Retailers operating brick-and-mortar stores in California are likely well aware of the state’s requirements for the collection of consumers’ personally identifiable information (PII). The Song-Beverly Credit Card Act of 1971 (the “Act”) imposes civil penalties for certain practices with respect to capturing and recording PII in cardholder transactions. See Cal. Civ. Code § 1747.08. Traditional litigation under the Act challenged retailers’ requests for telephone numbers, driver license numbers, and email addresses in connection with credit card payments at the point of sale. Beginning in 2011, when the California Supreme Court held that ZIP codes constitute PII, retailers most notably faced a wave of litigation regarding requests for customers’ ZIP codes at the point of sale before purchases were consummated. See Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 (2011). As we reported in June 2017, filings in this area have garnered less attention in recent years as prudent retailers have modified certain aspects of their checkout policies and procedures.
Specifically, the Act prohibits entities that accept credit cards from requesting PII from a customer at the time of a transaction and then recording that PII. Cal. Civ. Code § 1747.08(a) (“[N]o person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall . . . (2) [r]equest, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide [PII], which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.”). However, it does not stand as an absolute prohibition on requesting PII. What matters is “whether a consumer would perceive the store’s ‘request’ for information as a ‘condition’ of the use of a credit card.” Florez v. Linens ‘N Things, Inc., 108 Cal. App. 4th 447, 451 (4th Dist. 2003). In Harrold v. Levi Strauss & Co., 236 Cal. App. 4th 1259 (1st Dist. 2015), for example, the court rejected a plaintiff’s assertion that the Act prohibits a retailer from requesting PII after processing a customer’s credit card, because a reasonable consumer could not understand such a request to be a condition of acceptance of the credit card as payment. Id. at 1265.
In the current litigation environment, it is important that retailers keep apprised of the plaintiffs’ class action bar’s attempts to test new theories. With the decrease in ZIP code claims under the Act, Carlson Lynch, a prolific plaintiffs’ class action firm that has prosecuted claims under the Act, the TCPA and the ADA, and has been heavily invested in reference pricing litigation, now appears to be seeking to breathe new life into Song-Beverly litigation. See Valesquez v. Walmart, Inc., No. 37-2018-00019280 (San Diego Cty. Super. Ct.). This complaint, which was filed on April 18, 2018, alleges that the retailer’s use of video cameras at its self-checkout kiosks violates the Act. Specifically, the plaintiff claims that his personal likeness constitutes PII under the Act, and that the retailer violates the Act by recording his personal likeness in conjunction with his credit card transactions. He purports to bring the suit on behalf of all California consumers who were subject to “up-close” images while engaging in credit card transactions at the retailer’s self-checkout kiosks during the previous year. According to the allegations set forth in the complaint, the video cameras at issue, unlike the security cameras located throughout the store, are able to collect customers’ PII “on a granular level in accurate detail,” including a person’s facial features, eye color, hair color, and images of his or her upper body.
The plaintiff alleges that customers have no means of avoiding the video recordings, and that the recordings subject him and the putative class members to potential harassment, identity theft, marketing campaigns, and unwelcome communications. Without support, and only upon information and belief, the plaintiff also alleges that the video recordings are intended to advance the retailer’s business prospects, such as for use in targeted marketing campaigns. And while the Act provides various exceptions to the prohibition against the capture of PII, plaintiff avers that his complaint does not fall within any of those exceptions. Plaintiff’s claim under the Act is the sole count in the complaint, and he seeks to recover damages (the Act provides for civil penalties of up to $250 for a first violation and $1,000 for each subsequent violation with no cap on aggregate damages), attorneys’ fees and costs.
The complaint has clear and likely fatal deficiencies and it is unclear how long it will survive. By way of one example, it is not settled that the Act is meant to regulate anything other than data relating to consumers’ contact information. More glaringly, this complaint leaves important questions largely unanswered—such as why the retailer uses video cameras at its self-checkout kiosks. Retailers have previously defeated actions brought under the Act by invoking its “special purpose” exception, which allows a retailer to collect information—including PII—for reasons such as fraud prevention. See Flores v. Chevron U.S.A. Inc., 217 Cal. App. 4th 337 (2d Dist. 2013); Cal. Civ. Code § 1747.08(c)(4). Notwithstanding the weaknesses of plaintiff’s claim, however, the filing of this action should serve as an important reminder to retailers to continually review their checkout policies and procedures. Company policies and procedures are important because the Act affords a “bona fide error” defense to retailers who can show by a preponderance of the evidence that any violation was unintentional and made notwithstanding procedures adopted to avoid that error. See Cal. Civ. Code § 1747.08(e). Retailers with well-designed checkout procedures and well-trained sales associates can thus assert a defense to lawsuits alleging one-off violations of the Act, particularly where plaintiffs attempt to aggrandize those one-off violations to the experiences of an entire putative class. See Yeoman v. Ikea U.S.A. W., Inc., No. 11-0701, 2014 WL 7176401 (S.D. Cal. Dec. 4, 2014), vacated and remanded sub nom. Medellin v. IKEA U.S.A. W., Inc., 672 F. App’x 782 (9th Cir. 2017) (reversing and remanding on Article III standing grounds under Spokeo).
We will continue to monitor this new lawsuit and any other cases that attempt to expand the scope of the Song-Beverly Act. If you have any questions about this alert, please do not hesitate to contact the authors or your usual Drinker Biddle contact.