StorefrontBacktalk

This is page 2 of:

Privacy Issues Galore Crop Up In California Supreme Court E-Commerce Ruling

February 7th, 2013

The company didn’t even need his name, as long as the credit card was valid! And besides, the statute makes it illegal to “write down” things like address, etc., and an electronic recording of the information is a writing, no?

Apple countered by asserting not only that an electronic writing isn’t a writing but that, mainly, the law—written long before electronic commerce—doesn’t naturally apply to E-Commerce. When applied to brick-and-mortar stores, the law had an anti-fraud provision—permitting the merchant to ask for and examine personal information to prevent fraud. If you don’t allow the use of this information for anti-fraud purposes, you put online merchants at a disadvantage—especially when you consider the volume of fraud online.

Lower California courts had already carved out an “online” exception to the Song-Beverly Act. The legislature passed a special law exempting gas stations from the Williams-Sonoma “Zip code” provisions, so they could likewise demand personal information (Zip codes) to prevent pump-and-go frauds. So Apple asked the Supreme Court to carve out an exception for online transactions.

On February 4, that’s exactly what the California Supreme Court did. The court found that, to effectuate the purposes of the law (protecting privacy while permitting merchants to fight fraud), online merchants could collect things like a consumer’s name, billing address and Zip code, even if the transaction was completely digital. Besides, the court observed, other California statutes—such as the California Online Privacy Protection Act (COPPA, Cal. Bus. Prof. Code 22575)—require online merchants (and others) to conspicuously post their privacy policies, including what data they collect and how they will use it. So consumer privacy is protected. Not.

The problem with what the Supreme Court did in the Krescent case was that by trying to make online merchants equal to their brick-and-mortar siblings, they elevated the rights of such merchants beyond those of their terrestrial counterparts. The court could have said that Apple and others could collect consumer personal information during a credit-card transaction, but only to use it to prevent fraud (validate the transaction), and then they had to destroy the personal data. This would have been the electronic equivalent of “looking at” the driver’s license—well, close to it, anyway.

But having collected personal information to prevent fraud, the California Supreme Court held that the only limits on the online merchant’s use of that data is whatever it puts on its privacy policies. So although a brick-and-mortar entity can’t collect any data (except for order fulfillment), an online merchant can collect and use personal information—exactly what the Song-Beverly Act didn’t want to happen. So it looks like a victory for cyberspace merchants at the expense of ground-based ones. At least until the California Legislature convenes. After that, who knows what might happen.

If you disagree with me, I’ll see you in court, buddy. If you agree with me, however, I would love to hear from you.

Posted in CRM, E-Commerce, In-Store, IT Strategy/Industry, Mobile/Wireless/Contactless, Payment Systems, Security/Fraud

Comments are closed.

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Kindle Convenience - StorefrontBacktalk is now available natively on the Kindle so you can read us on the place without a connection.

Read StorefrontBacktalk's Retailing Column every month at Retail-Week.com. Please click here for an archive of those columns.

Read StorefrontBacktalk's Retail Realities Column every week at CBSNews.com. Please click here for an archive of those columns.