CLIFTON, Circuit Judge:
Plaintiffs John Sinibaldi and Nicolle DiSimone appeal the dismissal of a putative class action alleging violations of California's Song-Beverly Credit Card Act of 1971, which prohibits retailers from collecting personal identification information in connection with credit card transactions. See Cal. Civ.Code § 1747.08. Defendant Redbox Automated Retail, LLC operates self-service kiosks throughout California and elsewhere in the United States. Customers use the kiosks to rent movies and video games, using credit and debit cards to pay the charges. As part of the process, Redbox requires customers who obtain discs from the kiosks to provide their ZIP codes. Plaintiffs allege that, by imposing that requirement on customers using credit cards in California, Redbox has violated the Act.
We conclude that Redbox's alleged conduct does not violate the Act. The statute exempts certain transactions, including those where "the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or similar occurrence." Cal. Civ.Code § 1747.08(c)(1). The Redbox transaction fits within that exception. We affirm the dismissal of the action.
Redbox owns and operates more than 30,000 kiosks nationwide. The kiosks are usually located outside retail locations, including grocery stores, drug stores, and fast-food restaurants. Living up to the name, each Redbox kiosk is bright red. It can hold approximately 630 discs representing 200 unique movie titles or video games. No employee is present to tend to the kiosk on an ongoing basis. The transaction with the customer is fully automated.
To rent a movie or game at a Redbox kiosk, the customer uses a touch screen to select from the titles displayed. After selecting one or more titles and proceeding to the check-out screen, the customer is prompted to swipe a credit or debit card through a built-in card reader. The kiosk screen then displays the following statement: "For security reasons, please enter the ZIP code associated with your card's billing address, and press `ENTER.'" After the customer enters a 5-digit number and the transaction representing one day's worth of charges clears, the kiosk vends the selected titles.
Based on these facts, Plaintiffs allege that Redbox violated § 1747.08 of the Act by requesting personal identification information in connection with a credit card transaction. Section 1747.08(a) provides that "no ... corporation that accepts credit cards for the transaction of business shall ... [r]equest, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information."
The district court held that the Act does not apply to Redbox's unmanned kiosk transactions because, in light of the potential for fraud in such transactions, the legislature could not have meant for them to fall within the statutory privacy protection scheme. Mehrens v. Redbox Automated Retail LLC, 2012 WL 77220 at *3-4 (C.D.Cal. Jan. 6, 2012) (citing Saulic v. Symantec Corp., 596 F.Supp.2d 1323, 1333-34 (C.D.Cal.2009)). See also Apple, Inc. v. Superior Court, 56 Cal.4th 128, 151 Cal.Rptr.3d 841, 292 P.3d 883, 884 (2013)
On appeal, Plaintiffs challenge the district court's holding, contending that § 1747.08 applies to Redbox kiosk transactions because they are in-person, card-present transactions that present less risk of fraud than online purchases. We decline to decide that question. Instead, we affirm on an alternative ground: the statute's rental deposit exception.
We review dismissal under Rule 12(b)(6) de novo. Metzler Inv. GMBH v. Corinthian Colleges, Inc., 540 F.3d 1049, 1061 (9th Cir.2008). For this purpose, we accept factual allegations in the complaint as true. Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308, 322, 127 S.Ct. 2499, 168 L.Ed.2d 179 (2007). If support exists in the record, a dismissal may be affirmed on any proper ground. Johnson v. Riverside Healthcare Sys., LP, 534 F.3d 1116, 1121 (9th Cir.2008).
The Act, in Section § 1747.08(a) of the California Civil Code, prohibits the collection of personal information in connection with a credit card transaction, "[e]xcept as provided in subdivision (c)." Section 1747.08(c), in turn, specifies that the prohibition in subdivision (a) does not apply in certain instances.
The California Supreme Court has not addressed the scope of that exception. "When the state's highest court has not squarely addressed an issue, we must predict how [it] would decide the issue using intermediate appellate court decisions, decisions from other jurisdictions, statutes, treatises and restatements for guidance." Alliance for Prop. Rights & Fiscal Responsibility v. City of Idaho Falls, 742 F.3d 1100, 1102 (9th Cir.2013) (internal quotation marks omitted). As we are aware of no intermediate appellate decisions, decisions from other jurisdictions, treatises, or restatements interpreting the rental deposit exception, we focus on the language of the statute itself to predict how the California Supreme Court would decide the issue, and conclude that it would hold that the exception applies here.
When a customer swipes his credit card at a Redbox kiosk, Redbox immediately charges the credit card for the first day's rental. Redbox also stores the credit
Plaintiffs argue that the Redbox transaction does not involve a "deposit" by defining the term "deposit" to mean "a prospective, contingent payment of money or value to a seller of goods or services to secure against some potential loss." To fit within § 1747.08(c)(1), Plaintiffs contend, Redbox would have to charge the credit card a certain amount as a "deposit" in advance and then credit any excess funds back when the customer returns the DVD. If Redbox did that, plaintiffs acknowledge, "an actual deposit would have `secure[d] payment in the event of default, loss, damage.'" Because that is not what Redbox does, according to Plaintiffs, the credit card is not being used by Redbox as a deposit.
We reject Plaintiffs' artificially narrow definition of using a credit card as a deposit to secure payment. Vendors such as rental car companies, hotels, or Redbox, may use a customer's credit card to secure payment in multiple ways. One way would be in the manner acknowledged by Plaintiffs to involve a deposit — charging the credit card a certain amount in advance and refunding any excess when the product is returned or the hotel room is vacated. But a credit card can provide security whether or not money is drawn from the credit card account in advance. A vendor can also put a hold on part of the credit limit available under the credit card, by "preauthorizing" a charge of that amount without actually drawing those funds. A third variation, the one used by Redbox, is simply to hold the credit card information on file with the authorization to charge the card for any additional amounts owing later. The different methods might vary in their transaction costs, level of security, and the amount of remaining credit balance available to the customer, but in each instance the credit card is "being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence." All the methods fall within the language of the statutory exclusion, both logically and literally.
The dictionary definition of "deposit" also supports a broader reading than that which Plaintiffs propose. That term is defined in Webster's Third New International Dictionary (2002), for example, to include "something given as a pledge or security."
Plaintiffs cite additional illustrations provided along with that definition by online Merriam-Webster Dictionary and argue that "[e]ach definition and example involved movement, a transfer of some kind." But that is not necessarily the case. One of the illustrations cited by Plaintiffs is: "The rental car company requires a deposit for drivers under the age of 25." When a rental car customer rents a car, the customer pledges the credit limit on his or her credit card as a deposit. That is true even if the rental car company does not actually draw money from the credit card account in advance. Even in instances where the company places a hold on some portion of the customer's credit limit under the card, the hold does not entail an actual transfer of funds. Moreover, the actual charges may be more than the hold amount should, for example, the car be damaged or never returned. As long as the company can draw upon the customer's credit line later if necessary, the associated credit card is serving to provide security to the rental car company.
When a Redbox customer swipes a credit card at the time of rental, the customer promises to be responsible for additional charges that might be owed if the disc is returned late or not at all. That promise is secured with the credit card. Redbox will use the credit card information already provided by the customer to charge the customer's credit card account for the balance owed. In both literal and practical terms, the credit card serves as security.
Plaintiffs argue that Redbox might not always succeed in drawing upon a customer's credit card later. They posit, for example, the case of a customer who uses a credit card with only $1.00 in available credit remaining to rent a DVD, noting that Redbox would be unable to charge anything further to that card in the future. Even in that rare scenario, Redbox could charge something later if the customer made a payment to bring down the outstanding credit card debt in the meantime. More importantly, something deposited to secure an obligation is pledged even if it turns out that it does not have enough value to cover the obligation. A watch presented to a pawn shop might be incorrectly valued and turn out not to be worth the money paid out, or could turn out to be stolen and be subsequently reclaimed by the rightful owner, but that doesn't mean that the watch was never deposited at the pawn shop in the first place. The same is true for Plaintiffs' scenario: even if Redbox might not ultimately be able to collect from the customer's credit card in the future, the credit card is being used as a deposit.
There is no reason to think that the legislature, in enacting the statutory exception, limited it only to transactions where money is actually drawn from the customer's credit card account in advance by the retailer, the form acknowledged by Plaintiffs to fit within the definition. We see no reason to differentiate between particular forms of credit card deposits, whether they be a current transfer, a hold, or merely the ability to run a charge in the
The dissenting opinion presents an alternative theory for why the rental deposit exception should not apply to the Redbox transaction, but it is no more persuasive than the argument offered by Plaintiffs. That theory is that, even if the credit card is used as a deposit, none of the later charges by Redbox to the customer's credit card qualify under the statutory exception because the various contingencies are all part of the primary agreement between the customer and Redbox. But the statutory exception is not limited to a deposit to secure payment "in the event of default." By its terms, it also applies "in the event of ... loss, damage, or similar occurrence." No breach of the agreement between the customer and Redbox is required for the exception to apply.
Upon renting a DVD from Redbox, the customer agrees to pay the fee for one day, and that is all that Redbox initially charges the customer's credit card. If the customer does not return the DVD after the first day, for whatever reason, it is effectively lost for each additional day because it is not available to be rented to someone else. That the additional charges, including the maximum cap, may be spelled out in the Redbox agreement does not change that fact. It is not beyond the contemplation of agreements between the parties in other rental contexts — for a car, a hotel room, or whatever — that a customer will be held responsible for loss or damage or similar additional charges. Rental agreements routinely provide that the renter is responsible for those charges. The credit card provided by the customer necessarily serves to secure any additional sum that might become owing. To say that additional charges are not covered because they might be contemplated in the agreement between the parties is to read the exception so narrowly as to make it disappear.
We hold that Redbox's collection of personal information in connection with a kiosk rental transaction falls outside the reach of § 1747.08(a) of California's Song-Beverly Credit Card Act because the customer's credit card is used as a deposit to secure payment in the event of loss or late return.
Because the transaction is exempted under § 1747.08(c)(1), we affirm the dismissal of the action.
REINHARDT, Circuit Judge, dissenting.
This case presents a question of statutory interpretation of a section of California's Song-Beverly Credit Card Act, a consumer protection statute intended to prevent merchants from demanding personal information from consumers as a condition of their ability to pay by credit card. Florez v. Linens `N Things, Inc., 108 Cal.App.4th 447, 452, 133 Cal.Rptr.2d 465 (2003). The California Legislature deemed that unless such information, which includes addresses, phone numbers, and ZIP codes, was necessary to complete the transaction, there was no legitimate purpose to its acquisition. Absher v. AutoZone, Inc., 164 Cal.App.4th 332, 345, 78 Cal.Rptr.3d 817 (2008). Accordingly, it enacted section 1747.08 of the California Civil Code, which prohibits the collection of personal information in connection with a credit card transaction, with some limited exceptions, including the exception at issue here: The prohibition does not apply
As the majority states, we have no guidance from the California Supreme Court, the California appellate courts, courts in other jurisdictions, treatises, or restatements to help us interpret this exception specifically. We are guided, however, by the rule that "courts should liberally construe remedial statutes in favor of their protective purpose, which, in the case of section 1747.08, includes addressing the misuse of personal identification information for, inter alia, marketing purposes." Pineda v. Williams-Sonoma Stores, Inc., 51 Cal.4th 524, 532, 120 Cal.Rptr.3d 531, 246 P.3d 612 (2011) (internal citations and quotation marks omitted).
The statute before us is remedial because its "overriding purpose" was to protect consumer privacy by preventing retailers from acquiring and using "additional personal information for their own business purposes — for example, to build mailing and telephone lists which they can subsequently use for their own in-house marketing efforts, or sell to directmail or tele-marketing specialists, or to others." Id. at 534-35, 120 Cal.Rptr.3d 531, 246 P.3d 612 (internal citation and quotation marks omitted). A ZIP code is protected personal information because it is "both unnecessary to the transaction and can be used, together with the cardholder's name, to locate his or her full address," id. at 532, 120 Cal.Rptr.3d 531, 246 P.3d 612, for those very purposes. Plaintiffs have pleaded that Redbox uses the ZIP codes it collects not for fraud prevention, but for marketing purposes, precisely the type of conduct the Act was intended to prevent.
To allow merchants to obtain the personal information when essential to the transaction itself, the Legislature provided several narrow exceptions including the exception at issue here. Considering only the plain language of the statute, I accept, for the sake of argument, the majority's claim that according to the dictionary definition of "deposit," the credit card in these transactions can be understood to be "used as a deposit to secure payment." Cal. Civ.Code § 1747.08(c)(1). I cannot agree, however, that even assuming the credit card is used as a deposit, the deposit is being used to secure that payment "in the event of default, loss, damage, or similar occurrence," as required by the statutory exception. Id. Instead, in my view, the credit card is being used, as pleaded in the complaint, to secure the charges that constitute the primary agreement between the customer and Redbox, charges that are therefore unrelated to "default, loss, damage, or similar occurrence."
In fact, under Redbox's model as pleaded, there is no apparent way for a customer to incur charges on his credit card of record for default, loss, or damage.
The majority's error stems from its mischaracterization of the Redbox transaction as a one-day rental followed by a series of penalties imposed if the customer fails to return the DVD after a single day. Instead, the Redbox customer is agreeing to rent the DVD at a fixed daily fee with a maximum total charge of $25.00 for 25 days of rental. The maximum charge also constitutes the purchase price, and when the customer has paid that amount he has acquired ownership of the DVD. The customer thus authorizes Redbox to use his credit card for future payments that are wholly different from "default, loss, [or] damage." To say, as the majority does, that after the initial charge to the credit card, every additional charge, no matter its nature, is a charge for "default, loss, damage, or similar occurrence" is to stretch the exception well beyond its plain language and legislative intent.
Thus, even assuming that the majority is correct that the credit card transaction fits the definition of a deposit and meets that portion of the statutory requirement, affording the statute the liberal construction that favors its consumer protective purposes, it seems clear that Plaintiffs have met their burden of pleading that this statutory exception does not apply. G.H.I.I. v. MTS, Inc., 147 Cal.App.3d 256, 273, 195 Cal.Rptr. 211 (Ct.App.1983) (internal citation and quotation marks omitted) ("Where a party relies on a statute which contains a limitation in the clause creating and defining the liability, as here, such limitation must be negatived in the complaint"). Plaintiffs have pleaded facts that, if true, place the transaction outside the exception's plain terms and establish that Redbox uses the ZIP codes for marketing purposes. I therefore disagree that the district court's decision can be affirmed on this basis.
The majority does not rely for its holding on the basis on which the district court dismissed the action, namely, that the Song-Beverly Act does not apply to Redbox kiosk transactions. The majority avoids this issue for good reason, as I would reverse the dismissal of the action on that ground as well. Redbox kiosk transactions are more similar to pay-at-the-pump transactions, covered by the Act, than to online transactions, which are not covered. See Apple, Inc. v. Superior Court, 56 Cal.4th 128, 144, 151 Cal.Rptr.3d 841, 292 P.3d 883 (Cal.2013). Nor does the majority rely on another statutory exception, which allows for the collection of personal information when that information "is required for a special purpose incidental but related to the individual credit card transaction." Cal Civ.Code § 1747.08(b)(4). This exception cannot be the basis for dismissing the action because Plaintiffs pleaded that Redbox's sole purpose in obtaining the ZIP code is marketing, rendering the purpose unrelated to the credit card transaction.
I would reverse. Accordingly I dissent.
Cal. Civ.Code § 1747.08(a). We take no position as to whether Redbox's alleged conduct falls under any or all subsections of § 1747.08(a).
Cal. Civ.Code § 1747.08(c)(1).