Apple wins California credit card privacy case

Court finds that Apple and online retailers, unlike their brick-and-mortar counterparts, can collect personal information when processing credit card transactions.

Jennifer Van Grove
Jennifer Van Grove Former Senior Writer / News
Jennifer Van Grove covered the social beat for CNET. She loves Boo the dog, CrossFit, and eating vegan. Her jokes are often in poor taste, but her articles are not.
2 min read
James Martin/CNET
The California Supreme Court today ruled that Apple did not break state law by requiring customers to provide personal identification information such as mailing addresses and phone numbers to complete online credit card transactions.

The decision was a split one, as first reported by Reuters, with four of the seven justices finding in favor of Apple. A copy of the decision is embedded below.

The proposed class action suit was initially brought against Apple by plaintiff David Krescent in June 2011. Krescent alleged that Apple required his telephone number and address to purchase media downloads.

The majority of the justices found that a statute of the Song-Beverly Credit Card Act of 1971, which governs the use of credit cards and does not allow retailers to require personally identifiable information to complete transactions, applies only to brick-and-mortar businesses and is not applicable to online purchases, which means the ruling has favorable implications for online retailers other than Apple.

"The statutory language suggests that the Legislature...did not contemplate commercial transactions conducted on the Internet," Justice Marvin Baxter concluded in the ruling.

The winning argument hinges around this outdated provision and online retailers' inability to verify consumer identity in the same fashion, for instance through photo identification, as their offline counterparts do.

"[We] cannot assume that the Legislature, had it confronted a type of transaction in which the standard mechanisms for verifying a cardholder's identity were not available, would have made the same policy choice as it did with respect to transactions in which it found no tension between privacy protection and fraud prevention," the majority said.

Apple v. S.C.