Parked at the computer and want to use your credit card to buy the latest Lil Wayne song or a cool app on iTunes? Arrange the perfect date on eHarmony? Buy a ticket to a 49ers game on StubHub?

Chances are those online merchants will ask for your personal information to close the deal. And they may just be violating a two-decade-old California law designed to restrict the amount of personal information consumers must provide to make a credit card purchase.

On Wednesday, the California Supreme Court will tackle the unprecedented question of whether that state law applies to online commerce in a legal challenge led by Apple and backed by a host of retailers ranging from Walmart to eBay.

Apple argues that the law, called the Song-Beverly Credit Card Act, applies only to brick-and-mortar businesses and was last revised in 1991, when the notion of an iTunes store wasn't even a twinkle in Steve Jobs' eye. E-retailers insist that applying the law could heighten the risk of credit card fraud and identity theft because it would hamper their ability to verify credit card information.

But consumer rights advocates say the law clearly applies to any credit card commerce, including in the online world. And they argue online merchants can protect against fraud without trampling on the privacy rights of cyberspace consumers by forcing them to fork over everything from addresses to phone numbers.


Advertisement

To critics, Apple, eBay and others merely want the freedom to collect personal information for marketing, not fraud prevention.

"This case is an early warning sign about what we're going to be seeing," said Pam Dixon, executive director of the World Privacy Forum, which is not involved in the legal battle. "There is a balance that needs to be found between the prevention of fraud and the overcollection of consumer information."

The Supreme Court case is the latest in a line of legal tangles over the issue. In 2011, the state's high court ruled that traditional stores, in that case Williams-Sonoma, violated the Song-Beverly Act by collecting ZIP codes from customers, saying it was unnecessary to verify credit card purchases. That led to dozens of class action lawsuits against retailers accused of collecting that information.

For such real world stores, verifying a credit card is as simple as eyeballing the card and a driver's license. But online credit card verification is murkier. Gas station owners, caught somewhere in between, were able to withstand legal challenges to requiring ZIP codes to use credit cards at the pump because they could prove that information was necessary in California to detect fraud.

While consumer advocates concede online merchants may need some personal information, such as a ZIP code, they say demanding addresses and phone numbers goes well beyond what any business needs to validate a credit card. They argue the Song-Beverly Act certainly should set the rules. And so they've taken their case to the courts.

Last year, lawyers filed class actions against Apple, eHarmony and Ticketmaster, seeking to apply the same law to online commerce. In the Apple case, a Southern California man, David Krescent, became the lead plaintiff when he alleged he was forced to provide his address and phone number to establish an iTunes account, saying it was not necessary to confirm his credit card information and thus violated the 1991 California law.

"Consumers have a right to privacy," said Eric Shrieber, Krescent's attorney. "If a business doesn't need it, why should a consumer be forced to give it up?"

Lawyers for consumers say the Supreme Court's 2011 decision in the Williams-Sonoma case applies to the Apple online case. Legal experts tend to agree.

"I think it's a pretty high hurdle (for Apple) to overcome," said Susan Friewald, a University of San Francisco law professor and online privacy expert.

Daniel Kolkey, a former state appeals court justice who is now representing Apple, did not respond to a request for comment. But in court papers, Apple called the law "incompatible" with modern online commerce needs, urging the Supreme Court to shield online merchants from its reach.

The consumers' position "would threaten to produce unintended and absurd results, including the facilitation of fraud against e-retailers who have no way to confirm the customer's right to use the credit card," Apple attorneys wrote.

Thomas Brown, a lawyer for a group of businesses and the California Retailers Association, agreed, saying the case highlights key differences in the needs of brick-and-mortar merchants and online retailers when it comes to verifying credit card information.

"I'm optimistic the Supreme Court will be sensitive to the difference between the real world and e-commerce," he said.

Howard Mintz covers legal affairs. Contact him at 408-286-0236. Follow him at Twitter.com/hmintz