Identity theft and personal privacy are major issues, as more information is available over the Internet and linked together through social media networks. However, even as early as the 1970s, legislatures were taking steps to protect personal information from public exposure and marketing schemes. For example, California’s legislature has passed the Song-Beverly Credit Card Act. In essence, this law prohibits retailers from collecting personal identification information during a credit card transaction from consumers for marketing purposes. As the market for consumer goods spreads to the Internet, courts must decide how far protection of personal information will extend.
What Are the Provisions of the Song-Beverly Act?
The Song-Beverly Act is intended to protect consumers from unwanted marketing efforts. This protects privacy and personal information. More specifically, retailers are not allowed to request and record customers’ email addresses to complete a credit card transaction. Furthermore, these retailers cannot later use these addresses for marketing purposes. However, according to recent case law, this law only applies to “brick and mortar retailers,” or retailers that maintain a physical presence. As such, the statute only applies to in-store transactions and not web transactions. This is an important distinction in light of the fact that an increasing number of purchases take place online.
What Constitutes Personal Identification Information?
Under the Song-Beverly Act, a cardholder’s address and telephone number are personal identification information. Since then, different courts have interpreted this law to include different groups of personal information. In a 2011 case, Pineda v. Williams-Sonoma, the California Supreme Court interpreted the law to also include zip codes. More recently, in a November 2013 case, Capp v. Nordstrom, the United States District Court for the Eastern District of California interpreted it to apply to email addresses. In this case, the retailer asked Mr. Capp for his email address at the time of his transaction. Nordstrom later used the email address to send him unsolicited marketing materials. Nordstrom argued that the court should dismiss the case because the federal CAN-SPAM Act prohibited Mr. Capp from bringing a state claim on these issues. The CAN-SPAM Act of 2003 established the first federal standard for when retailers could send commercial emails to consumers. The court did not agree with Nordstrom. It explained that the CAN-SPAM Act applied to the use of email addresses, whereas the circumstances of this case dealt with the request for email addresses, which was under the jurisdiction of the Song-Beverly Act. However, earlier that same year, in February 2013, the California Supreme Court interpreted this law more narrowly in Apple v. Superior Court. In that case, the high court held that the Song-Beverly Act does not apply to online transactions. The court explained that since the California Legislature passed the Song-Beverly Act before online commerce existed, they could not have intended for it to apply to online transactions. The court concluded that this law could only apply to in-person transactions.
At our law firm, we provide guidance and legal expertise to help businesses and consumers understand legislation dealing with commercial activity and privacy protection. You may contact us to discuss with an attorney how this legislation affects you.