John SINIBALDI and Nicolle Disimone, individually and on behalf of all others similarly situated, Plaintiffs–Appellants, v. REDBOX AUTOMATED RETAIL, LLC, a Delaware limited liability company, Defendant–Appellee.
Plaintiffs John Sinibaldi and Nicolle DiSimone appeal the dismissal of a putative class action alleging violations of California's Song–Beverly Credit Card Act of 1971, which prohibits retailers from collecting personal identification information in connection with credit card transactions. See Cal. Civ.Code § 1747.08. Defendant Redbox Automated Retail, LLC operates self-service kiosks throughout California and elsewhere in the United States. Customers use the kiosks to rent movies and video games, using credit and debit cards to pay the charges. As part of the process, Redbox requires customers who obtain discs from the kiosks to provide their ZIP codes. Plaintiffs allege that, by imposing that requirement on customers using credit cards in California, Redbox has violated the Act.
We conclude that Redbox's alleged conduct does not violate the Act. The statute exempts certain transactions, including those where “the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or similar occurrence.” Cal. Civ.Code § 1747.08(c)(1). The Redbox transaction fits within that exception. We affirm the dismissal of the action.
Redbox owns and operates more than 30,000 kiosks nationwide. The kiosks are usually located outside retail locations, including grocery stores, drug stores, and fast-food restaurants. Living up to the name, each Redbox kiosk is bright red. It can hold approximately 630 discs representing 200 unique movie titles or video games. No employee is present to tend to the kiosk on an ongoing basis. The transaction with the customer is fully automated.
To rent a movie or game at a Redbox kiosk, the customer uses a touch screen to select from the titles displayed. After selecting one or more titles and proceeding to the check-out screen, the customer is prompted to swipe a credit or debit card through a built-in card reader. The kiosk screen then displays the following statement: “For security reasons, please enter the ZIP code associated with your card's billing address, and press ‘ENTER.’ “ After the customer enters a 5–digit number and the transaction representing one day's worth of charges clears, the kiosk vends the selected titles.1
Most DVD rentals cost $1 per day. At the time of the rental, the customer's card is charged the fee for one day. A customer may keep a rented disc longer at the same daily rate. When the customer returns the disc, the customer's credit card is charged for any additional days beyond the initial oneday rental period, up to a maximum of $25 for DVDs, $34.50 for Blu-ray discs, and $60 for video games. If the disc is not returned before the maximum fee is reached, the customer's credit card is charged that maximum fee. These additional charges are processed automatically from the credit card information on file. The customer is not required to swipe a credit card or enter a ZIP code upon returning rentals.
Based on these facts, Plaintiffs allege that Redbox violated § 1747.08 of the Act by requesting personal identification information in connection with a credit card transaction. Section 1747.08(a) provides that “no ․ corporation that accepts credit cards for the transaction of business shall ․ [r]equest, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information.”2 The California Supreme Court has held that a ZIP code is personal identification information within the meaning of § 1747.08. Pineda v. Williams–Sonoma Stores, Inc., 246 P.3d 612 (Cal.2011). Redbox's request for a ZIP code prior to the completion of the rental transaction is thus a request for personal identification information within the meaning of the Act.
The district court held that the Act does not apply to Redbox's unmanned kiosk transactions because, in light of the potential for fraud in such transactions, the legislature could not have meant for them to fall within the statutory privacy protection scheme. Mehrens v. Redbox Automated Retail LLC, 2012 WL 77220 at *3–4 (C.D.Cal. Jan. 6, 2012) (citing Saulic v. Symantec Corp., 596 F.Supp.2d 1323, 1333–34 (C.D.Cal.2009)). See also Apple, Inc. v. Superior Court, 292 P.3d 883, 884 (Cal.2013) (holding that § 1747.08 does not apply to online purchases of electronically downloadable products).
On appeal, Plaintiffs challenge the district court's holding, contending that § 1747.08 applies to Redbox kiosk transactions because they are in-person, card-present transactions that present less risk of fraud than online purchases. We decline to decide that question. Instead, we affirm on an alternative ground: the statute's rental deposit exception.
