SAN FRANCISCO (CN) - Apple can require personal information from customers who make downloadable purchases on iTunes, but California lawmakers should revisit online consumer privacy, the state Supreme Court ruled Monday.
"Because we cannot make a square peg fit a round hole, we must conclude that online transactions involving electronically downloadable products fall outside the coverage of the statute," Justice Goodwin Liu wrote for a four-member majority.
Since retailers are entitled to take precautions against online credit card fraud, Apple did not violate the decades-old Song-Beverly Credit Card Act by demanding addresses and phone numbers as a reasonable form of positive identification, the ruling states.
"Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card, or the customer's photo identification," Liu wrote. "Thus, section 1747.08(d) - the key antifraud mechanism in the statutory scheme - has no practical application to online transactions involving electronically downloadable products. We cannot conclude that if the Legislature in 1990 had been prescient enough to anticipate online transactions involving electronically downloadable products, it would have intended section 1747.08(a)'s prohibitions to apply to such transactions despite the unavailability of section 1747.08(d)'s safeguards."
Chief Justice Tani Cantil-Sakauye, Justice Kathryn Werdegar and Justice Carol Corrigan concurred.
In a dissent joined by two colleagues, Justice Joyce Kennard lamented that the "'robust' consumer protection at the heart of section 1747.08, is now largely relegated to the dust heap."
The majority's opinion "eviscerates those protections by rejecting the plain meaning of the statute," Kennard wrote.
"As a result of the majority's decision, online sellers of downloadable products can collect unlimited personal information concerning their credit-card-using customers and sell that information to, or share it with, other companies, which, for marketing purposes, can then construct detailed consumer profiles," she added.
Justice Marvin Baxter joined in that dissent and wrote a separate opinion.
"The majority relies on speculation and debatable factual assumptions to carve out an expansive exception to section 1747.08 that leaves online retailers free to collect and use the personal identification information of credit card users as they wish," he wrote.
In the majority ruling, Liu wrote that the "ominous assertions" of the dissents, "though eye-catching, do not withstand scrutiny."
David Krescent brought the class action against Apple in June 2011 after he was required to give up his address and phone number to open an iTunes account.
Apple attorney David Kolkey argued before the high court in November that lawmakers in 1990 could never have imagined that the Song-Beverly Credit Card Act would be insufficient to protect against fraud.
"Online transactions didn't exist when this statute was enacted," he said. "The problem with this scheme is it wasn't written for the problems of the online world."
The justices' struggle to reconcile the law with the pervasiveness of online fraud hinted at a ruling favorable to retailers.
Liu said the court could not comment on the adequacy of exiting consumer protection laws.
"The Legislature may believe these measures are inadequate and, if so, may enact additional protections," he wrote. "Or the Legislature may believe that existing laws, together with market forces reflecting consumer preferences, are sufficient. It is not our role to opine on this important policy issue."