California high court backs online retailers in privacy battle

Internet retailers of music and other downloadable products may seek personal identifying information from consumers that ordinary stores in California are barred from asking for, the California Supreme Court ruled Monday.

By a 4-3 vote, the state high court said Apple Inc., which sells music on its iTunes site, and similar retailers were not covered by a consumer law that prevents California businesses from collecting personal information from credit card users.

“While it is clear that the Legislature enacted the Credit Card Act to protect consumer privacy, it is also clear that the Legislature did not intend to achieve privacy protection without regard to exposing consumers and retailers to undue risk of fraud,” Justice Goodwin Liu wrote for the majority.

The Credit Card Act prevents California retailers from recording any personal identifying information as a condition of accepting a credit card. In exempting Apple and similar online businesses from the law, the court said Internet retailers do not have the same safeguards against fraud as traditional stores.

“Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card or the customer’s photo identification,” Liu wrote.


The ruling stemmed from a lawsuit, intended as a class action, by an Apple customer who was asked to provide his address and telephone number before buying items for download. A trial judge, noting the law did not specifically exempt Internet retailers, ruled for the customer, and a state appeals court declined to hear an appeal.

In overturning the lower-court decision, the state Supreme Court majority noted that the consumer privacy law was first enacted in 1990, nearly a decade before online shopping became widespread. The Legislature amended the law in 2011 to allow gas stations to require ZIP Codes when credit cards were used at the pump.

“It seems counterintuitive to posit that the Legislature created a fraud prevention exemption only for pay-at-the-pump retailers while leaving online retailers unprotected, when online retailers — a multibillion-dollar industry by the year 2011 — have at least as much if not more need for an exemption to protect themselves and consumers from fraud,” Liu wrote.

Justice Joyce L. Kennard contended in a dissent that the decision would leave “Internet retailers free to demand personal identification information from their credit-card-using customers and to resell that information to others.”

“The majority’s decision is a major win for these sellers, but a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy,” Kennard wrote.

She said the state privacy law applies to purchases made over a telephone and likened them to transactions made on the Internet. Telephone retailers, like those selling downloadable products on the Internet, may not ask for a consumer’s personal information even if the product is a gift being sent to a third party, she wrote.

Justice Marvin R. Baxter, also dissenting, complained the majority relied “on speculation and debatable factually assumptions to wholly strip online credit car users” of an important consumer protection.

The attorney for Apple in the case and a company spokeswoman declined to comment. An attorney for the consumer could not be reached.