Act. The court noted that Act’s main purpose is to address the misuse of personal information for marketing purposes, and it was “specifically passed with a brick-and-mortar merchant environment in mind.” The court further noted that preventing the unlawful collection of PII for marketing purposes must be balanced against the lawful collection of PII to prevent fraud. Because of the unique fraud concerns created by online consumer transactions, such transactions, like refund transactions in retail stores, fall outside the purview of the Act.
In keeping with the Saulic Court’s holding, the Gonor Court ruled that “the applicable case law, legislative intent and public policy indicate that such transactions are not, and should not be, encompassed by Section 1747.08.” The court in Gonor therefore dismissed the complaint without leave to amend.