Consumer Federation of California

Online merchants such as Apple and Ticketmaster can require consumers to furnish personal information to make credit-card purchases, a divided California Supreme Court ruled Monday, delivering a blow to consumer advocates worried about privacy in cyberspace.

In the 4-3 decision, the Supreme Court found that a two-decade-old California consumer protection law does not apply to the multibillion-dollar online commerce world, siding with Apple and other e-tailers in a legal battle over how much personal information buyers must give up in credit card transactions.

Apple argued that the law — the Song-Beverly Credit Card Act — applies only to brick-and-mortar businesses, and the Supreme Court agreed.

Justice Goodwin Liu, writing for the majority, ruled that the Legislature had not applied the law to online commerce, and he essentially invited lawmakers to change the law if they want online credit card purchases put under its protections.

But the justices concluded that consumers can be required to give personal data, such as home address and phone number, to verify a credit card when buying a downloadable product from Apple, such as an iTunes song.

“While it is clear the Legislature enacted the Credit Card Act to protect consumer privacy, it is also clear that the Legislature did not intend to achieve privacy protection without regard to exposing consumers and retailers to undue risk of fraud,” Liu wrote, joined by Chief Justice Tani Cantil-Sakauye and Justices Kathryn Mickle Werdegar and Carol Corrigan.

Three justices dissented, warning that the decision erodes privacy protections for consumers online, a growing concern of civil liberties groups that say merchants are abusing the collection of personal information. Lawyers for consumers argued in the case that online merchants can protect against fraud without forcing buyers to turn over so much personal information in credit card transactions.

“The majority’s decision is a major win for (merchants), but a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy,” Justice Joyce Kennard wrote in dissent.

Apple declined to comment on the ruling. Eric Schreiber, the lawyer for a Southern California man who launched the Apple lawsuit, could not be reached for comment.

It was too soon to say whether legislators would act on the court’s signal to the Legislature.

“I think we need to look at the implications of the judgment and see its impact on consumers,” said Rhys Williams, spokesman for Senate President Pro Tem Darrell Steinberg, D-Sacramento. “And going forward, looking at what steps can be taken to balance consumer privacy and consumer security.”

The Supreme Court case is the latest in a line of legal tangles over the online commerce privacy issue. In 2011, the court ruled that traditional stores, in a case involving Williams-Sonoma, violated the credit card act by collecting ZIP codes from customers, saying it was unnecessary to verify credit card purchases. That led to dozens of class-action lawsuits against other retailers accused of collecting that information.

Gas station owners, meanwhile, withstood similar attempts to ban requiring ZIP codes for credit card purchases at the pump by proving that information was necessary in California to detect fraud.

Meanwhile, lawyers filed class actions against Apple, eHarmony and Ticketmaster seeking to apply the same law to online commerce. In the Apple case which reached the Supreme Court, plaintiffs alleged that requiring addresses and phone numbers to establish an iTunes account violated the California law.

Monday’s Supreme Court decision blocked those cases from going forward.
The court said the law did not envision online commerce when it was enacted, but noted that the Legislature “may wish to revisit the issue of consumer privacy and fraud prevention in online credit card transactions.”

Tags: Apple, Online Privacy, Online Shopping, Song-Beverly Credit Card Act