Skip to main content
photo of credit card transaction

What is the California Song-Beverly Credit Card Act?

Written by Joseph Lyon on . Posted in Class Action.

The Lyon Firm is investigating new violations of the California Song-Beverly Credit Card Act (CSBCCA), a state consumer protection law meant to protect the privacy of individuals during, and particularly after, credit card transactions. Call for a free consultation, and to learn more about important consumer privacy protections.

In a new legal trend, there have been several recent class action filings in California, with complaints that cite similar personal privacy violations of the CSBCCA. These lawsuits have named large retailers as defendants-companies that have allegedly used web-tracking technologies during online credit card transactions. Plaintiffs have argued that these credit card companies are improperly collecting and storing personally identifiable information (PII), thus violating the California Song-Beverly Credit Card Act.

Many retailers, in fact, require consumers to provide their names, home addresses, e-mail addresses, ZIP codes, driver license numbers, and sometimes IP addresses, with every new credit card transaction. This compiled information is not entirely necessary, according  to the plaintiffs, but only serves as a marketing tool, benefiting the companies and violating the privacy rights of individuals. If any company engages in such activity (collecting personal information intended to be used in marketing efforts) without consumers’ direct consent, they may be violating the Song-Beverly Act.

In recent rulings, the courts have noted that “the statute is intended to protect consumer privacy and to prohibit merchants from obtaining personal identification information under the mistaken impression that the information is required to process a credit card transaction.”

Although other states have enacted consumer protection laws regarding the collection of personal data, California has, in general, the most stringent and progressive privacy laws of any state. Lawsuits filed within the state have the highest probability of moving forward, and plaintiffs can be handsomely compensated.

Each plaintiff can seek a class, and obtain statutory penalties of $250 to $1,000 per credit card transaction in California, with no cap on aggregate damages.

What is the Song-Beverly Act?

The California Song-Beverly Credit Card Act is over fifty years old, originally enacted in 1971, decades before any web-tracking code existed. The Act, however dated, is being interpreted in new ways to help consumers cope with a new era of dubious data collection practices and personal privacy intrusions.

The primary function of the Song-Beverly Act is to prohibit retailers from requesting personally identifiable information before or during a credit card transaction. Retailers cannot make providing PII a condition for any payment, and they cannot create a record of any transaction that includes the personal identification information provided.

The Act defines PII as including a cardholder’s address and telephone number, and later interpretations have added ZIP codes, email addresses, and IP addresses to that original list.

It is important to note that The Act is not intended to prohibit retailers from collecting information voluntarily from customers, as is still common with a voluntary email marketing scheme. But rather, Song-Beverly is meant to prohibit retailers from requesting or requiring PII as a condition of paying by card. That is to say, the retailers do not need this data, they simply want to obtain it for marketing purposes.

There may be questions, however, as to whether the Song-Beverly Act prohibits a retailer from requesting personal information after the completion of a credit card transaction. Plaintiffs have argued that the Act prohibits any request for data from a credit cardholder, irrespective of when the request is made.

Examples of Song-Beverly Act Violations

Plaintiffs have sued retailers of late, claiming certain companies violated Song-Beverly by requesting and recording personal data while conducting routine credit card transactions, which could constitute a California privacy violation.

Other plaintiffs have alleged that many retailers use web tracking pixels, including the Meta tracking pixel, Google Analytics, and the PayPal tracking pixel, to illegally collect PII. The result is that consumers are unfairly bombarded with targeted advertising, a practice that privacy advocates have worked tirelessly to limit.

Tracking pixels refer to a range of analytic code embedded in websites, capable of monitoring detailed interactions between users and web pages. The code can also be used to collect any data entered into a web form, and later target consumers with unwanted ads. Any company that uses this tracking technology without the express consent of consumers, can be liable for eavesdropping under the California Invasion of Privacy Act (CIPA). Plaintiffs may seek statutory penalties of up to $5,000 per violation.

Allegations concerning the widespread use of pixel-tracking technology are hardly new. Hundreds of cases have been filed against website operators for their use of pixels and other tracking tools. Some cases have been settled for large figures, and plaintiffs have been compensated for continual privacy violations.

Can I file a Song-Beverly Credit Card Class Action?

Class action lawsuits have been filed against retailers in California, and other states with robust privacy protections, all based on alleged violations of consumers’ data privacy rights. If you believe any California company has violated your basic consumer privacy rights by requiring you to provide your personal information, before or during a credit card transaction, you should contact an attorney to discuss your legal options.

Sometimes the only way to discourage companies from engaging in unscrupulous and unethical corporate practices is to file a class action lawsuit. If the written law is not enough to prohibit ubiquitous privacy violations, then perhaps litigation, and punitive damages can get the message across. The Lyon Firm strongly believes in data privacy preservation. While the very idea of personal privacy is threatened daily by companies vying for your data, we are still willing and ready to fight for your privacy rights–rights that are confirmed by existing laws, and that are respected by the courts.

The Lyon Firm is currently involved in numerous data privacy cases, and we represent plaintiffs in California and nationwide. On behalf of clients, our firm can file complaints when companies violate the California Song-Beverly Credit Card Act, the CCPA, the California Invasion of Privacy Act (CIPA), TCPA laws, and numerous other data privacy protections. Contact our legal team to learn more about ongoing litigation, and to discuss the legal process.