In The Fountainhead , author Ayn Rand wrote: "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe." For retailers, this "progress" includes the confluence of the constant expansion of the collection of consumer information over the Internet and in the marketplace, the recent decision by the California Supreme Court in Pineda v. Williams-Sonoma Stores, Inc. and legislative initiatives to protect consumer privacy. Retailers are now facing a perfect storm that includes a tidal wave of class action litigations in California and a maelstrom of state, federal and international laws and regulations. In order to take advantage of the benefits of collecting and tracking consumer information and to create customized consumer coupons and benefits, care must be taken to understand the ever-changing legal climates, constantly monitor the shifting legislative shoals, and to avoid the reefs, shallows and quicksands of consumer privacy litigation.
California Supreme Court Has Retailers Singing The Song-Beverly Blues
Section 1747.08(a) of the Cal. Civ. Code of the Song-Beverly Credit Card Act of 1971 ("Song-Beverly") provides that people and entities that accept credit cards, except in limited types of transactions, may not "request, or require as a condition to accepting the credit card as paymentthe cardholder to provide personal identification information." The request prohibition is much broader than the condition of transaction prohibition. The Song-Beverly Act defines personal identification information as "information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." Song-Beverly was modeled after the equivalent New York statute, the N.Y. Gen. Bus. Law § 520-a.1Suits challenging the legality of retailers' attempts to collect addresses and phone numbers have resulted in numerous consumer class actions.
On February 10, 2011, the California Supreme Court held in Pineda v. Williams-Sonoma Stores, Inc. that a customer's zip code data constitutes "personal identification information" under Cal. Civ. Code §1747.08 and that requesting the zip code data during the course of a credit card transaction, absent limited circumstances, subjects the requesting retailer to class action claims up to $1,000 per transaction, plus additional liabilities. The Supreme Court examined dictionary definitions of "concerning" and held that the cardholder's zip code "pertains to" or "regards" the cardholder. The Supreme Court examined and cited the legislative history and statutory construction of Song-Beverly in support of its decision. Since the decision, there has been a tidal wave of class actions in California based upon the collection of zip code data.
The collection of consumer information through other means, such as the distribution and use of "preferred shopper" cards, also may implicate by the Song-Beverly Act. The nuances of whether the Song-Beverly Act is implicated by marketing or retail efforts can be difficult to understand without knowledge of and experience with the case law and statute. Care should be taken to ensure that no salesperson nor any customer service personnel ask a customer to fill out the card once the credit card purchasing transaction has commenced. A sales associate can ask the customer to fill out the template card after the credit card is handed back to them and they have signed.Another option is to ask the customer to fill out the card on the floor before any purchasing decision has been made. How and when the card is presented to customers and what associates say to customers about the card is critical. Legal counsel and advice should be obtained in order to avoid and limit liability from class action cases under the Song-Beverly Act or other similar laws.
Navigating The Shoals And Reefs And Changing Climate Of Privacy Laws
Whether you operate and maintain a "brick and mortar" or online retail presence, any efforts to gather personal identification information and to communicate with consumers may, depending upon the situation, run afoul of the state and federal laws governing advertising, marketing and personal privacy legislation. For example, recently online programs that have the potential to track personal information and transactional history have come under intense scrutiny in the United States and internationally.2
Following the Pineda v. Williams-Sonoma decision, the legislative winds of change in privacy law have been blowing a gale. On February 11, 2011, one day after Pineda v. Williams-Sonoma , Congressman Bobby L. Rush (D-IL) introduced the BEST PRACTICES ("Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards") Act, which legislation would establish a framework for protecting personal consumer information, H.R. 611. On the same day, Congresswoman Jackie Speier (D-CA) introduced the Do Not Track Me Online Act (H.R. 654), which would require online advertisers and website operators to disclose data collection, use and disclosure activities, including identifying third parties to whom such information would be provided. The "do not track" bill would give the FTC regulatory authority to require that online advertisers or website operators provide consumers with access to stored data and the FTC and state attorneys general are given the power to enforce the Act. The bill tracks the December 2010 FTC Preliminary FTC Staff Report. On April 12, 2011, Senators John Kerry (D-MA) and John McCain (R-AZ) introduced the Commercial Privacy Bill of Rights Act of 2011, which is intended to provide consumers with better control over the collection and use of their personal identification information, whether accessed online or offline. While the bill includes provisions for consumer notice prior to the collection of personal information and opt-in and opt-out consent, depending upon the type of information collected and intended use, it does not include "do not track" provisions. One day later, on April 13, 2011, Congressmen Cliff Stearns (R-FL) and Jim Matheson (D-UT) introduced the Consumer Privacy Protection Act of 2011 (H.R. 1528), which would provide for consumer notice requirements and the ability for consumers to "opt-out" and limit disclosures of personal information to third parties. This bill is very similar to the Commercial Privacy Bill of Rights Act of 2011 introduced by Senators Kerry and McCain. It remains to be seen which if any of these bills becomes law and whether the state and federal privacy laws will change in light of Pineda v. Williams-Sonoma .
2 The European Union Data Protection Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, effective in October 1998, regulates the processing of personal data within the European Union. Safe Harbor principles were negotiated with the United States to govern the transfer of personal data to the United States, and in order to be covered by the safe harbor, entities must be registered with the FTC. On March 16, 2011, the "European Privacy Platform" group of the European Parliament met in Brussels to discuss the structure and content of proposed revisions to the European Union Data Protection Directive. It was suggested that the proposed revision would be based upon four "pillars," including, the right to be forgotten; transparency, "privacy by default" and EU protection regardless of data location.
3 In October 2010, Google settled a class actionthat Google Buzz violated federal and California privacy and consumer protection laws based upon its creation of automatic "follower/follow" lists for $8.5 million.
Theodore C. Max is a Member in the Entertainment, Media and Technology and Intellectual Property practice groups in the New York office of Sheppard Mullin Richter & Hampton LLP, where he focuses on counseling clients on intellectual property issues and litigation. He is co-leader of the firm's Fashion and Apparel team. Mr. Max combines his skill and experience as a trial attorney with his knowledge of copyright, trademark and intellectual property law in servicing the firm's diverse clientele.