Privacy & Information Security Law Blog

On February 4, 2013, the Supreme Court of California examined whether Section 1747.08 of the Song-Beverly Credit Card Act (“Song-Beverly”) prohibits an online retailer from requesting or requiring personal identification information from a customer as a condition to accepting a credit card as payment for an electronically downloadable product. In a split decision, the majority of the court ruled that Song-Beverly does not apply to online purchases in which the product is downloaded electronically.

In Apple Inc. v. Sup. Ct. of Los Angeles County, the plaintiff alleged that defendant Apple Inc. (“Apple”) violated Song-Beverly by requesting or requiring him to provide his address and telephone number as a condition of accepting his credit card as payment. Unlike transactions conducted at typical “brick-and-mortar” businesses, this case relates to electronic purchases on the Internet. The plaintiff alleged that, as a condition of receiving media downloads that he purchased through Apple’s iTunes store, he was required to provide his telephone number and address to complete his credit card purchase. Meanwhile, the plaintiff asserted that Apple “records each customer’s personal information, is not contractually or legally obligated to collect a customer’s telephone number or address in order to complete the credit card transaction, and does not require a customer’s telephone number or address for any special purpose incidental but related to the individual credit card transaction, such as shipping or delivery.”

The court found that the plain meaning of the statue’s text (which is silent on the law’s applicability to online transactions) is not decisive, so it turned to the statutory scheme and legislative history to determine whether the law applies to “a transaction made possible by technology that the Legislature did not envision.”

According to the court’s review of Song-Beverly’s statutory history, the legislature determined that traditional brick-and-mortar businesses have no genuine need to record personal information and instead would use such information primarily for unsolicited marketing, which Song-Beverly was enacted to combat. With respect to online transactions, however, the court reasoned that the fraud prevention safeguards provided in Song-Beverly are not available to an online retailer selling electronically downloadable products, since such retailers cannot physically inspect the credit card, the signature on the back of the card, or the customer’s photo ID. The court also noted that Song-Beverly was amended to add a fraud prevention exemption for pay-at-the-pump retailers, stating that, comparatively, online retailers have “at least as much if not more need for exemption to protect themselves and consumers from fraud.”

The court addressed its dissenting colleagues’ opinion that the decision denies “‘robust’ consumer protection” and signifies a “major loss for consumers” by suggesting that existing state and federal laws provide consumers with a degree of protection against unwanted use or disclosure of their personal information, and that the legislature may enact additional protections if these measures are deemed inadequate.

Read our previous posts on Song-Beverly rulings.