Key Decisions

March 2013 – Online Retailers May Collect Personal Information

(filed under: Key Decisions Archive | March 22, 2013)

Online Retailers May Collect Personal Information

Apple, Inc. v. Superior Court
(Cal. Sup. Ct.), filed February 4, 2013 


David Krescent sued Apple Inc. for violation of the Song-Beverly Credit Card Act of 1971.  That Act governs the issuance and use of credit cards.  Among other things, the Act prohibits retailers from “[r]equest[ing], or requir[ing] as a condition to accepting the credit card as payment . . . , the cardholder to write any personal identification information upon the credit card transaction form or otherwise.”  It also prohibits retailers from requesting or requiring the cardholder “to provide personal identification information, which the [retailer] . . . writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise,” and from “[u]tiliz[ing] . . . a credit card form which contains preprinted spaces specifically designed for filling in any personal identification information of the cardholder.”

Krescent alleged that Apple requested or required him to provide his address and telephone number as a condition of accepting his credit card as payment for the online purchase of material he wanted to download from the internet.

Apple filed a demurrer to challenge Krescent’s lawsuit.  It asserted that the prohibitions applied to “brick-and-mortar” retailers, not to online retailers.

The trial court overruled Apple’s demurrer.

Apple sought review by way of a petition for a writ of mandate.  However, the Court of Appeal summarily denied review.


The California Supreme Court accepted the matter for review, reversed the Court of Appeal order denying review and directed the Court of Appeal to issue a writ consistent with its opinion.

The Court made a careful consideration of the statute’s text, structure, and purpose, and concluded that Section 1747.08 does not apply to online purchases in which the product is downloaded electronically.

In reaching its decision, the Court concluded that based on certain provisions of the Act, the Legislature had intended to permit retailers to protect themselves against fraud.  This included being able to look at the credit card or other identification.  However, the authorized fraud prevention measures did not exist in online transactions, particularly those in which a consumer could download the “product” being purchased, such as music.  That fact, combined with the fact that the Act had been enacted before online commerce had become popular, led the Court to conclude that it did not apply to online retailers.

The Court was careful to note that it was not ruling on whether Section 1747.08 applied to online transactions that do not involve electronically downloadable products or to any other transactions that do not involve in-person, face-to-face interaction between the customer and retailer.


This case presents a look at competing problems created by modern technology and the desire for privacy.  The Supreme Court did not offer any remedies, but it did not prohibit what may be one of the only means of helping reduce fraudulent transactions, and left it for the Legislature to try to find a solution.