District Court Declines to Find Implied Contract to Adhere to Payment Industry Standards

Credit Cards

On November 20, the U.S. District Court for the Northern District of California dismissed a putative class action that claimed, among other allegations, that Google violated an implied contract to handle certain users’ credit card information in accordance with the Payment Card Industry Security Standards.  Frezza v. Google, Inc., Case No. 12-CV-00237-RMW, 2012 WL 5877587 (N.D. Ca. Nov. 20, 2012). The named plaintiffs alleged that they submitted credit card information when they bought Google Tags, which display advertisements in search results as part of a promotion. The plaintiffs claim that entering their credit card information into Google’s billing system established an implied contract requiring that Google handle such information responsibly, which the plaintiffs allege is in accordance with the Data Security Standards promulgated by the Payment Card Industry Security Standards Council. The court found that Google did not make any indication that it adopted the DSS recommendations when dealing with plaintiffs, and that Google had not violated any implied contract to handle its customers’ credit card information responsibly when it retained credit card data after the plaintiffs cancelled their subscriptions to Google Tags. The court also dismissed the plaintiffs’ breach of contract claims and other claims made under California statutes.