Several federal court cases have ruled in favor of e-retailers who had been charged with violating credit card privacy laws. But experts say new interpretations of laws written before e-commerce emerged may put e-retailers in an ambiguous legal position.
Several federal court cases within the past year have ruled in favor of online retailers, including Zazzle.com and Symantec, who had been charged with violating privacy laws that restrict the use of credit card information.
The trend emerging in these cases so far appears to be a separation of online retailing from laws designed to protect customers while they’re making credit card purchases in physical stores. But the fact that these laws are undergoing new legal challenges in the courts puts e-retailers in an uncertain legal position going forward, says Eric Goldman, a law professor and director of the High Tech Law Institute at the Santa Clara University School of Law. “The issue is what’s the difference between online and offline interactions between customers and retailers and how we should apply these laws to the online world,” he says.
While some legal experts say Internet transactions should remain separate, others say the laws should treat online and offline the same, and still others say the Internet should have even stricter privacy laws because of the risk posed when information is exposed online, Goldman adds.
Recent cases have involved complaints filed by consumers under the federal Fair Credit Reporting Act and California’s Song-Beverly Credit Card Act. The Fair Credit Reporting Act prohibits retailers from printing receipts with a customer’s full credit card number and card expiration date; Song-Beverly prohibits retailers from requiring customers to provide their home address and telephone number when making a credit card purchase.
In each of the cases, the consumer plaintiff contended that an online retailer violated the law by either issuing an online receipt with too much credit card account information or by requesting personal information in an online order form.
In a case filed in January, Saulic v. Symantec, the plaintiff complained that the software retailer had violated California’s Song-Beverly law by requiring the customer to enter a home address and phone number to complete an online purchase. The U.S. District Court for the Central District of California ruled in favor of Symantec, arguing that the law did not apply to online retailers who need that information to help verify a customer’s identity.
There have been several cases brought under the Fair Credit Reporting Act, though not all of them with court rulings favoring retailers.
In last year’s Grabien v. 1-800-Flowers.com Inc., the U.S. District Court for the Southern District of Florida ruled in favor of the plaintiff, deciding that the law’s prohibition against printing a receipt with credit card information extends to online receipts, according to a record of the case kept by Washington, D.C., law firm Proskauer Rose LLP.
That case was consistent with an earlier ruling by the U.S. District Court for the Central District of California in Vasquez-Torres v. StubHub Inc., according to Proskauer Rose. Stubhub is an online tickets retailer owned by eBay Inc.
But other cases brought under the Fair Credit Reporting Act have since ruled in favor of retailers, according to Proskauer Rose.
In Smith v. Zazzle.com Inc., the U.S. District Court for the Southern District of Florida ruled in favor of Zazzle in stating that the restriction on printing retail receipts applied only to bricks-and-mortar retail operations, not to retail web sites. That ruling supported earlier rulings in the Southern District of Florida in the cases Grabien v. Jupitermedia Corp., Haslam v. Federated Department Stores Inc. and Edwin King v. Movietickets.com.
Although these latest rulings bode well for online retailers, e-retailers should be prepared for ongoing legal challenges, Goldman says. “People still haven’t thought through the broader implications for Internet retailers,” he says.