California Court: Online Retailers May Ask for Personal Info

Earlier this month, the California Supreme Court handed down a ruling that gives online retailers plenty to sing about. The background, from Anthony Schoenberg and Stephanie Skaff of law firm Farella Braun + Martel:

“Attempting to strike a balance between the competing concerns of privacy and fraud protection, the California Supreme Court ruled yesterday that the Song-Beverly Credit Card Act does not apply to online retailers that collect personally identifiable information (PII) in connection with an online credit card transaction… In a split decision, the California Supreme Court held that California’s Song-Beverly Credit Card Act, which forbids the collection of PII for transactions, applies only to brick-and-mortar businesses, not to online purchases of electronically downloadable products.”

Why the distinction? Again, Schoenberg and Skaff:

“The court reasoned that, unlike brick-and-mortar businesses, online retailers have no opportunity to view personal identification information like a drivers’ license. As such, a request for PII by an online retailer in connection with an Internet credit card transaction is legitimately related to the need for preventing credit card fraud.”

Three takeaways for online retailers:

1. The ruling may be limited to digital purchases:

“The Apple v. Superior Ct. ruling holds, ‘section 1747.08 [of the Credit Card Act] does not apply to online purchases in which the product is downloaded electronically.’ This begs the question of whether this rule applies to online credit card purchases of products that are not electronically downloaded. This issue is yet to be determined.” (Carr, McClellan, Ingersoll, Thompson & Horn)

2. No word on the PII that can be collected:

“[T]he court expressly did not resolve what types of information may be essential for verification purposes online. The court held only that there must be some mechanism by which retailers can verify that a person using a credit card is authorized to do so. In the court’s view, ‘[n]o such mechanism would exist in the context of online purchases of electronically downloadable products if the statute were read to apply to such transactions.’” (Perkins Coie)

3. This isn’t likely to be the final word on the matter:

“The Court’s concerns about credit card fraud, however, are hardly unique to electronically downloadable products; the same analysis applies with equal force to online transactions generally (as well as other “card not present” transactions). While the logic of the decision suggests that these transactions should also be outside the scope of the Act, we expect that some enterprising plaintiff’s lawyer may take up the issue left undecided and pursue claims either against catalog merchants, telephone order companies, or even online retailers selling tangible goods. We think retailers have the stronger argument.” (Morrison & Foerster)

The updates:

Related reading:

Read more on the Song-Beverly Credit Card Act at JD Supra>>