Skip to content

It looks like we may have content for your preferred language. Would you like to view this page in English?

California Supreme Court to Consider Whether State Law Prohibition On Collection of Personal Information Applies to Online Transactions

The California Supreme Court has agreed to hear arguments over whether a state law barring merchants from collecting personal information from consumers in connection with credit card purchases applies to online retailers. The state high court granted the individual petitions of Ticketmaster LLC, Apple Inc. and dating site eHarmony Inc. All three are facing separate proposed class actions, filed by the same plaintiff's firm, alleging that they violated California's Song-Beverly Credit Card Act of 1971 (Civil Code § 1747 et. seq.). The lawsuits alleged that the companies collected addresses and phone numbers from consumers during online credit card transactions involving purchases that did not need to be shipped, and therefore, plaintiffs argue, did not require the collection of this information.

In 2011, the trial court denied the defendants' requests for demurrers in all three cases, holding that the Song-Beverly Act applied to online retailers. The California Court of Appeals denied defendants' petitions to review the lower court's decisions.

The Song-Beverly Act prohibits retailers from requiring credit card holders to give personal identification information to complete credit card transactions. In Feb. 2011, the California Supreme Court held that the statute prohibits merchants from requesting and storing consumers' zip codes in the course of completing card transactions. Read our alert on the Pineda v. Williams-Sonoma Stores, Inc., case here. The Pineda decision, which opened the flood gates for hundreds of putative consumer class actions, did not consider whether the law applies to prohibit the collection of personal information in online transactions, however.

The law contains an exception when the information is required for certain "special purposes." Defendants reportedly will argue that the distinction between a face-to-face transaction with an employee in a store (as was the case in Pineda) and an online transaction, in which the online retailer cannot see the consumer or assess the potential for credit card fraud or identity theft, creates the need to collect personal information during online transactions.

In 2009, a California federal court considered the purposes of the Song-Beverly Act and ruled in Saulic v. Symantec Corp. that the legislature never intended for the prohibition to apply to online transactions. As recently as March 14, 2012, a Los Angeles Superior Court judge ruled that the statute does not apply to the collection of purchasers' zip codes at the gas pump because the practice was implemented to prevent fraud, rather than for marketing purposes. Repeatedly calling plaintiff's arguments that the statute should prohibit the collection of zip codes for fraud prevention "absurd," the court concluded that the defendants' fraud prevention efforts were a "special purpose" covered by the exception, and granted summary judgment in favor of the oil companies, dismissing the case.


This client alert is a publication of Loeb & Loeb LLP and is intended to provide information on recent legal developments. This client alert does not create or continue an attorney client relationship nor should it be construed as legal advice or an opinion on specific situations.

Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.