Apple Inc. v. Superior Court

*151KENNARD, J., Dissenting.

To protect consumer privacy, California statutory law prohibits retail sellers from recording the personal identification information, such as home addresses and telephone numbers, of their credit-card-using customers. (Civ. Code,1 § 1747.08, subd. (a).) The statute does not exempt online sales of downloadable products from this prohibition, and on its face the statute applies to sales conducted over the Internet just as it does to sales conducted face-to-face or by mail or telephone. Yet the majority holds that online sales of downloadable products are not covered by the statute, thus leaving Internet retailers free to demand personal identification information from their credit-card-using customers and to resell that information to others. The majority’s decision is a major win for these sellers, but a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy.

Unlike the majority, I conclude that the statute means just what it says and contains no exemption, express or implied, for online sales of downloadable products. The majority’s expressed concern that this plain-meaning construction of the statute leaves online sellers with no way to detect and prevent fraudulent purchases is unjustified, as I explain.

I

David Krescent filed a complaint alleging that on four occasions in 2010, he bought downloadable products from Apple Inc. (Apple); that he used a credit card to pay for those products; and that Apple, as a condition of completing those purchases and in violation of section 1747.08, required him to provide his home address and telephone number, which he did. Krescent seeks statutory penalties for those alleged violations. He also seeks certification of a class comprising all individuals who within the year preceding the filing of the complaint purchased downloadable products from Apple, paid by credit card, and were required by Apple to give home addresses and telephone numbers.

Section 1747.08’s predecessor was enacted in 1990 as former section 1747.8. (Stats. 1990, ch. 999, § 1, p. 4191.) The Legislature has since then amended the statute several times and renumbered it in 2004. (Stats. 2004, ch. 183, § 29, p. 981.) The statute prohibits sellers from recording their credit-card-using customers’ “personal identification information” (§ 1747.08, subd. (a)), such as the cardholder’s address and telephone number (§ 1747.08, *152subd. (b)). It applies to any “person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business.” (§ 1747.08, subd. (a).)

Apple filed a demurrer. A demurrer is, in essence, a request that the case be dismissed because the facts alleged in the complaint are insufficient as a matter of law to justify any relief. In this situation, “we review the allegations of the operative complaint for facts sufficient to state a claim for relief.” (C.A. v. William S. Hart Union High School Dist. (2012) 53 Cal.4th 861, 866 [138 Cal.Rptr.3d 1, 270 P.3d 699].) In support of its demurrer, Apple argued that section 1747.08 does not apply to Internet transactions, because the Internet as we know it today did not exist in 1990 when the Legislature enacted the statutory provisions at issue. Apple contended that the statute contemplates a transaction involving the physical presentation of a credit card (or something similar) and the recording of data from that card onto a paper credit card transaction form, neither of which is possible in a transaction done electronically over the Internet.

In overruling Apple’s demurrer, the trial court said it was “not prepared, at the pleading stage, to read [section 1747.08] as completely exempting online credit transactions from its reach,” thus indicating that any ruling in Apple’s favor would require a more developed factual record than what had been presented at that early stage of the proceedings. Apple petitioned the Court of Appeal for a writ of mandate, which the court summarily denied. This court then granted Apple’s petition for review.

n

Section 1747.08’s broad language (see p. 152, ante) applies to any “person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business.” (§ 1747.08, subd. (a).) Apple comes within that definition. The Legislature made some express exceptions in the statute (id., subd. (c)), but none pertains to a categorical exemption for online transactions. Nevertheless, the majority here exempts online sellers of downloadable products from complying with the statutory prohibition against a seller’s recording of the personal identification information of its credit-card-using customers. The majority reasons that the Legislature could not have intended section 1747.08 to apply to such online sellers, and it repeatedly emphasizes the novelty of Internet-based commerce. (See, e.g., maj. opn., ante, at p. 140 [“We cannot assume that the Legislature, had it confronted a type of transaction in which the standard mechanisms for verifying a cardholder’s identity were not available, would have made the same policy choice as it did with respect to transactions in which it found no tension between privacy protection and fraud prevention.”]; id. at p. 141 [“We cannot conclude that if *153the Legislature in 1990 had been prescient enough to anticipate online transactions involving electronically downloadable products, it would have intended section 1747.08(a)’s prohibitions to apply to such transactions despite the unavailability of section 1747.08(d)’s safeguards.”]; id. at p. 150 [“[W]e are unable ... to conclude that the Legislature in 1990 intended to bring the enormous yet unforeseen advent of online commerce involving electronically downloadable products—and the novel challenges for privacy protection and fraud prevention that such commerce presents—within the coverage of the Credit Card Act.”].)

