Bill Would Restore Online Privacy

Richard Holober, Executive Director
Consumer Federation of California
Published by the Los Angeles Daily News June 20, 2014

Whether you’re listening to music on your smart phone, mastering a new digital game or watching a movie online, chances are you used a credit card to download it from the Internet. Unfortunately, the cost of that purchase included your privacy.

Next week California lawmakers decide whether to protect your privacy when you purchase downloads. Senate Bill 383 would restore privacy rules that a sharply divided state Supreme Court eliminated in a 2013 case involving Apple’s iTunes. Consumer groups support the bill. Tech companies are working furiously to defeat it.

For two decades, California’s Song Beverly Credit Card Act protected our credit card privacy. In 2011, a unanimous Supreme Court ruled the law was “intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction.” Two years later, in the Apple case, a 4-3 court majority voided the privacy law for downloads, reasoning that online commerce didn’t exist when the 1991 law was enacted.

As a result, businesses selling downloads are free to demand whatever personal information they want — not just information needed to complete the transaction, but other private data they can mine for potential future sales or turn around and sell to strangers.

SB 383, carried by Sen. Hannah-Beth Jackson, D-Santa Barbara, would make online merchants play by the same privacy rules as brick-and-mortar retailers. It faces a vote on Monday in the Assembly Banking and Finance Committee. If approved, it moves to the Assembly Judiciary Committee on Tuesday.

In the Apple ruling, the court majority cited heightened concerns with fraud in an online transaction, pointing out there is no face-to-face opportunity to verify the cardholder’s ID. But instead of carving out a narrow crime prevention exemption, the court gave online merchants a free hand to compile databases on their customers’ shopping habits, street and email addresses, phone numbers and other information unrelated to fraud concerns. SB 383 allows the merchant to gather personal information it needs to prevent or investigate fraud, but it prohibits the business from using that information for marketing. That marketing restriction is the real reason for corporate opposition to SB 383.

Online businesses are adept at developing comprehensive dossiers on their customers and using it for their own marketing or selling it to third parties. Information compiled could include consumer locations and Web surfing, searching and purchasing habits — data that can reveal sexual preferences, medical concerns, political activity and more. None of this is required to download music or an app, and the law should prohibit these intrusions.

SB 383 would help prevent the epidemic of data breaches that lead to identity theft by requiring merchants to dispose of personal information when the fraud-related need no longer exists. Simply put, personal financial information that is not gathered or stored cannot be hacked by crooks. SB 383 allows consumers who enjoy getting bombarded by sales pitches to voluntarily opt-in to unrestricted data gathering, as long as it is not a condition for completing the purchase.

The next time you use your credit card to buy a download, think about whether it should give the seller an open door to collect all kinds of private information it does not need for the transaction. If you prefer to protect your privacy, tell your Assembly member that you support SB 383. Assembly members Travis Allen (Huntington Beach), Ed Chau (Arcadia), Mike Gatto (Los Angeles), Freddie Rodriguez (Pomona), Cristina Garcia (Bell Gardens) and Jeff Gorell (Camarillo) serve on the Banking or Judiciary Committee.

Richard Holober is the executive director of the Consumer Federation of California.