A high-profile consumer rights attorney has filed a lawsuit against Apple on behalf of three men who claim retail store employees refused to process their credit card transaction unless they provided personal identification, including their residence ZIP Code. That procedure violates Massachusetts law, the suit says, and the attorney asks for class-action status to represent all affected customers. The suit was filed in U.S. District Court (Illinois) last week by attorney Joseph Siprut, and claims the men have been receiving unwanted marketing mail from Apple as a result of the information collection. It also claims that Apple has been selling the plaintiffs’ personally identifiable information (PII) to other companies without compensating the men. Specifically, plaintiffs Adam Christensen, Jeffrey Scolnick and William Farrell shopped at separate Apple stores in Massachusetts during late 2012 and early 2013, and each used a credit card to make an unspecified purchase. “As a condition of using their credit cards,” the lawsuit states, “Plaintiffs were required by Apple to enter personal identification information associated with the credit card, including their full and complete zip codes. Apple would not allow Plaintiff to complete their purchases without supplying such information.” The lawsuit does not describe where or how the information was entered by the men.
In the lawsuit there is no explanation of why Apple would collect PII from the customer during the transaction. Such information is already on file with the credit card companies, and becomes part of the transaction record available to Apple through their payment gateway service provider.
Typically, an Apple retail store credit card transaction is performed with an EasyPay device by swiping the customer’s credit card, and then having the customer authorize the transaction with a finger-drawn signature on the device. Otherwise, customers don’t routinely handle an EasyPay device or enter other information into it.
The lawsuit notes that Massachusetts law prohibits a person or company to “write…personal identification information…on the credit card transaction form.” It’s not clear what would constitute a “transaction form” at an Apple store under the state law.
After a credit card swipe, data is sent to a payment gateway for processing, without any direct collection of customer data by the retailer. However, information about the customer is available later from the payment gateway provider through various transaction reports, including PII.
Apple directly collects PII and credit card information from people who use the iTunes on-line store. When a person makes an on-line purchase, the credit card information is sent to a payment gateway for processing. Information from the iTunes store, but not the credit card information, may be referenced by an employee during a retail store purchase, most often to confirm the buyer’s email address to send a receipt.
The lawsuit asks for $25 per law violation, but with double or treble damages in accordance with Massachusetts law. The plaintiffs also ask the court to stop Apple’s practice of collecting PII.
Download (pdf) the entire lawsuit for more details.E-mail this story