We review dismissal under Rule 12(b)(6) de novo. Metzler Inv. GMBH v. Corinthian Colleges, Inc., 540 F.3d 1049, 1061 (9th Cir.2008). For this purpose, we accept factual allegations in the complaint as true. Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308, 322 (2007). If support exists in the record, a dismissal may be affirmed on any proper ground. Johnson v. Riverside Healthcare Sys., LP, 534 F.3d 1116, 1121 (9th Cir.2008).
The Act, in Section § 1747.08(a) of the California Civil Code, prohibits the collection of personal information in connection with a credit card transaction, “[e]xcept as provided in subdivision (c) .” Section 1747.08(c), in turn, specifies that the prohibition in subdivision (a) does not apply in certain instances.3 One of those instances is “[i]f the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” Cal. Civ.Code § 1747.08(c)(1).
The California Supreme Court has not addressed the scope of that exception. “When the state's highest court has not squarely addressed an issue, we must predict how [it] would decide the issue using intermediate appellate court decisions, decisions from other jurisdictions, statutes, treatises and restatements for guidance.” Alliance for Prop. Rights & Fiscal Responsibility v. City of Idaho Falls, 742 F.3d 1100, 1102 (9th Cir.2013) (internal quotation marks omitted). As we are aware of no intermediate appellate decisions, decisions from other jurisdictions, treatises, or restatements interpreting the rental deposit exception, we focus on the language of the statute itself to predict how the California Supreme Court would decide the issue, and conclude that it would hold that the exception applies here.
When a customer swipes his credit card at a Redbox kiosk, Redbox immediately charges the credit card for the first day's rental. Redbox also stores the credit card information. The credit card information permits Redbox to collect the additional amount owed should the customer choose to keep the movie or game for additional days or if it is never returned. In other words, the credit card is “being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” We conclude that the California Supreme Court would hold Redbox's collection of personal identification information in connection with kiosk rental transactions exempt under § 1747.08(c)(1), if that court held such transactions were covered under § 1747.08(a) in the first place.
Plaintiffs argue that the Redbox transaction does not involve a “deposit” by defining the term “deposit” to mean “a prospective, contingent payment of money or value to a seller of goods or services to secure against some potential loss.” To fit within § 1747.08(c)(1), Plaintiffs contend, Redbox would have to charge the credit card a certain amount as a “deposit” in advance and then credit any excess funds back when the customer returns the DVD. If Redbox did that, plaintiffs acknowledge, “an actual deposit would have ‘secure[d] payment in the event of default, loss, damage.’ “ Because that is not what Redbox does, according to Plaintiffs, the credit card is not being used by Redbox as a deposit.
We reject Plaintiffs' artificially narrow definition of using a credit card as a deposit to secure payment. Vendors such as rental car companies, hotels, or Redbox, may use a customer's credit card to secure payment in multiple ways. One way would be in the manner acknowledged by Plaintiffs to involve a deposit—charging the credit card a certain amount in advance and refunding any excess when the product is returned or the hotel room is vacated. But a credit card can provide security whether or not money is drawn from the credit card account in advance. A vendor can also put a hold on part of the credit limit available under the credit card, by “preauthorizing” a charge of that amount without actually drawing those funds. A third variation, the one used by Redbox, is simply to hold the credit card information on file with the authorization to charge the card for any additional amounts owing later. The different methods might vary in their transaction costs, level of security, and the amount of remaining credit balance available to the customer, but in each instance the credit card is “being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” All the methods fall within the language of the statutory exclusion, both logically and literally.4
The dictionary definition of “deposit” also supports a broader reading than that which Plaintiffs propose. That term is defined in Webster's Third New International Dictionary (2002), for example, to include “something given as a pledge or security.”5 The credit card of the Redbox customer is given as a pledge or security, whether or not any funds are actually drawn by Redbox from the customer's account in advance. Plaintiffs cite the online Merriam–Webster Dictionary, defining “deposit” as “something placed for safekeeping: as a) money deposited in a bank or b) money given as a pledge or down payment.”6 Even under that definition, though, the use of a credit card may qualify as “something placed for safekeeping” or “given as a pledge.”
