Thursday, February 7, 2013

Online Merchants May Collect Personal Information for Credit Card Transactions

When going through the check out line with your online shopping cart full of downloadable products, you may find yourself revealing more than just the numbers and information on the face of your credit card.

In Apple, Inc. v. Superior Court, Case No. S199384 (Cal. Feb. 4, 2013), Apple successfully argued that it was necessary to obtain the address and phone number for any user using a credit card to purchase a downloadable product from iTunes.

Although this case does not address purchases of physical goods / non-downloadable products, it has a large impact on a user's daily interaction with online merchants.

Privacy advocates may argue that there is no difference between a brick and mortar business and an online business and that both businesses should be subject to the same restrictions on collecting personally identifiable information ("PII"). Specifically, under the Song-Beverly Credit Card Act of 1971, Cal. Civ. Code § 1747.08, brick and mortar businesses may not collect PII during a credit card transaction (e.g. Zip Codes - see Pineda v. Williams-. Sonoma Stores, Inc., 51 Cal. 4th 524 (2011)).

Accordingly, given this discrepancy, the court, and possibly the public, may call upon state lawmakers to fix the loophole and uphold the privacy rights of individuals in online stores, as well as offline, without exceptions.