No significant difference exists between a purchase conducted over the Internet and one conducted through the mail or by telephone. In both cases, the credit card is not physically presented to the seller, who nevertheless has limited ways of confirming the buyer’s identity. Also, in some mail and telephone sales (as with online sales of downloadable products) the seller does not need the purchaser’s mailing address for shipping purposes. Some examples: when the buyer has a gift sent to a third party’s address, or pays for news, entertainment, or other information to be conveyed by telephone. (See maj. opn., ante, at p. 143.) Although modern-day Internet commerce did not exist in 1990, when the statutory provisions at issue were enacted, by that time mail-order and telephone order transactions (hereafter also referred to as MOTO transactions) were well established. (See, e.g., Winn, Clash of the Titans: Regulating the Competition between Established and Emerging Electronic Payment Systems (1999) 14 Berkeley Tech. L.J. 675, 688 (hereafter Winn) [“decades of MOTO transactions” preceded the advent of Internet commerce].)

Jane K. Winn (the Charles I. Stone Professor of Law at the University of Washington School of Law) has written numerous academic publications on electronic commerce and is considered a leading international authority in that field. In the article cited above, Professor Winn observes that merchants who accepted credit cards as payment in mail-order and telephone order transactions developed “sophisticated security systems ... to keep fraud and error losses to a minimum” (Winn, supra, at pp. 687, 688), thus accommodating the desire of these merchants to conduct business remotely. After the Internet’s emergence, the same antifraud practices that had applied to mail-order and telephone order transactions were “transferred [to the Internet] to manage risks with Internet-based commerce.” (Ibid.)

The Law Revision Commission’s comment on Evidence Code section 450 allows reliance on academic publications like Professor Winn’s article: “Under the Evidence Code, as under existing law, courts may consider whatever materials are appropriate in construing statutes .... That a court may consider legislative history, discussions by learned writers in treatises *154and law reviews, materials that contain controversial economic and social facts or findings or that indicate contemporary opinion, and similar materials is inherent in the requirement that it take judicial notice of the law. In many cases, the meaning and validity of statutes . . . can be determined only with the help of such extrinsic aids. . . .” (Cal. Law Revision Com. com., Deering’s Ann. Evid. Code (2004 ed.) foll. § 450, p. 214, italics added.)2

Although Professor Winn’s factual assertions are not part of the meager record before us, further development of the factual record could establish those assertions beyond question. By holding in Apple’s favor and ending the litigation, the majority precludes such further development of the record.

Succinctly put, the similarity between online transactions and mail-order or telephone order transactions belies the majority’s insistence that its holding exempting online sellers such as Apple from compliance with section 1747.08 is necessary to protect these sellers from consumer fraud.

The majority’s focus on fraud protection for sellers is at odds with this court’s recent statement in Pineda v. Williams-Sonoma Stores, Inc. (2011) 51 Cal.4th 524 [120 Cal.Rptr.3d 531, 246 P.3d 612] that section 1747.08’s “overriding purpose was to ‘protect the personal privacy of consumers who pay for transactions with credit cards.’ [Citation.]” (Pineda, supra, at p. 534, italics added.) That “robust” consumer protection (id. at p. 536), at the heart of section 1747.08, is now largely relegated to the dust heap. As a result of the majority’s decision, online sellers of downloadable products can collect unlimited personal information concerning their credit-card-using customers and sell that information to, or share it with, other companies, which, for marketing purposes, can then construct detailed consumer profiles. The majority concedes that “[t]he Legislature may believe [existing privacy protections] are inadequate and, if so, may enact additional protections” (maj. opn., ante, at p. 133), but the majority overlooks the fact that the Legislature already did enact additional protections. It enacted section 1747.08. The majority eviscerates those protections by rejecting the plain meaning of the statute. The majority’s policy-driven construction of the statute contradicts its claim that “[i]t is not our role to opine on this important policy issue” (maj. *155opn., ante, at p. 133) and “[w]e express no view on this significant issue of public policy” (id. at p. 150).