Plaintiffs cite additional illustrations provided along with that definition by online Merriam–Webster Dictionary and argue that “[e]ach definition and example involved movement, a transfer of some kind.” But that is not necessarily the case. One of the illustrations cited by Plaintiffs is: “The rental car company requires a deposit for drivers under the age of 25.” When a rental car customer rents a car, the customer pledges the credit limit on his or her credit card as a deposit. That is true even if the rental car company does not actually draw money from the credit card account in advance. Even in instances where the company places a hold on some portion of the customer's credit limit under the card, the hold does not entail an actual transfer of funds. Moreover, the actual charges may be more than the hold amount should, for example, the car be damaged or never returned. As long as the company can draw upon the customer's credit line later if necessary, the associated credit card is serving to provide security to the rental car company.
When a Redbox customer swipes a credit card at the time of rental, the customer promises to be responsible for additional charges that might be owed if the disc is returned late or not at all. That promise is secured with the credit card. Redbox will use the credit card information already provided by the customer to charge the customer's credit card account for the balance owed. In both literal and practical terms, the credit card serves as security.
Plaintiffs argue that Redbox might not always succeed in drawing upon a customer's credit card later. They posit, for example, the case of a customer who uses a credit card with only $1.00 in available credit remaining to rent a DVD, noting that Redbox would be unable to charge anything further to that card in the future. Even in that rare scenario, Redbox could charge something later if the customer made a payment to bring down the outstanding credit card debt in the meantime. More importantly, something deposited to secure an obligation is pledged even if it turns out that it does not have enough value to cover the obligation. A watch presented to a pawn shop might be incorrectly valued and turn out not to be worth the money paid out, or could turn out to be stolen and be subsequently reclaimed by the rightful owner, but that doesn't mean that the watch was never deposited at the pawn shop in the first place. The same is true for Plaintiffs' scenario: even if Redbox might not ultimately be able to collect from the customer's credit card in the future, the credit card is being used as a deposit.
There is no reason to think that the legislature, in enacting the statutory exception, limited it only to transactions where money is actually drawn from the customer's credit card account in advance by the retailer, the form acknowledged by Plaintiffs to fit within the definition. We see no reason to differentiate between particular forms of credit card deposits, whether they be a current transfer, a hold, or merely the ability to run a charge in the future. Nothing indicates that the legislature intended such a distinction, and Plaintiffs have not provided a logical explanation for such a distinction. We decline to read it into the statute.
The dissenting opinion presents an alternative theory for why the rental deposit exception should not apply to the Redbox transaction, but it is no more persuasive than the argument offered by Plaintiffs. That theory is that, even if the credit card is used as a deposit, none of the later charges by Redbox to the customer's credit card qualify under the statutory exception because the various contingencies are all part of the primary agreement between the customer and Redbox. But the statutory exception is not limited to a deposit to secure payment “in the event of default.” By its terms, it also applies “in the event of ․ loss, damage, or similar occurrence.” No breach of the agreement between the customer and Redbox is required for the exception to apply.
Upon renting a DVD from Redbox, the customer agrees to pay the fee for one day, and that is all that Redbox initially charges the customer's credit card. If the customer does not return the DVD after the first day, for whatever reason, it is effectively lost for each additional day because it is not available to be rented to someone else. That the additional charges, including the maximum cap, may be spelled out in the Redbox agreement does not change that fact. It is not beyond the contemplation of agreements between the parties in other rental contexts—for a car, a hotel room, or whatever—that a customer will be held responsible for loss or damage or similar additional charges. Rental agreements routinely provide that the renter is responsible for those charges. The credit card provided by the customer necessarily serves to secure any additional sum that might become owing. To say that additional charges are not covered because they might be contemplated in the agreement between the parties is to read the exception so narrowly as to make it disappear.
We hold that Redbox's collection of personal information in connection with a kiosk rental transaction falls outside the reach of § 1747.08(a) of California's Song–Beverly Credit Card Act because the customer's credit card is used as a deposit to secure payment in the event of loss or late return.
Because the transaction is exempted under § 1747.08(c)(1), we affirm the dismissal of the action.
