Numerous California cases hold that the Song-Beverly Credit Card Act of 1971 does not apply to online transactions, but the state’s highest court is now reconsidering the issue. In three lawsuits brought against Apple, eHarmony, and Ticketmaster, the class plaintiffs allege that the online retailers violated California Civil Code § 1747.08, otherwise known as the Song-Beverly Act, by requiring them to provide their address and phone number when creating online accounts.¹

The Song-Beverly Act generally prohibits businesses from requesting or requiring consumers to provide personal identification information (PII) during a credit card transaction. The Act defines PII as including the cardholder’s address and telephone number. In 2011, the Supreme Court of California ruled that Song-Beverly also prohibited the collection of zip codes, which resulted in the filing of more than 150 class action lawsuits against California retailers who allegedly collected zip codes from consumers.

Song-Beverly makes no specific reference to online credit card transactions, but California courts previously determined that the Act does not apply to retail transactions made outside a brick and mortar environment. For example, in Mehrens v. Redbox Automated Retail LLC, No. 2:11–cv–02936–JHN, (CD Cal. Jan. 6, 2012), the Southern District of California ruled that Song-Beverly does not apply to consumer transactions made at stand-alone, unmanned kiosks. The Act’s main purpose is to address the misuse of personal information for marketing purposes, and it was specifically passed with a brick-and-mortar merchant environment in mind. The court noted that preventing the unlawful collection of PII for marketing purposes must be balanced against the lawful collection of PII to prevent fraud.

Similarly, in Saulic v. Symantec Corp., 596 F. Supp. 2d 1323, 1333 (CD Cal. 2009), the same court ruled that online consumer transactions are not encompassed within the Act. Saulic involved the plaintiff’s purchase and download of software from the defendant’s website but did not involve the shipment of product to the consumer. The plaintiff alleged that the defendant’s collection of PII as part of the online transaction violated Song-Beverly. The court disagreed, however, and ruled that because of the unique fraud concerns created by online consumer transactions, such transactions, like refund transactions in retail stores, fall outside the purview of the Act.

As in Saulic, the question presented in the Apple and the related cases is whether Song-Beverly precludes on-line retailers from obtaining and recording a customer’s address and telephone number as a prerequisite to accepting a credit card payment for an item that does not need to be shipped to the purchaser. The issue has been fully briefed and argued, and a ruling is expected within the coming months.

For more information on the impact of the Song-Beverly Credit Card Act on information-collection practices, please contact Anthony Lupo, Sarah Bruno, or Leah Montesano.

¹ Apple v. S.C. (Krescent), Case No. S199384 (filed January 13, 2012), eHarmony v. S.C. (Luko), Case No. S199406 (filed January 13, 2012) and Ticketmaster v. S.C. (Luko), Case No. S199412 (filed January 17, 2012).