Moreover, application of section 1747.08 to sellers of downloadable products would not prevent these sellers from taking protective measures against fraud. Because of the remote nature of the Internet transaction, the buyer cannot physically present a credit card to the seller. This is why in that situation the seller is expressly permitted under the second sentence of section 1747.08’s subdivision (d), added in 1995, to record the number appearing on the buyer’s driver’s license or similar identification.3 And a different provision of the same statute allows online sellers of downloadable products to collect personal identification information about a cardholder if “contractually obligated” to do so (§ 1747.08, subd. (c)(3)(A)), thus providing another layer of protection against fraud—depending on the terms of the contracts between the seller, the payment processor, the merchant bank, and the bank that issued the credit card.4

A final point; The majority states that when the Legislature wants to regulate online businesses, it must do so expressly, as it did in the California Online Privacy Protection Act of 2003. (Maj. opn., ante, at p. 148.) Under that reasoning, the civil rights protections of the Unruh Civil Rights Act (§51) would not apply to online businesses because that act does not refer to those businesses expressly; similarly, under the majority’s reasoning the California Uniform Commercial Code would not apply to online businesses because the code does not mention those businesses expressly.

in

As noted (see p. 154, ante), this court recently held unanimously that the Legislature’s “overriding” purpose in enacting section 1747.08’s prohibition against a seller’s recording of a credit-card-using customer’s personal identification information was to protect a consumer’s right to privacy. (Pineda v. Williams-Sonoma Stores, Inc., supra, 51 Cal.4th at p. 534.) Whether to limit or to broaden that right is a power that belongs exclusively to the Legislature. The majority here trespasses upon the Legislature’s *156domain by going far beyond the statute’s plain language in order to judicially graft upon the statute an exemption for online sellers such as Apple so they need not comply with section 1747.08. Unlike the majority, I would affirm the Court of Appeal’s judgment summarily denying the petition for writ of mandate, thus upholding the trial court’s overruling of Apple’s demurrer.

Baxter, J., and Jones, J.,* concurred.

All undesignated statutory references are to the Civil Code.

I note the majority’s reliance on assertions of fact in various publications. (See maj. opn., ante, at p. 136, citing Frischmann, Privatization and Commercialization of the Internet Infrastructure: Rethinking Market Intervention into Government and Government Intervention into the Market (2001) 2 Colum. Sci. & Tech. L.Rev. 1, 20; maj. opn., ante, pp. 149-150, citing New Models of NeXT Computer Lauded; Users, Analysts Praise Changes in Hardware, Software, Rocky Mountain News (Sept. 23, 1990) p. B8, Isaacson, Steve Jobs (2011) pp. 211-237, 293-294, and Gobry, Apple Will Generate $13 Billion in iTunes Revenue in 2013, Says Analyst, Business Insider, July 5, 2011 <http://www.businessinsider.com/apple-itunesrevenue-2013-2011-7> [as of Feb. 4, 2013].)

This statutory provision indicates that, contrary to the majority’s assertion, section 1747.08 was intended to apply to remote transactions, not just face-to-face transactions.

The majority notes that real party in interest David Krescent’s complaint alleges that Apple is not contractually obligated to collect personal identification information. (Maj. opn., ante, at p. 142.) True. But the question here is not whether Apple availed itself oí the fraud-prevention provisions that the statute offers; rather, the question is whether the statute offers some fraud-prevention possibilities. Therefore, that specific allegation of the complaint is not relevant here. That Apple has voluntarily chosen to do business in a way that precludes it from using the antifraud provisions that the Legislature has provided cannot support the majority’s justification for a general exemption from the statute.

Presiding Justice of the Court of Appeal, First Appellate District, Division Five, assigned by the Chief Justice pursuant to article VI, section 6 of the California Constitution.