This case presents a question of statutory interpretation of a section of California's Song–Beverly Credit Card Act, a consumer protection statute intended to prevent merchants from demanding personal information from consumers as a condition of their ability to pay by credit card. Florez v. Linens ‘N Things, Inc., 108 Cal.App. 4th 447, 452 (2003). The California Legislature deemed that unless such information, which includes addresses, phone numbers, and ZIP codes, was necessary to complete the transaction, there was no legitimate purpose to its acquisition. Absher v. AutoZone, Inc., 164 Cal.App. 4th 332, 345 (2008). Accordingly, it enacted section 1747.08 of the California Civil Code, which prohibits the collection of personal information in connection with a credit card transaction, with some limited exceptions, including the exception at issue here: The prohibition does not apply “[i]f the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” Cal. Civ.Code § 1747.08(c)(1).
As the majority states, we have no guidance from the California Supreme Court, the California appellate courts, courts in other jurisdictions, treatises, or restatements to help us interpret this exception specifically. We are guided, however, by the rule that “courts should liberally construe remedial statutes in favor of their protective purpose, which, in the case of section 1747.08, includes addressing the misuse of personal identification information for, inter alia, marketing purposes.” Pineda v. Williams–Sonoma Stores, Inc., 51 Cal.4th 524, 532 (2011) (internal citations and quotation marks omitted).
The statute before us is remedial because its “overriding purpose” was to protect consumer privacy by preventing retailers from acquiring and using “additional personal information for their own business purposes—for example, to build mailing and telephone lists which they can subsequently use for their own in-house marketing efforts, or sell to directmail or tele-marketing specialists, or to others.” Id. at 534–35 (internal citation and quotation marks omitted). A ZIP code is protected personal information because it is “both unnecessary to the transaction and can be used, together with the cardholder's name, to locate his or her full address,” id. at 532, for those very purposes. Plaintiffs have pleaded that Redbox uses the ZIP codes it collects not for fraud prevention, but for marketing purposes, precisely the type of conduct the Act was intended to prevent.
To allow merchants to obtain the personal information when essential to the transaction itself, the Legislature provided several narrow exceptions including the exception at issue here. Considering only the plain language of the statute, I accept, for the sake of argument, the majority's claim that according to the dictionary definition of “deposit,” the credit card in these transactions can be understood to be “used as a deposit to secure payment.” Cal. Civ.Code § 1747.08(c)(1). I cannot agree, however, that even assuming the credit card is used as a deposit, the deposit is being used to secure that payment “in the event of default, loss, damage, or similar occurrence,” as required by the statutory exception. Id. Instead, in my view, the credit card is being used, as pleaded in the complaint, to secure the charges that constitute the primary agreement between the customer and Redbox, charges that are therefore unrelated to “default, loss, damage, or similar occurrence.”
In fact, under Redbox's model as pleaded, there is no apparent way for a customer to incur charges on his credit card of record for default, loss, or damage.1 “Typically, the per unit DVD rental price at a Redbox kiosk is a flat fee plus tax for one night and, if the consumer chooses to keep the DVD movie for additional nights, the consumer is charged for each additional night at the same flat fee per night.” As Redbox states in its brief, “some customers do not return the DVD at all, whether because they lost it, damaged it, or simply decided to retain it for an extended period of time․ [T]he transaction functions as ․ a deposit for the continued rental of the DVD until it is returned, or until the maximum rental fee is reached.” On the Redbox model, a customer who melts a DVD in his car pays the same amount as one who chooses to rent the DVD for 25 nights, or one who chooses to rent to own: all three customers are charged the maximum fee of $25.00, and no customer is charged more. Because of this model, a customer who destroys or loses a DVD causes no loss or damage to Redbox, and every payment secured by the credit card is part of the anticipated transaction.
The majority's error stems from its mischaracterization of the Redbox transaction as a one-day rental followed by a series of penalties imposed if the customer fails to return the DVD after a single day. Instead, the Redbox customer is agreeing to rent the DVD at a fixed daily fee with a maximum total charge of $25.00 for 25 days of rental. The maximum charge also constitutes the purchase price, and when the customer has paid that amount he has acquired ownership of the DVD. The customer thus authorizes Redbox to use his credit card for future payments that are wholly different from “default, loss, [or] damage.” To say, as the majority does, that after the initial charge to the credit card, every additional charge, no matter its nature, is a charge for “default, loss, damage, or similar occurrence” is to stretch the exception well beyond its plain language and legislative intent.
