*1041 Harrison Patterson O'Connor & Kinkead, James R. Patterson, Harry W. Harrison, Cary A. Kinkead; Lindsay & Stonebarger, Gene J. Stonebarger, James M. Lindsay and Richard D. Lambert for Plaintiff and Appellant.

Sheppard Mullin Richter & Hampton, Phillip Craig Cardon and Elizabeth S. Berman for Defendant and Respondent.

OPINION

BENKE, Acting P. J.—

In this consumer class action case the trial court found plaintiff's claims against a retailer for violation of provisions of the Song-Beverly Credit Card Act of 1971 (Song-Beverly; Civ. Code, § 1747 et seq.) were preempted by provisions of a federal statute, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (15 U.S.C. § 7701 et seq.) (CAN-SPAM). Accordingly, the trial court sustained the retailer's demurrer without leave to amend. We reverse.

The disputed provisions of Song-Beverly were added by the Legislature in 1990 and limit the information that may be requested of a consumer when the consumer uses a credit card to transact business. In particular, Song-Beverly prohibits businesses from requesting or requiring credit card customers to provide "personal identification information," such as their addresses and telephone numbers. In contrast, CAN-SPAM imposes disclosure and "opt-out" requirements on the senders of commercial electronic mail (e-mail) and restricts the manner in which such e-mail may be sent. In addition, by its terms CAN-SPAM). preempts any state law that "expressly regulates the use of electronic mail to send commercial messages." (15 U.S.C. § 7707(b)(1).) However, CAN-SPAM does not preempt state laws that "are not specific to electronic mail." (15 U.S.C. 7707(b)(2).) Because Song-Beverly's regulation of what may be asked of credit card customers is not a regulation of what can be sent in commercial e-mails and is not in any manner specific to e-mail, we conclude Song-Beverly is not preempted by CAN-SPAM.

PROCEDURAL HISTORY

On March 12, 2008, plaintiff and appellant Susan Catherine Powers filed a class action complaint against defendant and respondent Pottery Barn, Inc. (Pottery Barn). Powers alleged she visited a Pottery Barn store, selected an item to buy and, when she used her credit card to buy it, was asked to provide an e-mail address. Powers gave the sales clerk her e-mail address and saw the clerk enter the address into the store's electronic cash register. More *1042 generally, Powers alleged Pottery Barn made a practice of asking for personal identification information within the meaning of Song-Beverly and that this conduct, in addition to giving rise to a cause of action under Song-Beverly, gave rise to claims under the unfair competition law (Bus. & Prof. Code, § 17200 et seq.) (UCL) and for invasion of privacy.

Pottery Barn demurred to Powers's complaint. Pottery Barn alleged e-mails are not personal identification information within the meaning of Song-Beverly and that, in any event, regulation of the collection of e-mails is preempted by CAN-SPAM. Pottery Barn further alleged Song-Beverly was an unlawful limitation on its right to engage in commercial speech.

The trial court sustained the demurrer with leave to amend. The trial court determined e-mails are personal identification information within the scope of Song-Beverly, but that Powers's claims were nonetheless preempted by CAN-SPAM. The trial court gave Powers leave to allege that, aside from e-mails, Pottery Barn had collected other personal identification information. Powers was unable to make such an allegation and the trial court entered a judgment of dismissal. Powers filed a timely notice of appeal.

DISCUSSION

I

"On appeal from a judgment dismissing an action after sustaining a demurrer . . . the standard of review is well settled. The reviewing court gives the complaint a reasonable interpretation, and treats the demurrer as admitting all material facts properly pleaded. [Citations.] The court does not, however, assume the truth of contentions, deductions or conclusions of law. [Citation.] The judgment must be affirmed ``if any one of the several grounds of demurrer is well taken. [Citations.]' [Citation.] However, it is error for a trial court to sustain a demurrer when the plaintiff has stated a cause of action under any possible legal theory." (Aubry v. Tri-City Hospital Dist. (1992) 2 Cal.4th 962, 966-967 [9 Cal.Rptr.2d 92, 831 P.2d 317].) Where the plaintiff has been given an opportunity to amend, we presume the complaint states as strong a case as is possible. (Otworth v. Southern Pac. Transportation Co. (1985) 166 Cal.App.3d 452, 457 [212 Cal.Rptr. 743].)

