Skip to content Courts Side With Retailers That Sought Customers' Personal Information


Search Publications

February 2013

Courts Side With Retailers That Sought Customers' Personal Information

Recent State and Federal Court Opinions Demonstrate Limitations on the Reach of California’s Song-Beverly Credit Card Act.

Under California’s Song-Beverly Credit Card Act (Cal. Civil Code § 1747, et seq.), retailers in California shall not “[r]equest, or require as a condition to accepting the credit card as payment . . . the cardholder to write any personal identification information upon the credit card transaction form or otherwise.” (Cal. Civil Code § 1747.08, subd. (a).)

Section 1747.08 also prohibits retailers from requesting or requiring the cardholder “to provide personal identification information, which the [retailer] . . . writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise,” and from “[u]tiliz[ing] . . . a credit card form which contains preprinted spaces specifically designed for filling in any personal identification information of the cardholder.”

California Supreme Court Holds Act Does Not Apply to Digital Downloads From Online Retailers

In Apple, Inc. v. Superior Court (Docket Number S199384, Feb. 4, 2013), the California Supreme Court addressed the issue of whether § 1747.08 prohibits an online retailer from requesting or requiring personal identification information from a customer as a condition to accepting a credit card as payment for an electronically downloadable product. The court held that it does not, finding that online transactions do not fit into the statutory scheme of § 1747.08.

The defendant, Apple, Inc., operates a popular online store and website known as iTunes, where customers can purchase and download digital audio and video files. The plaintiff, David Krescent, filed his complaint against Apple on behalf of members of a putative class, alleging that Apple violated § 1747.08 by requiring him to provide his telephone number and address to complete online purchases he made at the iTunes website. While there are several exceptions provided by § 1747.08 (including transactions where the retailer is contractually or legally required to obtain a customer’s personal identification information), Krescent alleged that none of these exceptions applied to Apple’s online transactions actions and there was no reason for Apple to request and record his telephone number to complete the online credit card transactions.

Apple demurred to the complaint on the ground that § 1747.08 does not apply to online transactions. After the trial court overruled the demurrer and the Court of Appeal denied Apple’s writ of mandate, the California Supreme Court granted Apple’s petition for review.

In its discussion, the court found that “the plain meaning of the [§ 1747.08’s] text is not decisive” as to whether the statute applies to online transactions. Nonetheless, the court conducted a comprehensive examination of the legislative history of § 1747.08. Among other things, the court specifically noted that § 1747.08, subdivision (d), provided protections for preventing fraud that were unavailable during online transactions. In summary, the court stated: “Having thoroughly examined section 1747.08’s text, purpose, and history, we are unable to find the clarity of legislative intent or consistency with the statutory scheme necessary to conclude that the Legislature in 1990 intended to bring the enormous yet unforeseen advent of online commerce involving electronically downloadable products — and the novel challenges for privacy protection and fraud prevention that such commerce presents — within the coverage of the Credit Card Act.”

The Apple decision should provide some protection to certain online retailers – i.e., those that sell electronically downloadable products – from liability under § 1747.08. Nevertheless, the court also noted that online consumers enjoy other protections under the law, including the California Online Privacy Protection Act of 2003. The court also cited the federal Telephone Consumer Protection Act as a limitation on commercial use of telephone numbers.

Class Representatives Not Typical in Putative Class Action Against Nike

In addition to the Apple decision, the U.S. District Court for the Northern District of California recently denied a motion for class certification in Gormley v. Nike, Inc. (No. 11-00893; 2013 U.S. Dist. LEXIS 11278, Jan. 28, 2013), finding the class representatives were not typical. Moreover, the court found that the timing of a request for personal identification information is pertinent to whether a violation occurs.

The plaintiffs alleged that Nike, Inc. (and other related entity-defendants) violated § 1747.08 by requesting and recording credit card transaction customers’ ZIP codes through Nike’s “Information Capture Policy.”  Under Nike’s policy, its cashiers were trained to follow certain steps when conducting a credit card transaction. Nike’s policy provided that its cashiers were to request every customer’s ZIP code – but only after the merchandise had been scanned and bagged and after the credit card transaction was authorized and the customer received his or her receipt and merchandise. Nike also included signs at all of its registers that stated Nike “will ask for your ZIP code during all purchases and returns” but added “[p]roviding your zip code is voluntary and not required to complete your transaction.”

Notwithstanding Nike’s policies and procedure, all three of the class representative plaintiffs testified in depositions that they had not received their receipts before the Nike cashier asked them for their ZIP codes. Based on that testimony, the court found that the named plaintiffs’ experiences at Nike were inconsistent with Nike’s “Information Capture Policy.” Because the complaint challenged Nike’s “Information Capture Policy,” the named plaintiffs were not typical of the class they sought to represent. The plaintiffs therefore failed to satisfy Rule 23(a) of the Federal Rules of Civil Procedure and the court denied the motion for class certification.

The plaintiffs argued that the timing of a request for a ZIP code was irrelevant because § 1747.08 prohibits any request for personal identification information in conjunction with a credit card transaction. The court disagreed, citing precedent, including Florez v. Linens ‘N Things, Inc., 108 Cal.App.4th 447 (2003), and Gass v. Best Buy Inc., 279 F.R.D. 561 (C.D. Cal. 2012), and stating “the Song-Beverly Act prohibits merchants from requesting personal identification information as a condition precedent to accepting payment by a credit card, but the statute is not violated if a customer provides such information voluntarily for a purpose unrelated to processing the credit card transaction.”

If you have questions concerning your company’s compliance with any of the important laws and regulations discussed in this article, please contact Craig J. Mariam or William F. Small with the Consumer Protection Litigation Group at Gordon & Rees LLP.

Commercial Litigation

Craig J. Mariam

Commercial Litigation