Did the California Supreme Court inadvertently create a cottage industry that will allow for easy trafficking of PII (Personally Identifiable Information)? In a little discussed case, California’s highest court ruled that music e-tailers (i.e., Apple, et al) are not subject to data collection parameters outlined in the state’s Credit Card Act.
California’s Credit Card Act
Passed in 1971, California’s Song-Beverly Credit Card Act established regulations for credit card privacy. Specifically, the law forbids retailers from collecting the zip codes and other identifying information from consumers.
Why The California Supreme Court Said E-Tailers Are Exempt From The Credit Card Act
Since an actual card cannot be inspected in an online marketplace, to ensure a secure checkout, e-tailers use other signals (like zip codes) to authenticate a card. As such, the Song-Beverly Act made it extremely difficult for online retailers to properly authentic credit cards online, without breaking the law.
Writing for the majority, Justice Goodwin Liu reasoned that the “legislature did not intend to achieve privacy protection without regard to exposing consumers and retailers to undue risk of fraud.”
Not everyone on the bench agreed with Liu’s position. Justice Joyce L. Kennard dissented:
“Internet retailers are free to demand personal identification information from their credit-card-using customers and to resell that information to others. The majority’s decision is a major win for these sellers, but a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy.”
Regardless of your stance, legal precedence in California asserts that music e-tailers are now exempt from certain privacy parameters outlined in the state’s Credit Card Act.
If you’re an online business in need of a law firm that deals in Internet law, get in touch with Kelly / Warner today.