II

(1) Song-Beverly was enacted in 1971. "The act ``imposes fair business practices for the protection of the consumers. "Such a law is remedial in nature and in the public interest [and] is to be liberally construed to the end *1043 of fostering its objectives."' [Citations.]" (Florez v. Linens 'N Things, Inc. (2003) 108 Cal.App.4th 447, 450 [133 Cal.Rptr.2d 465].)

The particular provisions of Song-Beverly in dispute here were added by the Legislature in 1990 as Assembly Bill No. 2920 (1989-1990 Reg. Sess.) and in pertinent part state: "(a) Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall do any of the following:

"(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.

"(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.

"(3) Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder.

"(b) For purposes of this section ``personal identification information,' means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." (Civ. Code, § 1747.08.)

In reviewing the legislative history of Assembly Bill No. 2920 (1989-1990 Reg. Sess.), the court in Florez v. Linens 'N Things, Inc., supra, 108 Cal.App.4th at page 452 stated: "Our inquiry begins with the California Assembly Committee on Finance and Insurance, Background Information Request on Assembly Bill No. 2920 (1989-1990 Reg. Sess.): ``AB 2920 seeks to protect the personal privacy of consumers who use credit cards to purchase goods or services by prohibiting retailers from requiring consumers to provide addresses, telephone numbers and other personal information that is unnecessary to complete the transaction and that the retailer does not need.' (Italics added.) In essence, the original enactment (Stats. 1990, ch. 999, § 1, pp. 4191-4192 [Assem. Bill No. 2920]) was a response to two principal privacy concerns. ``[F]irst, that with increased use of computer technology, very specific and personal information about a consumer's spending habits was being made available to anyone willing to pay for it; and second, that acts of harassment and violence were being committed by store clerks who obtained customers' phone numbers and addresses.'" (Fn. omitted.)

*1044 III

CAN-SPAM was enacted in 2003. Under CAN-SPAM the sender of any unsolicited "commercial electronic mail message" is subject to civil liability unless the e-mail contains a mechanism which permits the addressee to "opt-out" or unsubscribe from further e-mails, an accurate identification of the sender, an accurate subject line, a physical address of the sender and a warning label if the e-mail contains adult content. (15 U.S.C. § 7704.) CAN-SPAM also makes it a crime to send e-mail through a computer without the permission of the owner of the computer ("open-relay") or place false information in the e-mail header. (18 U.S.C. § 1037(a)(1), (3).)

In enacting CAN-SPAM, Congress expressly found: "The convenience and efficiency of electronic mail are threatened by the extremely rapid growth in the volume of unsolicited commercial electronic mail. Unsolicited commercial electronic mail is currently estimated to account for over half of all electronic mail traffic, up from an estimated 7 percent in 2001, and the volume continues to rise. Most of these messages are fraudulent or deceptive in one or more respects." (15 U.S.C. § 7701(a)(2).) However, Congress also found: "Many States have enacted legislation intended to regulate or reduce unsolicited commercial electronic mail, but these statutes impose different standards and requirements. As a result, they do not appear to have been successful in addressing the problems associated with unsolicited commercial electronic mail, in part because, since an electronic mail address does not specify a geographic location, it can be extremely difficult for law-abiding businesses to know with which of these disparate statutes they are required to comply." (15 U.S.C. § 7701(a)(11).)

In light of its findings, Congress expressly provided that CAN-SPAM preempts state anti-spam laws: "This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto." (15 U.S.C. § 7707(b)(1).) Importantly, Congress also expressly limited the preemptive impact of CAN-SPAM: "This chapter shall not be construed to preempt the applicability of—[¶] (A) State laws that are not specific to electronic mail, including State trespass, contract, or tort law; or [¶] (B) other State laws to the extent that those laws relate to acts of fraud or computer crime." (15 U.S.C. § 7707(b)(2).)