Thus, even assuming that the majority is correct that the credit card transaction fits the definition of a deposit and meets that portion of the statutory requirement, affording the statute the liberal construction that favors its consumer protective purposes, it seems clear that Plaintiffs have met their burden of pleading that this statutory exception does not apply. G.H.I.I. v. MTS, Inc ., 147 Cal.App.3d 256, 273 (Ct.App.1983) (internal citation and quotation marks omitted) (“Where a party relies on a statute which contains a limitation in the clause creating and defining the liability, as here, such limitation must be negatived in the complaint”). Plaintiffs have pleaded facts that, if true, place the transaction outside the exception's plain terms and establish that Redbox uses the ZIP codes for marketing purposes. I therefore disagree that the district court's decision can be affirmed on this basis.
The majority does not rely for its holding on the basis on which the district court dismissed the action, namely, that the Song–Beverly Act does not apply to Redbox kiosk transactions. The majority avoids this issue for good reason, as I would reverse the dismissal of the action on that ground as well. Redbox kiosk transactions are more similar to pay-at-the-pump transactions, covered by the Act, than to online transactions, which are not covered. See Apple, Inc. v. Superior Court, 56 Cal.4th 128, 144 (Cal.2013). Nor does the majority rely on another statutory exception, which allows for the collection of personal information when that information “is required for a special purpose incidental but related to the individual credit card transaction.” Cal Civ.Code § 1747.08(b)(4). This exception cannot be the basis for dismissing the action because Plaintiffs pleaded that Redbox's sole purpose in obtaining the ZIP code is marketing, rendering the purpose unrelated to the credit card transaction.
I would reverse. Accordingly I dissent.
1. According to the complaint, it is not necessary to enter the ZIP code associated with the card's billing address for the transaction to clear. If the customer enters a random string of 5 digits, the kiosk will still accept the card and vend the disc. Plaintiffs therefore allege that the collection of personal information in the form of a ZIP code is not for security purposes but rather for market research: specifically, to determine where to locate future Redbox kiosks. We accept this allegation as true but do not discuss its implications because our holding does not depend on what Redbox does with the information it collects.
2. The full text reads:(a) Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall do any of the following:(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the ․ corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.(3) Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder.Cal. Civ.Code § 1747.08(a). We take no position as to whether Redbox's alleged conduct falls under any or all subsections of § 1747.08(a).
3. The full text of the subdivision reads:(c) Subdivision (a) does not apply in the following instances:(1) If the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.(2) Cash advance transactions.(3) If any of the following applies:(A) The person, firm, partnership, association, or corporation accepting the credit card is contractually obligated to provide personal identification information in order to complete the credit card transaction.(B) The person, firm, partnership, association, or corporation accepting the credit card in a sales transaction at a retail motor fuel dispenser or retail motor fuel payment island automated cashier uses the Zip Code information solely for prevention of fraud, theft, or identity theft.(C) The person, firm, partnership, association, or corporation accepting the credit card is obligated to collect and record the personal identification information by federal or state law or regulation.(4) If personal identification information is required for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders.Cal. Civ.Code § 1747.08(c)(1).
4. Indeed, if a transfer of money were required to constitute a “deposit,” then it would arguably be the money drawn in advance that served as the deposit, not the credit card. The Redbox method might fit the language of the statutory exception more perfectly than the form of transaction acknowledged by Plaintiffs to fit within the statutory exception because Redbox is counting on the credit card to secure payment, not on money that it has already debited from the customer's credit card account.
5. Similarly, the Oxford American English Dictionary defines “deposit” as “a sum payable as a first installment on the purchase of something or as a pledge for a contract, the balance being payable later ” (emphasis added). Seehttp://www.oxforddictiona ries.com/us/definition/american_english/deposit (last visited April 11, 2014).
6. The citation provided by Plaintiffs is to Merriam–Webster, “Deposit,” available athtt p://www.merriamwebster.com/dictionary/deposit (last visited June 28, 2013).
1. The only way for a customer to default would be to pay the initial fee with a credit card that expired or was cancelled before the final charges were placed on it. In such cases, Redbox “reserve[s] the right to charge ․ interest for overdue charges at the then-highest current rate allowable on Illinois contracts” and the right to seek collection and attorney's fees. If the information from a second credit card were retained for this purpose, it would likely fall within the deposit exception. However, so long as the first credit card is valid, it will never be so used.
CLIFTON, Circuit Judge: