Class action lawsuit claims Apple illegally collected, sold consumer ID information

“A new Class Action lawsuit has been filed against Apple in Boston, Massachusetts by Plaintiffs Adam Christensen, Jeffrey Scolnick, and William Farrell individually and on behalf of all others similarly situated,” Jack Purcher reports for Patently Apple. “The lawsuit revolves around Apple demanding the collection of Personal Identification Information (PII) in order to conclude a sale which is against Massachusetts law. In addition, the lawsuit alleges that Apple illegally sells consumer’s PII without compensating them for it.”

“To consummate each purchase, Plaintiffs elected to use their credit card as their chosen form of payment,” Purcher reports. “As a condition of using their credit cards, Plaintiffs were required by Apple to enter personal identification information associated with the credit card, including their full and complete zip codes. Apple would not allow Plaintiff to complete their purchases without supplying such information. Apple is not required by credit card issuers to require this information from consumers.”

Purcher reports, “According to the formal complaint before the court, “Apple’s website states that Apple sells consumers’ PII – including Plaintiffs and the Class’ PII – to third-parties for profi: ‘At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers.'”

Read more in the full article here.

38 Comments

  1. Ambulance chasing at its finest.

    Apple has been very clear in documenting use of PII to its customers. Nothing like a little greenmail shakedown.

    What I love is that when slime balls like the three plaintiffs named in the article file a suit, it’s all over the media, especially Business Insider. But if such a case is summarily tossed out on lack of grounds, the same drive-by, click-whoring media would never give it mention.

    Go figure.

      1. We’ll hear the end when the case is tossed out of court.

        I don’t see any damages here, as The Roving Skeptic pointed out. I don’t see any deception. It could come down to the incompatibility of Apple’s stated protocol vs Massachusetts law, and I am betting that the law does not fit the situation.

        IOW: Another attempt at suckage of money from the biggest company on the planet. Easy target shot at with a crooked arrow.

    1. Absolutely ambulance chasing.

      However…if I read this right, Apple DID break the law in MA.

      So, the case has precedent.

      The question is what the law states as damages and if it requires malicious intent. Dunno.

      Apple could make MA customers less secure. That’s the choice of MA.

      If the CC transaction fails, then it fails. The postal code could be optional.

  2. Interesting, here in Ohio many gas pumps require you to enter your zip code when paying with a credit card. They say it is to validate that you are the owner of the card as a thief would probably not know where you live. I’m not sure how I am damaged by any company having this very generic information about me and I question the damages portion of the suit.

    I am also unclear as to what proof the plaintiffs have about Apple selling the information for profit. The section of the privacy policy talks about sharing information with third party partners for the purpose of providing services to the customer. or for direct advertising it does not describe wholesale distribution of the information and never mentions Apple receiving compensation. Heck, I don’t think anybody would buy a list of names and zip codes with only the additional information of knowing they bought something at an Apple Store.

    1. The more information provided to the credit company brings the per transaction cost down for the retailer. You have the credit card number, the zip code, followed by the three digit Security Code on he back. That is pretty much the proof of life the companies want.

    2. Good point dab.

      In reality, a retailer cannot ask for ID for a credit card purchase (in general) because of the agreement with the credit card company.

      Retailers are not allowed to ask for ID. Why haven’t they sued the local grocery, WalMart, Sears , etc.?

      1. It is true that a merchant can’t ask for ID, but with an exception. If your card is not signed, they are required to ask for ID, or else refuse the transaction. Further, the merchant is supposed to actually watch you sign your own card, if I remember my merchant agreement correctly, but I know I never went that far.

        1. True enough. I would imagine the lawsuit is moot on those grounds. Every retailer in the world ask for ID in violation of their agreements.

          Case closed.

          By the way, whenever I use a credit card, I remind the persons that the agreement with the card company prohibits them asking for identification.

    3. Asa merchant who takes a credit card over the phone, we ARE required to get the zip code and over a certain amount the billing address of the card holder to complete the transaction and validate the card or it will be declined. There is no other way to assure the caller is the card holder. The zip code is required by the processing pad to complete the transaction if the card keyed in and is not swiped.

      I could swear I’ve seen at least one of these plaintiff’s in another class-action lawsuit against Apple.

  3. I have often called Apple to resolve an issue with malfunctioning parts, eg. battery life on my MBP. Often they’ll look at my case number and match that against my Apple ID that I used to originally purchase the device or register the complaint. I’ve never known them to misuse the information. On the contrary, they’ve always been a great help in assisting me to resolve the problem.

    For example they replaced my out of warranty MBP battery because the performance degradation was outside normally acceptable bounds based on age & number of charge cycles.

    I have always supported Apple because of their solid after sales support and preservation of data security. They have nothing to gain by exploiting that data and 95% of their sales revenue is from selling hardware and pleasing customers in the process.

  4. I cannot think of a single online retailer that would allow me to place an order without my zip code. This week alone I have ordered from two retailers, both required my full mailing address as it appears on my credit card statement. To single out Apple in this respect is bizarre. As for selling information, again this is a standard practice for all retailers do that so why is Apple being singled out? Hint: money.

    1. Are those retailers in Massachusetts? Or are you in MA?

      If not, then your argument may not apply.

      Does Apple have a corporate registration in MA? If not, then how would the case in this story even apply?

  5. The DOJ will pounce on this and hire the Judges cousins brother of a sister three times removed adopted from a fertilized egg of unknown origin and has zero experience, not even a lawyer but a pet sitter.

      1. It’s super satire suggested by the fact that Judge Cote hired a pal of her’s to surveil Apple at the end of the book ‘price fixing’ DOJ directed court case, aka ‘good old boy’ politics, also called NEPOTISM. In the Cote case, her pal has NO experience performing the work for which she hired him. Therefore, he had to hire someone else to assist him. IOW: Total Insanity, much like Jubei’s comment.

  6. The law only applies to situations where you present the credit card in person. If the card is physically scanned or compression rolled, the retailer does not or can not record additional ID information. They may ask to see your ID to be sure it matches the information that is pulled from the card. However at many or most gas stations, they ask for your zip code, at the pump. For ATM you are only asked for a pin.

    Look, at the minimum, any retailer already has your card number, name and signature.

    I have never EVER seen an online retailer not ask for my name or address when using a credit card to make a purchase. Additionally they will in many cases only ship to addresses that matches what is used to verify the credit card.

    As far as selling this personal information, it’s certainly not from collecting the credit card info. It may be from a different screen. I always uncheck the box that agrees to this.

    This guy is smoking crack, and is looking for a hand out. For selling to third parties, he most likely won’t be able to prove his case.

  7. Guys, here is a quote “Because the state prohibits the collection of “personal identification information” by retailers for marketing purposes, the court held.”

    http://blogs.findlaw.com/free_enterprise/2013/04/is-it-legal-to-ask-for-customer-zip-codes.html

    So, the plaintiff will be required to prove that Apple uses zip codes to find potential customers in its marketing campaigns.

    Good luck!!

    Anyone know if Apple does this?

    Seems like a stupid case.

  8. I have my own domain name and when I need to supply an email address to a company, I create s prefix that is unique to that company. For instance Apple might be told its Appl@MyDomain.com

    If that email address is used for spam or third-party marketing purposes, I know exactly who sold my data. The unique address also makes it easier to filter out such mail if they persist in sending it.

    So far Apple has not used the address I gave them for anything other than Apple related purposes.

  9. Seems to me that if Apple can find 10 gas stations in MA that require you to enter your ZIP code when you buy gas at the pump with a credit card that they could get this dismissed by using the claim that the ZIP code does not constitute PII within the meaning of the law, but simply verification of ownership of the card, in the same way as a PIN number (albeit less secure).

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.