*1045 IV

(2) CAN-SPAM cannot be interpreted as preempting application of Song-Beverly to Pottery Barn's collection of e-mail addresses from its credit card customers. Song-Beverly does not expressly regulate any Internet activity, let alone use of "electronic mail to send commercial messages." (See 15 U.S.C. § 7707(b)(1).) Rather, as we have discussed, Song-Beverly only governs the information businesses may collect in the course of transacting business with credit card users. Thus Song-Beverly does not fall within the scope of CAN-SPAM's express preemption provisions. Importantly, CAN-SPAM does not permit us to find any implied preemption here. CAN-SPAM not only has a carefully limited express preemption provision, but it also expressly excludes preemption of any state laws, such as Song-Beverly, which "are not specific to electronic mail."

Contrary to Pottery Barn's argument, nothing in Facebook, Inc. v. ConnectU LLC (2007) 489 F.Supp.2d 1087, 1093-1094 (Facebook), expands CAN-SPAM preemption to cover state laws which do not expressly and specifically regulate e-mail. In Facebook the plaintiff made a claim under two California anti-spam statutes, Business and Professions Code sections 17529.4 and 17538.45. Business and Professions Code section 17529.4^[2] expressly prevents businesses from electronically collecting e-mail addresses from the *1046 Internet for the purpose of sending unsolicited e-mail to the collected addresses; Business and Professions Code section 17538.45^[3] prevents the unauthorized use of e-mail servers located in this state to send unsolicited e-mails. Although Business and Professions Code section 17529.4 may be violated by collecting e-mail addresses with only the intent to send unsolicited e-mails and without actual distribution of any e-mails, the court in Facebook nonetheless properly concluded that it, as well as Business and Professions Code section 17538.45, regulate "``the use of electronic mail to send commercial messages.'" (Facebook, supra, 489 F.Supp.2d at pp. 1093-1094.)

*1047 (3) The express and specific e-mail regulations considered in Facebook are readily distinguishable from Song-Beverly, which does not directly regulate the use of e-mails or the Internet, but instead protects the privacy of consumers when they use credit cards to transact business. (See Florez v. Linens 'N Things, Inc., supra, 108 Cal.App.4th at p. 452.) Song-Beverly's impact on a business's use of e-mail is only an incident of the statute's regulation of such credit card transactions. By its terms CAN-SPAM does not preempt state statutes which are not specific to e-mail and have only such incidental impact on e-mail use. (15 U.S.C. § 7707(b)(2).)

In sum, the trial court erred in sustaining Pottery Barn's demurrer on the grounds Powers's Song-Beverly claims are preempted by CAN-SPAM.

V, VI^[*]

*1048 DISPOSITION

Judgment reversed. Appellant to recover her costs of appeal.

Huffman, J., and McIntyre, J., concurred.

NOTES

[1] Pursuant to California Rules of Court, rule 8.1110, this opinion is certified for publication with the exception of parts V and VI of the Discussion.

[2] Business and Professions Code section 17529.4 provides: "(a) It is unlawful for any person or entity to collect electronic mail addresses posted on the Internet if the purpose of the collection is for the electronic mail addresses to be used to do either of the following:

"(1) Initiate or advertise in an unsolicited commercial e-mail advertisement from California, or advertise in an unsolicited commercial e-mail advertisement sent from California.

"(2) Initiate or advertise in an unsolicited commercial e-mail advertisement to a California electronic mail address, or advertise in an unsolicited commercial e-mail advertisement sent to California electronic mail address.

"(b) It is unlawful for any person or entity to use an electronic mail address obtained by using automated means based on a combination of names, letters, or numbers to do either of the following:

"(1) Initiate or advertise in an unsolicited commercial e-mail advertisement from California, or advertise in an unsolicited commercial e-mail advertisement sent from California.

"(2) Initiate or advertise in an unsolicited commercial e-mail advertisement to a California electronic mail address, or advertise in an unsolicited commercial e-mail advertisement sent to a California electronic mail address.

"(c) It is unlawful for any person to use scripts or other automated means to register for multiple electronic mail accounts from which to do, or to enable another person to do, either of the following:

"(1) Initiate or advertise in an unsolicited commercial e-mail advertisement from California, or advertise in an unsolicited commercial e-mail advertisement sent from California.

"(2) Initiate or advertise in an unsolicited commercial e-mail advertisement to a California electronic mail address, or advertise in an unsolicited commercial e-mail advertisement sent to a California electronic mail address."

[3] Business & Professions Code section 17538.45 provides: "(a) For purposes of this section, the following words have the following meanings:

"(1) ``Electronic mail advertisement' means any electronic mail message, the principal purpose of which is to promote, directly or indirectly, the sale or other distribution of goods or services to the recipient.

"(2) ``Unsolicited electronic mail advertisement' means any electronic mail advertisement that meets both of the following requirements:

"(A) It is addressed to a recipient with whom the initiator does not have an existing business or personal relationship.

"(B) It is not sent at the request of or with the express consent of the recipient.

"(3) ``Electronic mail service provider' means any business or organization qualified to do business in California that provides registered users the ability to send or receive electronic mail through equipment located in this state and that is an intermediary in sending or receiving electronic mail.

"(4) ``Initiation' of an unsolicited electronic mail advertisement refers to the action by the initial sender of the electronic mail advertisement. It does not refer to the actions of any intervening electronic mail service provider that may handle or retransmit the electronic message.

"(5) ``Registered user' means any individual, corporation, or other entity that maintains an electronic mail address with an electronic mail service provider.

"(b) No registered user of an electronic mail service provider shall use or cause to be used that electronic mail service provider's equipment located in this state in violation of that electronic mail service provider's policy prohibiting or restricting the use of its service or equipment for the initiation of unsolicited electronic mail advertisements.

"(c) No individual, corporation, or other entity shall use or cause to be used, by initiating an unsolicited electronic mail advertisement, an electronic mail service provider's equipment located in this state in violation of that electronic mail service provider's policy prohibiting or restricting the use of its equipment to deliver unsolicited electronic mail advertisements to its registered users.

"(d) An electronic mail service provider shall not be required to create a policy prohibiting or restricting the use of its equipment for the initiation or delivery of unsolicited electronic mail advertisements.

"(e) Nothing in this section shall be construed to limit or restrict the rights of an electronic mail service provider under Section 230(c)(1) of Title 47 of the United States Code, any decision of an electronic mail service provider to permit or to restrict access to or use of its system, or any exercise of its editorial function.

"(f)(1) In addition to any other action available under law, any electronic mail service provider whose policy on unsolicited electronic mail advertisements is violated as provided in this section may bring a civil action to recover the actual monetary loss suffered by that provider by reason of that violation, or liquidated damages of fifty dollars ($50) for each electronic mail message initiated or delivered in violation of this section, up to a maximum of twenty-five thousand dollars ($25,000) per day, whichever amount is greater.

"(2) In any action brought pursuant to paragraph (1), the court may award reasonable attorney's fees to a prevailing party.

"(3)(A) In any action brought pursuant to paragraph (1), the electronic mail service provider shall be required to establish as an element of its cause of action that prior to the alleged violation, the defendant had actual notice of both of the following:

"(i) The electronic mail service provider's policy on unsolicited electronic mail advertising.

"(ii) The fact that the defendant's unsolicited electronic mail advertisements would use or cause to be used the electronic mail service provider's equipment located in this state.

"(B) In this regard, the Legislature finds that with rapid advances in Internet technology, and electronic mail technology in particular, Internet service providers are already experimenting with embedding policy statements directly into the software running on the computers used to provide electronic mail services in a manner that displays the policy statements every time an electronic mail delivery is requested. While the state of the technology does not support this finding at present, the Legislature believes that, in a given case at some future date, a showing that notice was supplied via electronic means between the sending and receiving computers could be held to constitute actual notice to the sender for purposes of this paragraph.

"(4)(A) An electronic mail service provider who has brought an action against a party for a violation under Section 17529.8 shall not bring an action against that party under this section for the same unsolicited commercial electronic mail advertisement.

"(B) An electronic mail service provider who has brought an action against a party for a violation of this section shall not bring an action against that party under Section 17529.8 for the same unsolicited commercial electronic mail advertisement."

[*] See footnote, ante, page 1039.